EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50 Online Questions & Answers

• Question 661:

  Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports?

  A. SMB
  B. FTP
  C. SAMBA
  D. FINGER
  A. SMB

  ---

  Port 135 is for RPC and 136-139 is for NetBIOS traffic. SMB is an upper layer service that runs on top of the Session Service and the Datagram service of NetBIOS.

• Question 662:

  What type of Virus is shown here?

  

  A. Macro Virus
  B. Cavity Virus
  C. Boot Sector Virus
  D. Metamorphic Virus
  E. Sparse Infector Virus
  B. Cavity Virus

• Question 663:

  Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?

  A. A sniffing attack
  B. A spoofing attack
  C. A man in the middle attack
  D. A denial of service attack
  C. A man in the middle attack

  ---

  A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.

• Question 664:

  This kind of password cracking method uses word lists in combination with numbers and special characters:

  A. Hybrid
  B. Linear
  C. Symmetric
  D. Brute Force
  A. Hybrid

  ---

  A Hybrid (or Hybrid Dictionary) Attack uses a word list that it modifies slightly to find passwords that are almost from a dictionary (like St0pid)

• Question 665:

  Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers) A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  

  B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run
  C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run
  D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

• Question 666:

  What are the four steps is used by nmap scanning?

  A. DNS Lookup
  B. ICMP Message
  C. Ping
  D. Reverse DNS lookup
  E. TCP three way handshake
  F. The Actual nmap scan
  A. DNS Lookup
  C. Ping
  D. Reverse DNS lookup
  F. The Actual nmap scan

  ---

  Nmap performs four steps during a normal device scan. Some of these steps can be modified or disabled using options on the nmap command line.

• Question 667:

  802.11b is considered a ____________ protocol.

  A. Connectionless
  B. Secure
  C. Unsecure
  D. Token ring based
  E. Unreliable
  C. Unsecure

  ---

  802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker.

• Question 668:

  Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored.

  Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.

  What should Stephanie use so that she does not get in trouble for surfing the Internet?

  A. Cookie Disabler
  B. Stealth Anonymizer
  C. Stealth Firefox
  D. Stealth IE
  C. Stealth Firefox

  ---

  Stealth Firefox If there are times you want to surf the web without leaving a trace in your local computer, then this is the right extension for you. https://addons.mozilla.org/en-US/firefox/addon/1306

• Question 669:

  Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

  A. The initial traffic from 192.168.12.35 was being spoofed.
  B. The traffic from 192.168.12.25 is from a Linux computer.
  C. The TTL of 21 means that the client computer is on wireless.
  D. The client computer at 192.168.12.35 is a zombie computer.
  A. The initial traffic from 192.168.12.35 was being spoofed.

• Question 670:

  Bryce the bad boy is purposely sending fragmented ICMP packets to a remote target. The tool size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is Bryce attempting to perform?

  A. Smurf
  B. Fraggle
  C. SYN Flood
  D. Ping of Death
  D. Ping of Death

  ---

  A ping of death (abbreviated "POD") is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size (or 84 bytes when IP header is considered); many computer systems cannot handle a ping larger than the maximum IP packet size, which is 65,535 bytes. Sending a ping of this size can crash the target computer. Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65,536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash.