EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 361:

  Because UDP is a connectionless protocol: (Select 2)

  A. UDP recvfrom() and write() scanning will yield reliable results
  B. It can only be used for Connect scans
  C. It can only be used for SYN scans
  D. There is no guarantee that the UDP packets will arrive at their destination
  E. ICMP port unreachable messages may not be returned successfully
  D. There is no guarantee that the UDP packets will arrive at their destination
  E. ICMP port unreachable messages may not be returned successfully

• Question 362:

  When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address are the same. There have been no alerts sent via

  email or logged in the IDS.

  Which type of an alert is this?

  A. False positive
  B. False negative
  C. True positive
  D. True negative
  B. False negative

• Question 363:

  You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

  A. There is no way to completely block tracerouting into this area
  B. Block UDP at the firewall
  C. Block TCP at the firewall
  D. Block ICMP at the firewall
  A. There is no way to completely block tracerouting into this area

• Question 364:

  A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers.

  How should the administrator classify this situation?

  A. True negatives
  B. False negatives
  C. True positives
  D. False positives
  D. False positives

• Question 365:

  Which type of access control is used on a router or firewall to limit network activity?

  A. Mandatory
  B. Discretionary
  C. Rule-based
  D. Role-based
  C. Rule-based

• Question 366:

  Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position. Harold is currently trying to run a Sniffer on the agency's network to get an idea of what kind of traffic is being passed around, but the program he is using does not seem to be capturing anything. He pours through the Sniffer's manual, but cannot find anything that directly relates to his problem. Harold decides to ask the network administrator if he has any thoughts on the problem. Harold is told that the Sniffer was not working because the agency's network is a switched network, which cannot be sniffed by some programs without some tweaking.

  What technique could Harold use to sniff his agency's switched network?

  A. ARP spoof the default gateway
  B. Conduct MiTM against the switch
  C. Launch smurf attack against the switch
  D. Flood the switch with ICMP packets
  A. ARP spoof the default gateway

• Question 367:

  Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security.

  No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices.

  What type of insider threat would Shayla be considered?

  A. She would be considered an Insider Affiliate
  B. Because she does not have any legal access herself,Shayla would be considered an Outside Affiliate
  C. Shayla is an Insider Associate since she has befriended an actual employee
  D. Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider
  A. She would be considered an Insider Affiliate

• Question 368:

  What is the best description of SQL Injection?

  A. It is a Denial of Service Attack.
  B. It is an attack used to modify code in an application.
  C. It is and attack used to gain unauthorized access to a database.
  D. It isa Man-in-the-Middle attack between your SQL Server and Web App Server.
  D. It isa Man-in-the-Middle attack between your SQL Server and Web App Server.

• Question 369:

  The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

  A. An attacker,working slowly enough,can evade detection by the IDS.
  B. Network packets are dropped if the volume exceeds the threshold.
  C. Thresholding interferes with the IDS' ability to reassemble fragmented packets.
  D. The IDS will not distinguish among packets originating from different sources.
  A. An attacker,working slowly enough,can evade detection by the IDS.

• Question 370:

  Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

  A. Cross-site scripting
  B. SQL injection
  C. Missing patches
  D. CRLF injection
  C. Missing patches