EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 641:

  Which type of sniffing technique is generally referred as MiTM attack?

  

  A. Password Sniffing
  B. ARP Poisoning
  C. Mac Flooding
  D. DHCP Sniffing
  C. Mac Flooding

• Question 642:

  Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

  Choose the attack type from the choices given below.

  A. Database Fingerprinting
  B. Database Enumeration
  C. SQL Fingerprinting
  D. SQL Enumeration
  A. Database Fingerprinting

  ---

  He is trying to create a view of the characteristics of the target database, he is taking it's fingerprints.

• Question 643:

  Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply)

  A. 802.11b
  B. 802.11e
  C. 802.11a
  D. 802.11g
  E. 802.11
  A. 802.11b
  C. 802.11a
  D. 802.11g

  ---

  If you check the website, cards for all three (A, B, G) are supported. See: http://www.stumbler.net/

• Question 644:

  Which of the following is not an effective countermeasure against replay attacks?

  A. Digital signatures
  B. Time Stamps
  C. System identification
  D. Sequence numbers
  C. System identification

  ---

  A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)

• Question 645:

  LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP?

  A. Stop the LM service in Windows XP
  B. Disable LSASS service in Windows XP
  C. Disable LM authentication in the registry
  D. Download and install LMSHUT.EXE tool from Microsoft website
  C. Disable LM authentication in the registry

  ---

  http://support.microsoft.com/kb/299656

• Question 646:

  Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage. How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?

  A. Ensure all files have at least a 755 or more restrictive permissions.
  B. Configure rules using ipchains.
  C. Configure and enable portsentry on his server.
  D. Install an intrusion detection system on her computer such as Snort.
  B. Configure rules using ipchains.

  ---

  ipchains is a free software based firewall for Linux. It is a rewrite of Linux's previous IPv4 firewalling code, ipfwadm. In Linux 2.2, ipchains is required to administer the IP packet filters. ipchains was written because the older IPv4 firewall code used in Linux 2.0 did not work with IP fragments and didn't allow for specification of protocols other than TCP, UDP, and ICMP.

• Question 647:

  StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks.

  A. Canary
  B. Hex editing
  C. Format checking
  D. Non-executing stack
  A. Canary

  ---

  Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.

• Question 648:

  LAN Manager passwords are concatenated to 14 bytes and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:

  A. 0xAAD3B435B51404EE
  B. 0xAAD3B435B51404AA
  C. 0xAAD3B435B51404BB
  D. 0xAAD3B435B51404CC
  A. 0xAAD3B435B51404EE

  ---

  A problem with LM stems from the total lack of salting or cipher block chaining in the hashing process. To hash a password the first 7 bytes of it are transformed into an 8 byte odd parity DES key. This key is used to encrypt the 8 byte string "KGS!@". Same thing happens with the second part of the password. This lack of salting creates two interesting consequences. Obviously this means the password is always stored in the same way, and just begs for a typical lookup table attack. The other consequence is that it is easy to tell if a password is bigger than 7 bytes in size. If not, the last 7 bytes will all be null and will result in a constant DES hash of 0xAAD3B435B51404EE.

• Question 649:

  What type of cookies can be generated while visiting different web sites on the Internet?

  A. Permanent and long term cookies.
  B. Session and permanent cookies.
  C. Session and external cookies.
  D. Cookies are all the same, there is no such thing as different type of cookies.
  B. Session and permanent cookies.

  ---

  There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser.

• Question 650:

  What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

  A. Encryption of agent communications will conceal the presence of the agents
  B. The monitor will know if counterfeit messages are being generated because they will not be encrypted
  C. Alerts are sent to the monitor when a potential intrusion is detected
  D. An intruder could intercept and delete data or alerts and the intrusion can go undetected
  B. The monitor will know if counterfeit messages are being generated because they will not be encrypted