EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V7 Online Questions & Answers

• Question 341:

  A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate?

  A. A buffer overflow attack has been attempted
  B. A buffer overflow attack has already occurred
  C. A firewall has been breached and this is logged
  D. An intrusion detection system has been triggered
  E. The system has crashed
  A. A buffer overflow attack has been attempted

• Question 342:

  Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would like to tunnel the information to the remote end but does not have VPN capabilities to do so. Which of the following tools can she use to protect the link?

  A. MD5
  B. PGP
  C. RSA
  D. SSH
  D. SSH

• Question 343:

  Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

  A. Bob can explain that using a weak key management technique is a form of programming error
  B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
  C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
  D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
  A. Bob can explain that using a weak key management technique is a form of programming error

• Question 344:

  Consider the following code:

  URL:http://www.certified.com/search.pl?

  text=

  If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage,

  including stealing passwords, resetting your home page, or redirecting the user to another Web site. What is the countermeasure against XSS scripting?

  A. Create an IP access list and restrict connections based on port number
  B. Replace "" characters with "and l t;" and "and g t;" using server scripts
  C. Disable Javascript in IE and Firefox browsers
  D. Connect to the server using HTTPS protocol instead of HTTP
  B. Replace "" characters with "and l t;" and "and g t;" using server scripts

• Question 345:

  What are common signs that a system has been compromised or hacked? (Choose three.)

  A. Increased amount of failed logon events
  B. Patterns in time gaps in system and/or event logs
  C. New user accounts created
  D. Consistency in usage baselines
  E. Partitions are encrypted
  F. Server hard drives become fragmented
  A. Increased amount of failed logon events
  B. Patterns in time gaps in system and/or event logs
  C. New user accounts created

• Question 346:

  Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

  A. MD5
  B. SHA-1
  C. RC4
  D. MD4
  B. SHA-1

• Question 347:

  The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.

  The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.

  

  How would you overcome the Firewall restriction on ICMP ECHO packets?

  A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
  D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
  E. \> JOHNTHETRACER www.eccouncil.org -F -evade
  A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

• Question 348:

  This method is used to determine the Operating system and version running on a remote target system. What is it called?

  A. Service Degradation
  B. OS Fingerprinting
  C. Manual Target System
  D. Identification Scanning
  B. OS Fingerprinting

• Question 349:

  Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer with bots? (Select 4 answers)

  A. Attackers physically visit every victim's computer to infect them with malicious software
  B. Home computers that have security vulnerabilities are prime targets for botnets
  C. Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software
  D. Attackers use phishing or spam emails that contain links or attachments
  E. Attackers use websites to host the bots utilizing Web Browser vulnerabilities
  B. Home computers that have security vulnerabilities are prime targets for botnets
  C. Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software
  D. Attackers use phishing or spam emails that contain links or attachments
  E. Attackers use websites to host the bots utilizing Web Browser vulnerabilities

• Question 350:

  Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys

  Which step would you perform to detect this type of Trojan?

  

  A. Scan for suspicious startup programs using msconfig
  B. Scan for suspicious network activities using Wireshark
  C. Scan for suspicious device drivers in c:\windows\system32\drivers
  D. Scan for suspicious open ports using netstat
  C. Scan for suspicious device drivers in c:\windows\system32\drivers