EC-COUNCIL Certified Ethical Hacker 312-50 Questions & Answers

• Question 751:

  One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3. In the list below which of the choices represent the level that forces NetWare to sign all packets?

  A. 0 (zero)

  B. 1

  C. 2

  D. 3

  Correct Answer: D

  0Server does not sign packets (regardless of the client level). 1Server signs packets if the client is capable of signing (client level is 2 or higher). 2Server signs packets if the client is capable of signing (client level is 1 or higher). 3Server signs packets and requires all clients to sign packets or logging in will fail.

• Question 752:

  ABC.com is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purpose. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist or likely to incite someone to commit an act of terrorism.

  You can always defend yourself by "ignorance of the law" clause.

  A. True

  B. False

  Correct Answer: B

  Ignorantia juris non excusat or Ignorantia legis neminem excusat (Latin for "ignorance of the law does not excuse" or "ignorance of the law excuses no one") is a public policy holding that a person who is unaware of a law may not escape liability for violating that law merely because he or she was unaware of its content; that is, persons have presumed knowledge of the law. Presumed knowledge of the law is the principle in jurisprudence that one is bound by a law even if one does not know of it. It has also been defined as the "prohibition of ignorance of the law".

• Question 753:

  Which of the following act in the united states specifically criminalizes the transmission of unsolicited commercial e-mail(SPAM) without an existing business relationship.

  A. 2004 CANSPAM Act

  B. 2003 SPAM Preventing Act

  C. 2005 US-SPAM 1030 Act

  D. 1990 Computer Misuse Act

  Correct Answer: A

  The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them. The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A "transactional or relationship message" email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.

• Question 754:

  Steven works as a security consultant and frequently performs penetration tests for Fortune 500 companies. Steven runs external and internal tests and then creates reports to show the companies where their weak areas are. Steven always signs a non-disclosure agreement before performing his tests. What would Steven be considered?

  A. Whitehat Hacker

  B. BlackHat Hacker

  C. Grayhat Hacker

  D. Bluehat Hacker

  Correct Answer: A

  A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.

• Question 755:

  Which of the following best describes Vulnerability?

  A. The loss potential of a threat

  B. An action or event that might prejudice security

  C. An agent that could take advantage of a weakness

  D. A weakness or error that can lead to compromise

  Correct Answer: D

  A vulnerability is a flaw or weakness in system security procedures, design or implementation that could be exercised (accidentally triggered or intentionally exploited) and result in a harm to an IT system or activity.

• Question 756:

  The United Kingdom (UK) he passed a law that makes hacking into an unauthorized network a felony. The law states:

  Section1 of the Act refers to unauthorized access to computer material. This states that a person commits an offence if he causes a computer to perform any function with intent to secure unauthorized access to any program or data held in any computer. For a successful conviction under this part of the Act, the prosecution must prove that the access secured is unauthorized and that the suspect knew that this was the case. This section is designed to deal with common- orgraden hacking.

  Section 2 of the deals with unauthorized access with intent to commit or facilitate the commission of further offences. An offence is committed under Section 2 if a Section 1 offence has been committed and there is the intention of committing or facilitating a further offense (any offence which attacks a custodial sentence of more than five years, not necessarily one covered but the Act). Even if it is not possible to prove the intent to commit the further offence, the Section 1 offence is still committed.

  Section 3 Offences cover unauthorized modification of computer material, which generally means the creation and distribution of viruses. For conviction to succeed there must have been the intent to cause the modifications and knowledge that the modification had not been authorized

  What is the law called?

  A. Computer Misuse Act 1990

  B. Computer incident Act 2000

  C. Cyber Crime Law Act 2003

  D. Cyber Space Crime Act 1995

  Correct Answer: A

  Computer Misuse Act (1990) creates three criminal offences:

• Question 757:

  What are the two basic types of attacks?(Choose two.

  A. DoS

  B. Passive

  C. Sniffing

  D. Active

  E. Cracking

  Correct Answer: BD

  Passive and active attacks are the two basic types of attacks.

• Question 758:

  Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

  A. CHAT rooms

  B. WHOIS database

  C. News groups

  D. Web sites

  E. Search engines

  F. Organization's own web site

  Correct Answer: ABCDEF

  A Security tester should search for information everywhere that he/she can access. You never know where you find that small piece of information that could penetrate a strong defense.

• Question 759:

  What is "Hacktivism"?

  A. Hacking for a cause

  B. Hacking ruthlessly

  C. An association which groups activists

  D. None of the above

  Correct Answer: A

  The term was coined by author/critic Jason Logan King Sack in an article about media artist Shu Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged effects similar to regular activism or civil disobedience.

• Question 760:

  Who is an Ethical Hacker?

  A. A person who hacks for ethical reasons

  B. A person who hacks for an ethical cause

  C. A person who hacks for defensive purposes

  D. A person who hacks for offensive purposes

  Correct Answer: C

  The Ethical hacker is a security professional who applies his hacking skills for defensive purposes.