EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 591:

  What does a type 3 code 13 represent?(Choose two.

  A. Echo request
  B. Destination unreachable
  C. Network unreachable
  D. Administratively prohibited
  E. Port unreachable
  F. Time exceeded
  B. Destination unreachable
  D. Administratively prohibited

  ---

  Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port.

• Question 592:

  You have installed antivirus software and you want to be sure that your AV signatures are working correctly. You don't want to risk the deliberate introduction of a live virus to test the AV software. You would like to write a harmless test virus, which is based on the European Institute for Computer Antivirus Research format that can be detected by the AV software.

  How should you proceed?

  A. Type the following code in notepad and save the file as SAMPLEVIRUS.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it.X5O!P %@AP[4\PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARDANTIVIRUS-TEST-FILE!$H+H*
  B. Type the following code in notepad and save the file as AVFILE.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it.X5O!P %@AP[4\PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TESTFILE!$H+H*
  C. Type the following code in notepad and save the file as TESTAV.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it.X5O!P %@AP[4\PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUSTEST-FILE!$H+H*
  D. Type the following code in notepad and save the file as EICAR.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it.X5O!P %@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H*
  D. Type the following code in notepad and save the file as EICAR.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it.X5O!P %@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TESTFILE!$H+H*

  ---

  The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.

• Question 593:

  Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

  For /f "tokens=1 %%a in (hackfile.txt) do net use * \\10.1.2.3\c$ /user:"Administrator" %%a What is Eve trying to do?

  A. Eve is trying to connect as an user with Administrator privileges
  B. Eve is trying to enumerate all users with Administrative privileges
  C. Eve is trying to carry out a password crack for user Administrator
  D. Eve is trying to escalate privilege of the null user to that of Administrator
  C. Eve is trying to carry out a password crack for user Administrator

  ---

  Eve tries to get a successful login using the username Administrator and passwords from the file hackfile.txt.

• Question 594:

  Which of the following best describes Vulnerability?

  A. The loss potential of a threat
  B. An action or event that might prejudice security
  C. An agent that could take advantage of a weakness
  D. A weakness or error that can lead to compromise
  D. A weakness or error that can lead to compromise

  ---

  A vulnerability is a flaw or weakness in system security procedures, design or implementation that could be exercised (accidentally triggered or intentionally exploited) and result in a harm to an IT system or activity.

• Question 595:

  Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords. (Choose all that apply.

  A. Linux passwords can be encrypted with MD5
  B. Linux passwords can be encrypted with SHA
  C. Linux passwords can be encrypted with DES
  D. Linux passwords can be encrypted with Blowfish
  E. Linux passwords are encrypted with asymmetric algrothims
  A. Linux passwords can be encrypted with MD5
  C. Linux passwords can be encrypted with DES
  D. Linux passwords can be encrypted with Blowfish

  ---

  Linux passwords are enrcypted using MD5, DES, and the NEW addition Blowfish. The default on most linux systems is dependant on the distribution, RedHat uses MD5, while slackware uses DES. The blowfish option is there for those who wish to use it. The encryption algorithm in use can be determined by authconfig on RedHat-based systems, or by reviewing one of two locations, on PAM- based systems (Pluggable Authentication Module) it can be found in /etc/pam.d/, the system-auth file or authconfig files. In other systems it can be found in /etc/security/ directory.

• Question 596:

  You are configuring the security options of your mail server and you would like to block certain file attachments to prevent viruses and malware from entering the users inbox.

  Which of the following file formats will you block?

  (Select up to 6)

  A. .txt
  B. .vbs
  C. .pif
  D. .jpg
  E. .gif
  F. .com
  G. .htm
  H. .rar
  I. .scr
  J. .exe
  B. .vbs
  C. .pif
  E. .gif
  F. .com
  I. .scr
  J. .exe

  ---

  http://office.microsoft.com/en-us/outlook/HP030850041033.aspx

• Question 597:

  Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would line to tunnel the information to the remote end but does not have VPN capabilities to do so.

  Which of the following tools can she use to protect the link?

  A. MD5
  B. SSH
  C. RSA
  D. PGP
  B. SSH

  ---

  Port forwarding, or tunneling, is a way to forward otherwise insecure TCP traffic through SSH Secure Shell. You can secure for example POP3, SMTP and HTTP connections that would otherwise be insecure.

• Question 598:

  If you send a SYN to an open port, what is the correct response?(Choose all correct answers.

  A. SYN
  B. ACK
  C. FIN
  D. PSH
  A. SYN
  B. ACK

  ---

  The proper response is a SYN / ACK. This technique is also known as half-open scanning.

• Question 599:

  Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

  

  In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

  A. Switch then acts as hub by broadcasting packets to all machines on the network
  B. The CAM overflow table will cause the switch to crash causing Denial of Service
  C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
  D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port
  A. Switch then acts as hub by broadcasting packets to all machines on the network

• Question 600:

  Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized.

  What type of technique might be used by these offenders to access the Internet without restriction?

  A. They are using UDP which is always authorized at the firewall.
  B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended.
  C. They have been able to compromise the firewall, modify the rules, and give themselves proper access.
  D. They are using an older version of Internet Explorer that allows them to bypass the proxy server.
  B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended.

  ---

  This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.