EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 621:

  Which statement best describes a server type under an N-tier architecture?

  A. A group of servers at a specific layer
  B. A single server with a specific role
  C. A group of servers with a unique role
  D. A single server at a specific layer
  C. A group of servers with a unique role

• Question 622:

  You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best nmap command you will use?

  A. Nmap –T4 –F 10.10.0.0/24
  B. Nmap –T4 –q 10.10.0.0/24
  C. Nmap –T4 –O 10.10.0.0/24
  D. Nmap –T4 –r 10.10.0.0/24
  A. Nmap –T4 –F 10.10.0.0/24

• Question 623:

  You have the SOA presented below in your Zone. Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

  collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

  A. One day
  B. One hour
  C. One week
  D. One month
  C. One week

• Question 624:

  Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him ''just to double check our records.'' Jane does not suspect anything amiss, and parts with her password. Jack can now access Brown Co.'s computers with a valid user name and password, to steal the cookie recipe.

  What kind of attack is being illustrated here?

  A. Reverse Psychology
  B. Reverse Engineering
  C. Social Engineering
  D. Spoofing Identity
  E. Faking Identity
  C. Social Engineering

• Question 625:

  Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords.

  Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold's boss this new password policy should not apply to them. To comply with the management's wishes, the IT

  department creates another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.

  Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead

  of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC's on the original domain and the new domain using Pwdump6.

  Harold uses the password cracking software John the Ripper to crack users' passwords to make sure they are strong enough. Harold expects that the users' passwords in the original

  domain will take much longer to crack than the management's passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords.

  Why did the 14 character passwords not take much longer to crack than the 8 character passwords?

  A. Harold should have used Dumpsec instead of Pwdump6
  B. Harold's dictionary file was not large enough
  C. Harold should use LC4 instead of John the Ripper
  D. LanManger hashes are broken up into two 7 character fields
  D. LanManger hashes are broken up into two 7 character fields

• Question 626:

  Which of the following is NOT part of CEH Scanning Methodology?

  A. Check for Live systems
  B. Check for Open Ports
  C. Banner Grabbing
  D. Prepare Proxies
  E. Social Engineering attacks
  F. Scan for Vulnerabilities
  G. Draw Network Diagrams
  E. Social Engineering attacks

• Question 627:

  During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?

  A. Terminate the audit.
  B. Identify and evaluate existing practices.
  C. Create a procedures document
  D. Conduct compliance testing
  B. Identify and evaluate existing practices.

• Question 628:

  What is a primary advantage a hacker gains by using encryption or programs such as Loki?

  A. It allows an easy way to gain administrator rights
  B. It is effective against Windows computers
  C. It slows down the effective response of an IDS
  D. IDS systems are unable to decrypt it
  E. Traffic will not be modified in transit
  D. IDS systems are unable to decrypt it

• Question 629:

  You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

  A. ICMP
  B. TCP
  C. UDP
  D. UPX
  B. TCP

• Question 630:

  John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well.

  What would be the name of this tool?

  A. hping2
  B. nessus
  C. nmap
  D. make
  B. nessus