EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 491:

  What type of session hijacking attack is shown in the exhibit?

  

  A. Session Sniffing Attack
  B. Cross-site scripting Attack
  C. SQL Injection Attack
  D. Token sniffing Attack
  A. Session Sniffing Attack

• Question 492:

  Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

  What is odd about this attack? (Choose the most appropriate statement)

  A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
  B. This is back orifice activity as the scan comes from port 31337.
  C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
  D. There packets were created by a tool; they were not created by a standard IP stack.
  B. This is back orifice activity as the scan comes from port 31337.

• Question 493:

  Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

  A. WebBugs
  B. WebGoat
  C. VULN_HTML
  D. WebScarab
  B. WebGoat

• Question 494:

  In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

  A. Rouge access point attack
  B. Unauthorized access point attack
  C. War Chalking
  D. WEP attack
  A. Rouge access point attack

• Question 495:

  Which of the following parameters enables NMAP's operating system detection feature?

  A. NMAP -sV
  B. NMAP -oS
  C. NMAP -sR
  D. NMAP -O
  D. NMAP -O

• Question 496:

  Which tool would be used to collect wireless packet data?

  A. NetStumbler
  B. John the Ripper
  C. Nessus
  D. Netcat
  A. NetStumbler

• Question 497:

  What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

  A. Inherent Risk
  B. ResidualRisk
  C. Deferred Risk
  D. Impact Risk
  B. ResidualRisk

• Question 498:

  Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website byinserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known toincorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.

  What type of attack is outlined in the scenario?

  A. Watering Hole Attack
  B. Spear Phising Attack
  C. Heartbleed Attack
  D. Shellshock Attack
  A. Watering Hole Attack

• Question 499:

  Pandora is used to attack __________ network operating systems.

  A. Windows
  B. UNIX
  C. Linux
  D. Netware
  E. MAC OS
  D. Netware

• Question 500:

  What information should an IT system analysis provide to the risk assessor?

  A. Management buy-in
  B. Threat statement
  C. Security architecture
  D. Impact analysis
  C. Security architecture