EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 241:

  An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

  Which AAA protocol is the most likely able to handle this requirement?

  A. TACACS+

  B. DIAMETER

  C. Kerberos

  D. RADIUS

  Correct Answer: D

• Question 242:

  DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

  What command is used to determine if the entry is present in DNS cache?

  A. nslookup -fullrecursive update.antivirus.com

  B. dnsnooping -rt update.antivirus.com

  C. nslookup -norecursive update.antivirus.com

  D. dns --snoop update.antivirus.com

  Correct Answer: C

• Question 243:

  Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

  A. 137 and 139

  B. 137 and 443

  C. 139 and 443

  D. 139 and 445

  Correct Answer: D

• Question 244:

  What is a "Collision attack" in cryptography?

  A. Collision attacks try to get the public key

  B. Collision attacks try to break the hash into three parts to get the plaintext value

  C. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key

  D. Collision attacks try to find two inputs producing the same hash

  Correct Answer: D

• Question 245:

  Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital firm.

  He used an information-gathering tool to collect information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?

  A. Censys

  B. Wapiti

  C. NeuVector

  D. Lacework

  Correct Answer: A

• Question 246:

  Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

  A. Key derivation function

  B. Key reinstallation

  C. A Public key infrastructure

  D. Key stretching

  Correct Answer: D

• Question 247:

  What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment?

  A. Behavioral based

  B. Heuristics based

  C. Honeypot based

  D. Cloud based

  Correct Answer: D

• Question 248:

  While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server.

  What kind of attack is possible in this scenario?

  A. Cross-site scripting

  B. Denial of service

  C. SQL injection

  D. Directory traversal

  Correct Answer: D

  Appropriately controlling admittance to web content is significant for running a safe web worker. Index crossing or Path Traversal is a HTTP assault which permits aggressors to get to limited catalogs and execute orders outside of the web worker's root registry. Web workers give two primary degrees of security instruments Access Control Lists (ACLs) Root index An Access Control List is utilized in the approval cycle. It is a rundown which the web worker's manager uses to show which clients or gatherings can get to, change or execute specific records on the worker, just as other access rights. The root registry is a particular index on the worker record framework in which the clients are kept. Clients can't get to anything over this root. For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with this arrangement, a client doesn't approach C:\Windows yet approaches C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog (given that the client is confirmed by means of the ACLs). The root index keeps clients from getting to any documents on the worker, for example, C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on Linux/UNIX stages. This weakness can exist either in the web worker programming itself or in the web application code. To play out a registry crossing assault, all an assailant requires is an internet browser and some information on where to aimlessly discover any default documents and registries on the framework. What an assailant can do if your site is defenselessWith a framework defenseless against index crossing, an aggressor can utilize this weakness to venture out of the root catalog and access different pieces of the record framework. This may enable the assailant to see confined documents, which could give the aggressor more data needed to additional trade off the framework. Contingent upon how the site access is set up, the aggressor will execute orders by mimicking himself as the client which is related with "the site". Along these lines everything relies upon what the site client has been offered admittance to in the framework. Illustration of a Directory Traversal assault by means of web application codeIn web applications with dynamic pages, input is generally gotten from programs through GET or POST solicitation techniques. Here is an illustration of a HTTP GET demand URL GET http:// test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1 Host: test.webarticles.com With this URL, the browser requests the dynamic page show.asp from the server and with it also sends the parameter view with the value of oldarchive.html. When this request is executed on the web server, show.asp retrieves the file oldarchive.html from the server's file system, renders it and then sends it back to the browser which displays it to the user. The attacker would assume that show.asp can retrieve files from the file system and sends the following custom URL. GET http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1 Host: test.webarticles.com This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user. The expression ../ instructs the system to go one directory up which is commonly used as an operating system directive. The attacker has to guess how many directories he has to go up to find the Windows folder on the system, but this is easily done by trial and error. Example of a Directory Traversal attack via web serverApart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks. The problem can either be incorporated into the web server software or inside some sample script files left available on the server. The vulnerability has been fixed in the latest versions of web server software, but there are web servers online which are still using older versions of IIS and Apache which might be open to directory traversal attacks. Even though you might be using a web server software version that has fixed this vulnerability, you might still have some sensitive default script directories exposed which are well known to hackers. For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be GET http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1 Host: server.com The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe command shell file and run the command dir c:\ in the shell. The %5c expression that is in the URL request is a web server escape code which is used to represent normal characters. In this case %5c represents the character \. Newer versions of modern web server software check for these escape codes and do not let them through. Some older versions however, do not filter out these codes in the root directory enforcer and will let the attackers execute such commands.

• Question 249:

  Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.

  Which of the following master components is explained in the above scenario?

  A. Kube-controller-manager

  B. Kube-scheduler

  C. Kube-apiserver

  D. Etcd cluster

  Correct Answer: B

• Question 250:

  David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

  A. verification

  B. Risk assessment

  C. Vulnerability scan

  D. Remediation

  Correct Answer: D