EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V7 Online Questions & Answers

• Question 421:

  Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

  A. Information Audit Policy (IAP)
  B. Information Security Policy (ISP)
  C. Penetration Testing Policy (PTP)
  D. Company Compliance Policy (CCP)
  B. Information Security Policy (ISP)

• Question 422:

  Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers) A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  

  B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run
  C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run
  D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

• Question 423:

  The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

  

  What is most likely taking place?

  A. Ping sweep of the 192.168.1.106 network
  B. Remote service brute force attempt
  C. Port scan of 192.168.1.106
  D. Denial of service attack on 192.168.1.106
  B. Remote service brute force attempt

• Question 424:

  Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him ''just to double check our records.'' Jane does not suspect anything amiss, and parts with her password. Jack can now access Brown Co.'s computers with a valid user name and password, to steal the cookie recipe. What kind of attack is being illustrated here?

  A. Reverse Psychology
  B. Reverse Engineering
  C. Social Engineering
  D. Spoofing Identity
  E. Faking Identity
  C. Social Engineering

• Question 425:

  Which of the following is an example of IP spoofing?

  A. SQL injections
  B. Man-in-the-middle
  C. Cross-site scripting
  D. ARP poisoning
  B. Man-in-the-middle

• Question 426:

  A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company

  will go out of business and end up not paying.

  What actions should the CEH take?

  A. Threaten to publish the penetration test results if not paid.
  B. Follow proper legal procedures against the company to request payment.
  C. Tell other customers of the financial problems with payments from this company.
  D. Exploit some of the vulnerabilities found on the company webserver to deface it.
  B. Follow proper legal procedures against the company to request payment.

• Question 427:

  Bob has been hired to do a web application security test. Bob notices that the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. What is the first character that Bob should use to attempt breaking valid SQL request?

  A. Semi Column
  B. Double Quote
  C. Single Quote
  D. Exclamation Mark
  C. Single Quote

• Question 428:

  This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?

  A. IP Routing or Packet Dropping
  B. IDS Spoofing or Session Assembly
  C. IP Fragmentation or Session Splicing
  D. IP Splicing or Packet Reassembly
  C. IP Fragmentation or Session Splicing

• Question 429:

  To see how some of the hosts on your network react, Winston sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established he sends RST packets to those hosts to stop the session. Winston has done this to see how his intrusion detection system will log the traffic. What type of scan is Winston attempting here?

  A. Winston is attempting to find live hosts on your company's network by using an XMAS scan.
  B. He is utilizing a SYN scan to find live hosts that are listening on your network.
  C. This type of scan he is using is called a NULL scan.
  D. He is using a half-open scan to find live hosts on your network.
  D. He is using a half-open scan to find live hosts on your network.

• Question 430:

  Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?

  A. He can use SNMPv3
  B. Jake can use SNMPrev5
  C. He can use SecWMI
  D. Jake can use SecSNMP
  A. He can use SNMPv3