EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 251:

  Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean?

  A. This response means the port he is scanning is open.
  B. The RST/ACK response means the port Fred is scanning is disabled.
  C. This means the port he is scanning is half open.
  D. This means that the port he is scanning on the host is closed.
  D. This means that the port he is scanning on the host is closed.

• Question 252:

  You receive an e-mail with the following text message.

  "Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible." You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate

  Windows system file "Human Interface Device Service". What category of virus is this?

  A. Virus hoax
  B. Spooky Virus
  C. Stealth Virus
  D. Polymorphic Virus
  A. Virus hoax

• Question 253:

  What type of Trojan is this?

  

  A. RAT Trojan
  B. E-Mail Trojan
  C. Defacement Trojan
  D. Destructing Trojan
  E. Denial of Service Trojan
  C. Defacement Trojan

• Question 254:

  A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network.

  What tool should the analyst use to perform a Blackjacking attack?

  A. Paros Proxy
  B. BBProxy
  C. BBCrack
  D. Blooover
  B. BBProxy

• Question 255:

  An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)

  A. Create a network tunnel.
  B. Create a multiple false positives.
  C. Create a SYN flood.
  D. Create a ping flood.
  A. Create a network tunnel.

• Question 256:

  You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

  Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

  What is Peter Smith talking about?

  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
  B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
  C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
  D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

• Question 257:

  Which definition among those given below best describes a covert channel?

  A. A server program using a port that is not well known.
  B. Making use of a protocol in a way it is not intended to be used.
  C. It is the multiplexing taking place on a communication link.
  D. It is one of the weak channels used by WEP which makes it insecure.
  B. Making use of a protocol in a way it is not intended to be used.

• Question 258:

  Which of the following is the primary objective of a rootkit?

  A. It opens a port to provide an unauthorized service
  B. It creates a buffer overflow
  C. It replaces legitimate programs
  D. It provides an undocumented opening in a program
  C. It replaces legitimate programs

• Question 259:

  In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them: FIN = 1 SYN = 2 RST = 4

  PSH = 8 ACK = 16 URG = 32

  ECE = 64

  CWR =128

  Example: To calculate SYN/ACK flag decimal value, add 2 (which is the decimal value of the SYN flag) to 16 (which is the decimal value of the ACK flag), so the result would be 18.

  Based on the above calculation, what is the decimal value for XMAS scan?

  A. 23
  B. 24
  C. 41
  D. 64
  C. 41

• Question 260:

  Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

  A. Kismet
  B. Netstumbler
  C. Abel
  D. Nessus
  A. Kismet