EC-COUNCIL CEH v10 312-50V10 Questions & Answers

• Question 41:

  Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

  A. Gateway-based IDS

  B. Network-based IDS

  C. Host-based IDS

  D. Open source-based

  Correct Answer: C

• Question 42:

  Windows LAN Manager (LM) hashes are known to be weak.

  Which of the following are known weaknesses of LM? (Choose three.)

  A. Converts passwords to uppercase.

  B. Hashes are sent in clear text over the network.

  C. Makes use of only 32-bit encryption.

  D. Effective length is 7 characters.

  Correct Answer: ABD

• Question 43:

  Take a look at the following attack on a Web Server using obstructed URL:

  

  How would you protect from these attacks?

  A. Configure the Web Server to deny requests involving "hex encoded" characters

  B. Create rules in IDS to alert on strange Unicode requests

  C. Use SSL authentication on Web Servers

  D. Enable Active Scripts Detection at the firewall and routers

  Correct Answer: B

• Question 44:

  You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

  A. user.log

  B. auth.fesg

  C. wtmp

  D. btmp

  Correct Answer: C

• Question 45:

  Under what conditions does a secondary name server request a zone transfer from a primary name server?

  A. When a primary SOA is higher that a secondary SOA

  B. When a secondary SOA is higher that a primary SOA

  C. When a primary name server has had its service restarted

  D. When a secondary name server has had its service restarted

  E. When the TTL falls to zero

  Correct Answer: A

• Question 46:

  Which of the following are well known password-cracking programs?

  A. L0phtcrack

  B. NetCat

  C. Jack the Ripper

  D. Netbus

  E. John the Ripper

  Correct Answer: AE

• Question 47:

  In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

  Which of the following statement is incorrect related to this attack?

  A. Do not reply to email messages or popup ads asking for personal or financial information

  B. Do not trust telephone numbers in e-mails or popup ads

  C. Review credit card and bank account statements regularly

  D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

  E. Do not send credit card numbers, and personal or financial information via e-mail

  Correct Answer: D

• Question 48:

  Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

  A. BA810DBA98995F1817306D272A9441BB

  B. 44EFCE164AB921CQAAD3B435B51404EE

  C. 0182BD0BD4444BF836077A718CCDF409

  D. CEC52EB9C8E3455DC2265B23734E0DAC

  E. B757BF5C0D87772FAAD3B435B51404EE

  F. E52CAC67419A9A224A3B108F3FA6CB6D

  Correct Answer: BE

• Question 49:

  What is a NULL scan?

  A. A scan in which all flags are turned off

  B. A scan in which certain flags are off

  C. A scan in which all flags are on

  D. A scan in which the packet size is set to zero

  E. A scan with an illegal packet size

  Correct Answer: A

• Question 50:

  What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

  A. 110

  B. 135

  C. 139

  D. 161

  E. 445

  F. 1024

  Correct Answer: BCE