EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 141:

  Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?

  A. Network aliasing
  B. Domain Name Server (DNS) poisoning
  C. Reverse Address Resolution Protocol (ARP)
  D. Port scanning
  B. Domain Name Server (DNS) poisoning

• Question 142:

  A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

  A. Locate type=ns
  B. Request type=ns
  C. Set type=ns
  D. Transfer type=ns
  C. Set type=ns

• Question 143:

  The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.

  The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.

  

  How would you overcome the Firewall restriction on ICMP ECHO packets?

  A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.
  B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.
  C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.
  D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
  E. \> JOHNTHETRACER www.eccouncil.org -F -evade
  A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets,traceroute can bypass the most common firewall filters.

• Question 144:

  Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system

  under his privileges, which allow Kevin access to information used on the BBS.

  However, no executables are downloaded and run on the local system.

  What would you term this attack?

  A. Phishing
  B. Denial of Service
  C. Cross Site Scripting
  D. Backdoor installation
  C. Cross Site Scripting

• Question 145:

  What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

  A. Due to the key size,the time it will take to encrypt and decrypt the message hinders efficient communication.
  B. To get messaging programs to function with this algorithm requires complex configurations.
  C. It has been proven to be a weak cipher; therefore,should not be trusted to protect sensitive data.
  D. It is a symmetric key algorithm,meaning each recipient must receive the key through a different channel than the message.
  D. It is a symmetric key algorithm,meaning each recipient must receive the key through a different channel than the message.

• Question 146:

  While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?

  A. Packet filtering firewall
  B. Application-level firewall
  C. Circuit-level gateway firewall
  D. Stateful multilayer inspection firewall
  C. Circuit-level gateway firewall

• Question 147:

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold. What is the most common cause of buffer overflow in software today?

  A. Bad permissions on files.
  B. High bandwidth and large number of users.
  C. Usage of non standard programming languages.
  D. Bad quality assurance on software produced.
  D. Bad quality assurance on software produced.

• Question 148:

  Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

  What would Yancey be considered?

  A. Yancey would be considered a Suicide Hacker
  B. Since he does not care about going to jail,he would be considered a Black Hat
  C. Because Yancey works for the company currently; he would be a White Hat
  D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
  A. Yancey would be considered a Suicide Hacker

• Question 149:

  One of your team members has asked you to analyze the following SOA record. What is the version?

  Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

  3600 604800 2400.

  A. 200303028
  B. 3600
  C. 604800
  D. 2400
  E. 60
  F. 4800
  A. 200303028

• Question 150:

  An incident investigator asks to receive a copy of the event from all firewalls, prosy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs the sequence of many of the logged events do not match up.

  What is the most likely cause?

  A. The network devices are not all synchronized
  B. The securitybreach was a false positive.
  C. The attack altered or erased events from the logs.
  D. Proper chain of custody was not observed while collecting the logs.
  C. The attack altered or erased events from the logs.