EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 441:

  Which are true statements concerning the BugBear and Pretty Park worms? Select the best answers.

  A. Both programs use email to do their work.
  B. Pretty Park propagates via network shares and email
  C. BugBear propagates via network shares and email
  D. Pretty Park tries to connect to an IRC server to send your personal passwords.
  E. Pretty Park can terminate anti-virus applications that might be running to bypass them.
  A. Both programs use email to do their work.
  C. BugBear propagates via network shares and email
  D. Pretty Park tries to connect to an IRC server to send your personal passwords.

• Question 442:

  What is the expected result of the following exploit?

  

  A. Opens up a telnet listener that requires no username or password.
  B. Create a FTP server with write permissions enabled.
  C. Creates a share called "sasfile" on the target system.
  D. Creates an account with a user name of Anonymous and a password of [email protected].
  A. Opens up a telnet listener that requires no username or password.

• Question 443:

  John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module.

  What does this mean in the context of Linux Security?

  A. Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation.
  B. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel after it has been recompiled and the system rebooted.
  C. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation.
  D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation.
  D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation.

• Question 444:

  While using your bank's online servicing you notice the following stringin the URL bar:

  "http://www.MyPersonalBank/Account?

  Id=368940911028389andDamount=10980andCamount=21"

  You observe that if you modify the Damount and Camount values and submit the request, that data on the web page reflect the changes.

  What type of vulnerability is present on this site?

  A. SQL injection
  B. XSS Reflection
  C. Web Parameter Tampering
  D. Cookie Tampering
  C. Web Parameter Tampering

• Question 445:

  Bob has a good understanding of cryptography, having worked with it for many years.

  Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors.

  What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

  A. Bob can explain that using a weak key management technique is a form of programming error
  B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
  C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
  D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
  A. Bob can explain that using a weak key management technique is a form of programming error

• Question 446:

  A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

  Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

  

  Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.

  Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

  How do you ensure if the e-mail is authentic and sent from fedex.com?

  A. Verify the digital signature attached with the mail,the fake mail will not have Digital ID at all
  B. Check the Sender ID against the National Spam Database (NSD)
  C. Fake mail will have spelling/grammatical errors
  D. Fake mail uses extensive images,animation and flash content
  A. Verify the digital signature attached with the mail,the fake mail will not have Digital ID at all

• Question 447:

  What are the two basic types of attacks? (Choose two.)

  A. DoS
  B. Passive
  C. Sniffing
  D. Active
  E. Cracking
  B. Passive
  D. Active

• Question 448:

  Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.

  

  Which of the following statements is incorrect?

  A. Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.
  B. Vulnerability scanners can help identify out-of-date software versions,missing patches,or system upgrades
  C. They can validate compliance with or deviations from the organization's security policy
  D. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention
  D. Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

• Question 449:

  Why attackers use proxy servers?

  A. To ensure the exploits used in the attacks always flip reverse vectors
  B. Faster bandwidth performance and increase in attack speed
  C. Interrupt the remote victim's network traffic and reroute the packets to attackers machine
  D. To hide the source IP address so that an attacker can hack without any legal corollary
  D. To hide the source IP address so that an attacker can hack without any legal corollary

• Question 450:

  Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers.

  A. true
  B. false
  A. true