EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V7 Online Questions & Answers

• Question 81:

  Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)? (Choose two.)

  A. Signature
  B. Anomaly
  C. Passive
  D. Reactive
  A. Signature
  B. Anomaly

• Question 82:

  What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

  A. tcp.src == 25 and ip.host == 192.168.0.125
  B. host 192.168.0.125:25
  C. port 25 and host 192.168.0.125
  D. tcp.port == 25 and ip.host == 192.168.0.125
  D. tcp.port == 25 and ip.host == 192.168.0.125

• Question 83:

  Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

  A. Fast processor to help with network traffic analysis
  B. They must be dual-homed
  C. Similar RAM requirements
  D. Fast network interface cards
  B. They must be dual-homed

• Question 84:

  What type of port scan is represented here.

  

  A. Stealth Scan
  B. Full Scan
  C. XMAS Scan
  D. FIN Scan
  A. Stealth Scan

• Question 85:

  What type of attack is shown here?

  

  A. Bandwidth exhaust Attack
  B. Denial of Service Attack
  C. Cluster Service Attack
  D. Distributed Denial of Service Attack
  D. Distributed Denial of Service Attack

• Question 86:

  International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

  A. guidelines and practices for security controls.
  B. financial soundness and business viability metrics.
  C. standard best practice for configuration management.
  D. contract agreement writing standards.
  A. guidelines and practices for security controls.

• Question 87:

  You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

  A. display==facebook
  B. traffic.content==facebook
  C. tcp contains facebook
  D. list.display.facebook
  C. tcp contains facebook

• Question 88:

  Study the snort rule given below and interpret the rule.

  alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

  A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
  B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
  C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
  D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
  D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

• Question 89:

  Which of the following identifies the three modes in which Snort can be configured to run?

  A. Sniffer, Packet Logger, and Network Intrusion Detection System
  B. Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System
  C. Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System
  D. Sniffer, Packet Logger, and Host Intrusion Prevention System
  A. Sniffer, Packet Logger, and Network Intrusion Detection System

• Question 90:

  A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

  A. Cupp
  B. Nessus
  C. Cain and Abel
  D. John The Ripper Pro
  C. Cain and Abel