EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 361:

  You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

  Which command would you use?

  A. c:\compmgmt.msc

  B. c:\services.msc

  C. c:\ncpa.cp

  D. c:\gpedit

  Correct Answer: A

  To start the Computer Management Console from command line just type compmgmt.msc / computer:computername in your run box or at the command line and it should automatically open the Computer Management console.

  References: http://www.waynezim.com/tag/compmgmtmsc/

• Question 362:

  A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

  

  A. The host is likely a printer.

  B. The host is likely a Windows machine.

  C. The host is likely a Linux machine.

  D. The host is likely a router.

  Correct Answer: A

  The Internet Printing Protocol (IPP) uses port 631.

  References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 363:

  Using Windows CMD, how would an attacker list all the shares to which the current user context has access?

  A. NET USE

  B. NET CONFIG

  C. NET FILE

  D. NET VIEW

  Correct Answer: A

  Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections. The command also controls persistent net connections. Used without parameters, net use retrieves a list of network connections.

  References: https://technet.microsoft.com/en-us/library/bb490717.aspx

• Question 364:

  You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

  What testing method did you use?

  A. Social engineering

  B. Tailgating

  C. Piggybacking

  D. Eavesdropping

  Correct Answer: A

  Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

• Question 365:

  You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS).

  What is the best way to evade the NIDS?

  A. Encryption

  B. Protocol Isolation

  C. Alternate Data Streams

  D. Out of band signalling

  Correct Answer: A

  When the NIDS encounters encrypted traffic, the only analysis it can perform is packet level analysis, since the application layer contents are inaccessible. Given that exploits against today's networks are primarily targeted against network services (application layer entities), packet level analysis ends up doing very little to protect our core business assets.

  References: http://www.techrepublic.com/article/avoid-these-five-common-ids- implementation-errors/

• Question 366:

  You have successfully gained access to your client's internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Microsoft Windows workstations have file sharing enabled.

  Which port would you see listening on these Windows machines in the network?

  A. 445

  B. 3389

  C. 161

  D. 1433

  Correct Answer: A

  The following ports are associated with file sharing and server message block (SMB) communications: References: https://support.microsoft.com/en-us/kb/298804

• Question 367:

  A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?

  A. Delegate

  B. Avoid

  C. Mitigate

  D. Accept

  Correct Answer: A

  There are five main ways to manage risk: acceptance, avoidance, transference, mitigation or exploitation. References: http://www.dbpmanagement.com/15/5-ways-to-manage-risk

• Question 368:

  While using your bank's online servicing you notice the following string in the URL bar: "http://www.MyPersonalBank.com/account?id=368940911028389andDamount=10980andCam ount=21"

  You observe that if you modify the Damount and Camount values and submit the request, that data on the web page reflect the changes.

  Which type of vulnerability is present on this site?

  A. Web Parameter Tampering

  B. Cookie Tampering

  C. XSS Reflection

  D. SQL injection

  Correct Answer: A

  The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.

  References: https://www.owasp.org/index.php/Web_Parameter_Tampering

• Question 369:

  When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.

  What should you do?

  A. Forward the message to your company's security response team and permanently delete the message from your computer.

  B. Reply to the sender and ask them for more information about the message contents.

  C. Delete the email and pretend nothing happened

  D. Forward the message to your supervisor and ask for her opinion on how to handle the situation

  Correct Answer: A

  By setting up an email address for your users to forward any suspicious email to, the emails can be automatically scanned and replied to, with security incidents created to follow up on any emails with attached malware or links to known bad websites.

  References: https://docs.servicenow.com/bundle/helsinki-security- management/page/product/threatintelligence/task/t_ConfigureScanEmailInboundAction.html

• Question 370:

  What is the process of logging, recording, and resolving events that take place in an organization?

  A. Incident Management Process

  B. Security Policy

  C. Internal Procedure

  D. Metrics

  Correct Answer: A

  The activities within the incident management process include:

  References: https://en.wikipedia.org/wiki/Incident_management_(ITSM)#Incident_management_proced ure