EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V7 Online Questions & Answers

• Question 241:

  Which of the following business challenges could be solved by using a vulnerability scanner?

  A. Auditors want to discover if all systems are following a standard naming convention.
  B. A web server was compromised and management needs to know if any further systems were compromised.
  C. There is an emergency need to remove administrator access from multiple machines for an employee that quit.
  D. There is a monthly requirement to test corporate compliance with host application usage and security policies.
  D. There is a monthly requirement to test corporate compliance with host application usage and security policies.

• Question 242:

  Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

  

  From the above list identify the user account with System Administrator privileges?

  A. John
  B. Rebecca
  C. Sheela
  D. Shawn
  E. Somia
  F. Chang
  G. Micah
  F. Chang

• Question 243:

  Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server. Why do you think this is possible?

  A. It works because encryption is performed at the application layer (single encryption key)
  B. The scenario is invalid as a secure cookie cannot be replayed
  C. It works because encryption is performed at the network layer (layer 1 encryption)
  D. Any cookie can be replayed irrespective of the session status
  A. It works because encryption is performed at the application layer (single encryption key)

• Question 244:

  Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

  A. WebBugs
  B. WebGoat
  C. VULN_HTML
  D. WebScarab
  B. WebGoat

• Question 245:

  While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

  A. The firewall is dropping the packets
  B. An in-line IDS is dropping the packets
  C. A router is blocking ICMP
  D. The host does not respond to ICMP packets
  C. A router is blocking ICMP

• Question 246:

  Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?

  A. Dan cannot spoof his IP address over TCP network
  B. The scenario is incorrect as Dan can spoof his IP and get responses
  C. The server will send replies back to the spoofed IP address
  D. Dan can establish an interactive session only if he uses a NAT
  C. The server will send replies back to the spoofed IP address

• Question 247:

  Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network. He receives the following SMS message during the weekend.

  

  An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command. Which of the following hping2 command is responsible for the above snort alert?

  A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118
  B. chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118
  C. chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118
  D. chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118
  A. chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118

• Question 248:

  You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

  Dear valued customers,

  We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your

  antivirus code:

  Antivirus code: 5014

  http://www.juggyboy/virus/virus.html

  Thank you for choosing us, the worldwide leader Antivirus solutions.

  Mike Robertson

  PDF Reader Support

  Copyright Antivirus 2010 ?All rights reserved

  If you want to stop receiving mail, please go to:

  http://www.juggyboy.com

  or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

  How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  

  A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
  B. Connect to the site using SSL, if you are successful then the website is genuine
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
  D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

• Question 249:

  When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

  A. Drops the packet and moves on to the next one
  B. Continues to evaluate the packet until all rules are checked
  C. Stops checking rules, sends an alert, and lets the packet continue
  D. Blocks the connection with the source IP address in the packet
  B. Continues to evaluate the packet until all rules are checked

• Question 250:

  A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

  

  The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

  What is Rogue security software?

  A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites
  B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.
  C. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites
  D. This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker
  B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.