EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 591:

  To see how some of the hosts on your network react, Winston sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established he sends RST packets to those hosts to stop the session. Winston has done this to see how his intrusion detection system will log the traffic. What type of scan is Winston attempting here?

  A. Winston is attempting to find live hosts on your company's network by using an XMAS scan.

  B. He is utilizing a SYN scan to find live hosts that are listening on your network.

  C. This type of scan he is using is called a NULL scan.

  D. He is using a half-open scan to find live hosts on your network.

  Correct Answer: D

• Question 592:

  What type of attack is shown here?

  

  A. Bandwidth exhaust Attack

  B. Denial of Service Attack

  C. Cluster Service Attack

  D. Distributed Denial of Service Attack

  Correct Answer: B

• Question 593:

  Joseph has just been hired on to a contractor company of the Department of Defense as their Senior Security Analyst. Joseph has been instructed on the company's strict security policies that have been implemented, and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph's supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number. Joseph's company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication?

  A. Biometric device

  B. OTP

  C. Proximity cards

  D. Security token

  Correct Answer: D

• Question 594:

  In which step Steganography fits in CEH System Hacking Cycle (SHC)

  A. Step 2: Crack the password

  B. Step 1: Enumerate users

  C. Step 3: Escalate privileges

  D. Step 4: Execute applications

  E. Step 5: Hide files

  F. Step 6: Cover your tracks

  Correct Answer: ACDEF

• Question 595:

  Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist's computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software?

  A. Steganography

  B. Wrapping

  C. ADS

  D. Hidden Channels

  Correct Answer: A

• Question 596:

  This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

  See foobar

  What is this attack?

  A. Cross-site-scripting attack

  B. SQL Injection

  C. URL Traversal attack

  D. Buffer Overflow attack

  Correct Answer: A

• Question 597:

  You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

  A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

  B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

  C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots"

  D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

  Correct Answer: B

• Question 598:

  You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain. What is Peter Smith talking about?

  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

  B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

  C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

  D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

  Correct Answer: A

• Question 599:

  Which type of sniffing technique is generally referred as MiTM attack?

  

  A. Password Sniffing

  B. ARP Poisoning

  C. Mac Flooding

  D. DHCP Sniffing

  Correct Answer: C

• Question 600:

  Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

  

  In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

  A. Switch then acts as hub by broadcasting packets to all machines on the network

  B. The CAM overflow table will cause the switch to crash causing Denial of Service

  C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

  D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

  Correct Answer: A