EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 261:

  A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

  What kind of Web application vulnerability likely exists in their software?

  A. Cross-site scripting vulnerability

  B. Cross-site Request Forgery vulnerability

  C. SQL injection vulnerability

  D. Web site defacement vulnerability

  Correct Answer: A

  Many operators of particular web applications (e.g. forums and webmail) allow users to utilize a limited subset of HTML markup. When accepting HTML input from users (say, very large), output encoding (such as andlt;bandgt;veryandlt;/bandgt; large) will not suffice since the user input needs to be rendered as HTML by the browser (so it shows as "very large", instead of "very large"). Stopping an XSS attack when accepting HTML input from users is much more complex in this situation. Untrusted HTML input must be run through an HTML sanitization engine to ensure that it does not contain cross-site scripting code.

  References: https://en.wikipedia.org/wiki/Crosssite_scripting#Safely_validating_untrusted_HTML_input

• Question 262:

  You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

  A. hping2 host.domain.com

  B. hping2 --set-ICMP host.domain.com

  C. hping2 -i host.domain.com

  D. hping2 -1 host.domain.com

  Correct Answer: D

• Question 263:

  Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and that are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

  Basic example to understand how cryptography works is given below:

  

  Which of the following choices is true about cryptography?

  A. Algorithm is not the secret, key is the secret.

  B. Symmetric-key algorithms are a class of algorithms for cryptography that use the different cryptographic keys for both encryption of plaintext and decryption of ciphertext.

  C. Secure Sockets Layer (SSL) use the asymmetric encryption both (public/private key pair) to deliver the shared session key and to achieve a communication way.

  D. Public-key cryptography, also known as asymmetric cryptography, public key is for decrypt, private key is for encrypt.

  Correct Answer: C

• Question 264:

  What is the correct process for the TCP three-way handshake connection establishment and connection termination?

  A. Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN- ACK, ACK

  B. Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK- SYN, SYN

  C. Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK- FIN, ACK

  D. Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK- FIN, ACK

  Correct Answer: D

• Question 265:

  In Risk Management, how is the term "likelihood" related to the concept of "threat?"

  A. Likelihood is the probability that a threat-source will exploit a vulnerability.

  B. Likelihood is a possible threat-source that may exploit a vulnerability.

  C. Likelihood is the likely source of a threat that could exploit a vulnerability.

  D. Likelihood is the probability that a vulnerability is a threat-source.

  Correct Answer: A

  The ability to analyze the likelihood of threats within the organization is a critical step in building an effective security program. The process of assessing threat probability should be well defined and incorporated into a broader threat analysis process to be effective.

  References: http://www.mcafee.com/campaign/securitybattleground/resources/chapter5/whitepaper-on- assessingthreat-attack-likelihood.pdf

• Question 266:

  Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

  A. Use cryptographic storage to store all PII

  B. Use encrypted communications protocols to transmit PII

  C. Use full disk encryption on all hard drives to protect PII

  D. Use a security token to log into all Web applications that use PII

  Correct Answer: A

  As a matter of good practice any PII should be protected with strong encryption.

  References: https://cuit.columbia.edu/cuit/it-security-practices/handling-personally- identifying-information

• Question 267:

  Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

  A. tcptrace

  B. tcptraceroute

  C. Nessus

  D. OpenVAS

  Correct Answer: A

  tcptrace is a tool for analysis of TCP dump files. It can take as input the files produced by several popular packet-capture programs, including tcpdump/WinDump/Wireshark, snoop, EtherPeek, and Agilent NetMetrix.

  References: https://en.wikipedia.org/wiki/Tcptrace

• Question 268:

  Which of the following security operations is used for determining the attack surface of an organization?

  A. Running a network scan to detect network services in the corporate DMZ

  B. Training employees on the security policy regarding social engineering

  C. Reviewing the need for a security clearance for each employee

  D. Using configuration management to determine when and where to apply security patches

  Correct Answer: A

  For a network scan the goal is to document the exposed attack surface along with any easily detected vulnerabilities.

  References: http://meisecurity.com/home/consulting/consulting-network-scanning/

• Question 269:

  An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

  A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

  B. He will activate OSPF on the spoofed root bridge.

  C. He will repeat the same attack against all L2 switches of the network.

  D. He will repeat this action so that it escalates to a DoS attack.

  Correct Answer: A

• Question 270:

  A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.

  What is a possible source of this problem?

  A. The WAP does not recognize the client's MAC address

  B. The client cannot see the SSID of the wireless network

  C. Client is configured for the wrong channel

  D. The wireless client is not configured to use DHCP

  Correct Answer: A

  MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC Filtering is often used on wireless networks.

  References: https://en.wikipedia.org/wiki/MAC_filtering