EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 371:

  During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi- million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

  A. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.
  B. Send your attack traffic and look for it to be dropped by the IDS.
  C. Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.
  D. The sniffing interface cannot be detected.
  D. The sniffing interface cannot be detected.

• Question 372:

  Which of the following Trojans would be considered 'Botnet Command Control Center'?

  A. YouKill DOOM
  B. Damen Rock
  C. Poison Ivy
  D. Matten Kit
  C. Poison Ivy

• Question 373:

  You've gained physical access to a Windows 2008 R2 server which has as accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD.Which Linux tool has the ability to change any user's password or to activate disabled Windows Accounts?

  A. John the Ripper
  B. CHNTPW
  C. Cain and Abel
  D. SET
  A. John the Ripper

• Question 374:

  After trying multiple exploits, you've gained root access to a Centos 6 answer. To ensure you maintain access. What would you do first?

  A. Disable IPTables
  B. Create User Account
  C. Downloadand Install Netcat
  D. Disable Key Services
  C. Downloadand Install Netcat

• Question 375:

  Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic.

  What type of scan is Hayden attempting here?

  A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan
  B. She is utilizing a SYN scan to find live hosts that are listening on her network
  C. The type of scan,she is using is called a NULL scan
  D. Hayden is using a half-open scan to find live hosts on her network
  D. Hayden is using a half-open scan to find live hosts on her network

• Question 376:

  John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. In the context of Session hijacking why would you consider this as a false sense of security?

  A. The token based security cannot be easily defeated.
  B. The connection can be taken over after authentication.
  C. A token is not considered strong authentication.
  D. Token security is not widely used in the industry.
  B. The connection can be taken over after authentication.

• Question 377:

  Jim is having no luck performing a penetration test in XYZ's network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.

  Why is Jim having these problems?

  A. Security scanners are not designed to do testing through a firewall.
  B. Security scanners cannot perform vulnerability linkage.
  C. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
  D. All of the above.
  D. All of the above.

• Question 378:

  Which type of scan measures a person's external features through a digital video camera?

  A. Iris scan
  B. Retinal scan
  C. Facial recognition scan
  D. Signature kinetics scan
  C. Facial recognition scan

• Question 379:

  Joe the Hacker breaks into XYZ's Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.

  

  What can Joe do to hide the wiretap program from being detected by ifconfig command?

  A. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu
  B. Run the wiretap program in stealth mode from being detected by the ifconfig command.
  C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.
  D. You cannot disable Promiscuous mode detection on Linux systems.
  C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.

• Question 380:

  Which of the following tools are used for enumeration? (Choose three.)

  A. SolarWinds
  B. USER2SID
  C. Cheops
  D. SID2USER
  E. DumpSec
  B. USER2SID
  D. SID2USER
  E. DumpSec