EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V7 Online Questions & Answers

• Question 301:

  How is sniffing broadly categorized?

  A. Active and passive
  B. Broadcast and unicast
  C. Unmanaged and managed
  D. Filtered and unfiltered
  A. Active and passive

• Question 302:

  A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

  A. -sO
  B. -sP
  C. -sS
  D. -sU
  B. -sP

• Question 303:

  Which of the following is a strong post designed to stop a car?

  A. Gate
  B. Fence
  C. Bollard
  D. Reinforced rebar
  C. Bollard

• Question 304:

  Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

  A. A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications
  B. A reduction in network and application monitoring since all recording will be completed at the SSO system
  C. A reduction in system administration overhead since any user login problems can be resolved at the SSO system
  D. A reduction in overall risk to the system since network and application attacks can only happen at the SSO point
  A. A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications
  C. A reduction in system administration overhead since any user login problems can be resolved at the SSO system

• Question 305:

  What file system vulnerability does the following command take advantage of? type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

  A. HFS
  B. Backdoor access
  C. XFS
  D. ADS
  D. ADS

• Question 306:

  You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack?

  A. Configure routers to restrict the responses to Footprinting requests
  B. Configure Web Servers to avoid information leakage and disable unwanted protocols
  C. Lock the ports with suitable Firewall configuration
  D. Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns
  E. Evaluate the information before publishing it on the Website/Intranet
  F. Monitor every employee computer with Spy cameras, keyloggers and spy on them
  G. Perform Footprinting techniques and remove any sensitive information found on DMZ sites
  H. Prevent search engines from caching a Webpage and use anonymous registration services
  I. Disable directory and use split-DNS
  F. Monitor every employee computer with Spy cameras, keyloggers and spy on them

• Question 307:

  Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor.

  Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on.

  Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them.

  What technique has Jason most likely used?

  A. Stealth Rootkit Technique
  B. ADS Streams Technique
  C. Snow Hiding Technique
  D. Image Steganography Technique
  D. Image Steganography Technique

• Question 308:

  Take a look at the following attack on a Web Server using obstructed URL:

  

  How would you protect from these attacks?

  A. Configure the Web Server to deny requests involving "hex encoded" characters
  B. Create rules in IDS to alert on strange Unicode requests
  C. Use SSL authentication on Web Servers
  D. Enable Active Scripts Detection at the firewall and routers
  B. Create rules in IDS to alert on strange Unicode requests

• Question 309:

  The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?

  A. Investigate based on the maintenance schedule of the affected systems.
  B. Investigate based on the service level agreements of the systems.
  C. Investigate based on the potential effect of the incident.
  D. Investigate based on the order that the alerts arrived in.
  C. Investigate based on the potential effect of the incident.

• Question 310:

  Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment.

  Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access

  the resources of the company. This process involves human interaction to fix it.

  What kind of Denial of Service attack was best illustrated in the scenario above?

  A. Simple DDoS attack
  B. DoS attacks which involves flooding a network or system
  C. DoS attacks which involves crashing a network or system
  D. DoS attacks which is done accidentally or deliberately
  C. DoS attacks which involves crashing a network or system