EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 541:

  A Successfully Attack by a malicious hacker can divide into five phases, Match the order:

  Select and Place:

  

  

• Question 542:

  John wishes to install a new application onto his Windows 2000 server. He wants to ensure that any application he uses has not been Trojaned. What can he do to help ensure this?

  A. Compare the file's MD5 signature with the one published on the distribution media
  B. Obtain the application via SSL
  C. Compare the file's virus signature with the one published on the distribution media
  D. Obtain the application from a CD-ROM disc
  A. Compare the file's MD5 signature with the one published on the distribution media

  ---

  MD5 was developed by Professor Ronald L. Rivest of MIT. What it does, to quote the executive summary of rfc1321, is:

  [The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same

  message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being

  encrypted with a private (secret) key under a public-key cryptosystem such as RSA. In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.

• Question 543:

  Take a look at the following attack on a Web Server using obstructed URL: http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f %70%61%73%73%77%64

  The request is made up of:

  How would you protect information systems from these attacks?

  A. Configure Web Server to deny requests involving Unicode characters.
  B. Create rules in IDS to alert on strange Unicode requests.
  C. Use SSL authentication on Web Servers.
  D. Enable Active Scripts Detection at the firewall and routers.
  B. Create rules in IDS to alert on strange Unicode requests.

  ---

  This is a typical Unicode attack. By configuring your IDS to trigger on strange Unicode requests you can protect your web-server from this type of attacks.

• Question 544:

  A file integrity program such as Tripwire protects against Trojan horse attacks by:

  A. Automatically deleting Trojan horse programs
  B. Rejecting packets generated by Trojan horse programs
  C. Using programming hooks to inform the kernel of Trojan horse behavior
  D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse
  D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse

  ---

  Tripwire generates a database of the most common files and directories on your system. Once it is generated, you can then check the current state of your system against the original database and get a report of all the files that have been modified, deleted or added. This comes in handy if you allow other people access to your machine and even if you don't, if someone else does get access, you'll know if they tried to modify files such as /bin/login etc.

• Question 545:

  In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building's center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.

  Which of the following statements is true?

  A. With the 300 feet limit of a wireless signal, Ulf's network is safe.
  B. Wireless signals can be detected from miles away, Ulf's network is not safe.
  C. Ulf's network will be safe but only of he doesn't switch to 802.11a.
  D. Ulf's network will not be safe until he also enables WEP.
  D. Ulf's network will not be safe until he also enables WEP.

• Question 546:

  This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive tasks for an IDS to reassemble all fragments itself and on a busy system the packet will slip through the IDS onto the network.

  What is this technique called?

  A. IP Fragmentation or Session Splicing
  B. IP Routing or Packet Dropping
  C. IDS Spoofing or Session Assembly
  D. IP Splicing or Packet Reassembly
  A. IP Fragmentation or Session Splicing

  ---

  The basic premise behind session splicing, or IP Fragmentation, is to deliver the payload over multiple packets thus defeating simple pattern matching without session reconstruction. This payload can be delivered in many different manners and even spread out over a long period of time. Currently, Whisker and Nessus have session splicing capabilities, and other tools exist in the wild.

• Question 547:

  A very useful resource for passively gathering information about a target company is:

  A. Host scanning
  B. Whois search
  C. Traceroute
  D. Ping sweep
  B. Whois search

  ---

  A, C and D are "Active" scans, the question says: "Passively"

• Question 548:

  Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to [email protected]". What do you think has occurred?

  A. The web application picked up a record at random
  B. The web application returned the first record it found
  C. The server error has caused the application to malfunction
  D. The web application emailed the administrator about the error
  B. The web application returned the first record it found

  ---

  The web application sends a query to an SQL database and by giving it the criteria 1=1, which always will be true, it will return the first value it finds.

• Question 549:

  Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP.

  Which of these are true about WEP?

  Select the best answer.

  A. Stands for Wireless Encryption Protocol
  B. It makes a WLAN as secure as a LAN
  C. Stands for Wired Equivalent Privacy
  D. It offers end to end security
  C. Stands for Wired Equivalent Privacy

  ---

  WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired, this makes access much easier. Also, WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network.

• Question 550:

  Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?

  A. System integrity verification tools
  B. Anti-Virus Software
  C. A properly configured gateway
  D. There is no way of finding out until a new updated signature file is released
  A. System integrity verification tools

  ---

  Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.