EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 121:

  You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

  A. The zombie you are using is not truly idle.

  B. A stateful inspection firewall is resetting your queries.

  C. Hping2 cannot be used for idle scanning.

  D. These ports are actually open on the target system.

  Correct Answer: A

• Question 122:

  Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

  A. Metasploit

  B. Wireshark

  C. Maltego

  D. Cain and Abel

  Correct Answer: C

• Question 123:

  Name two software tools used for OS guessing? (Choose two.)

  A. Nmap

  B. Snadboy

  C. Queso

  D. UserInfo

  E. NetBus

  Correct Answer: AC

• Question 124:

  Which of the following BEST describes how Address Resolution Protocol (ARP) works?

  A. It sends a reply packet for a specific IP, asking for the MAC address

  B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP

  C. It sends a request packet to all the network elements, asking for the domain name from a specific IP

  D. It sends a request packet to all the network elements, asking for the MAC address from a specific IP

  Correct Answer: D

• Question 125:

  Study the log below and identify the scan type.

  

  A. nmap -sR 192.168.1.10

  B. nmap -sS 192.168.1.10

  C. nmap -sV 192.168.1.10

  D. nmap -sO -T 192.168.1.10

  Correct Answer: D

• Question 126:

  Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?

  A. Preparation phase

  B. Containment phase

  C. Recovery phase

  D. Identification phase

  Correct Answer: A

• Question 127:

  What attack is used to crack passwords by using a precomputed table of hashed passwords?

  A. Brute Force Attack

  B. Hybrid Attack

  C. Rainbow Table Attack

  D. Dictionary Attack

  Correct Answer: C

• Question 128:

  A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?

  A. Share reports, after NDA is signed

  B. Share full reports, not redacted

  C. Decline but, provide references

  D. Share full reports with redactions

  Correct Answer: C

• Question 129:

  Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:

  invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

  TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

  Obviously, it is not going through. What is the issue here?

  A. OS Scan requires root privileges

  B. The nmap syntax is wrong.

  C. The outgoing TCP/IP fingerprinting is blocked by the host firewall

  D. This is a common behavior for a corrupted nmap application

  Correct Answer: A

• Question 130:

  The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router nobody can access to the ftp and the permitted hosts cannot access to the Internet. According to the next configuration what is happening in the network?

  

  A. The ACL 110 needs to be changed to port 80

  B. The ACL for FTP must be before the ACL 110

  C. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

  D. The ACL 104 needs to be first because is UDP

  Correct Answer: C