EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 631:

  _____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

  A. Canonicalization
  B. Character Mapping
  C. Character Encoding D. UCS transformation formats
  A. Canonicalization

  ---

  Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a "standard" canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.

• Question 632:

  Bob is conducting a password assessment for one of his clients. Bob suspects that password policies are not in place and weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weakness and key loggers. What are the means that Bob can use to get password from his client hosts and servers?

  A. Hardware, Software and Sniffing
  B. Hardware and Software Keyloggers
  C. Software only, they are the most effective
  D. Passwords are always best obtained using Hardware key loggers
  A. Hardware, Software and Sniffing

  ---

  All loggers will work as long as he has physical access to the computers.

• Question 633:

  Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

  A. Information Audit Policy (IAP)
  B. Information Security Policy (ISP)
  C. Penetration Testing Policy (PTP)
  D. Company Compliance Policy (CCP)
  B. Information Security Policy (ISP)

• Question 634:

  Your are trying the scan a machine located at ABC company's LAN named mail.abc.com. Actually that machine located behind the firewall. Which port is used by nmap to send the TCP synchronize frame to on mail.abc.com?

  A. 443
  B. 80
  C. 8080
  D. 23
  A. 443

• Question 635:

  Jim is having no luck performing a penetration test in company's network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.

  Why is Jim having these problems?

  A. Security scanners are not designed to do testing through a firewall.
  B. Security scanners cannot perform vulnerability linkage.
  C. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
  D. All of the above.
  D. All of the above.

  ---

  The Security scanners available online are often to "outdated" to perform a live pentest against a victim.

• Question 636:

  One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived.

  A. Factorization
  B. Prime Detection
  C. Hashing
  D. Brute-forcing
  A. Factorization

  ---

  In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge

• Question 637:

  Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that can't be easily guessed but there remain people who attempt to compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed?

  A. The attacker guessed the new name
  B. The attacker used the user2sid program
  C. The attacker used to sid2user program
  D. The attacker used NMAP with the V option
  C. The attacker used to sid2user program

  ---

  User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection.

• Question 638:

  A Buffer Overflow attack involves:

  A. Using a trojan program to direct data traffic to the target host's memory stack
  B. Flooding the target network buffers with data traffic to reduce the bandwidth available to legitimate users
  C. Using a dictionary to crack password buffers by guessing user names and passwords
  D. Poorly written software that allows an attacker to execute arbitrary code on a target system
  D. Poorly written software that allows an attacker to execute arbitrary code on a target system

  ---

  B is a denial of service. By flooding the data buffer in an application with trash you could get access to write in the code segment in the application and that way insert your own code.

• Question 639:

  What ICMP message types are used by the ping command?

  A. Timestamp request (13) and timestamp reply (14)
  B. Echo request (8) and Echo reply (0)
  C. Echo request (0) and Echo reply (1)
  D. Ping request (1) and Ping reply (2)
  B. Echo request (8) and Echo reply (0)

  ---

  ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo

• Question 640:

  Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea with her friends. These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula decides to hack into the parent company's computers and destroy critical data knowing fully well that, if caught, she probably would be sent to jail for a very long time. What would Ursula be considered?

  A. Ursula would be considered a gray hat since she is performing an act against illegal activities.
  B. She would be considered a suicide hacker.
  C. She would be called a cracker.
  D. Ursula would be considered a black hat.
  B. She would be considered a suicide hacker.