EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

• Question 641:

  War dialing is a very old attack and depicted in movies that were made years ago.

  Why would a modem security tester consider using such an old technique?

  A. It is cool,and if it works in the movies it must work in real life.

  B. It allows circumvention of protection mechanisms by being on the internal network.

  C. It allows circumvention of the company PBX.

  D. A good security tester would not use such a derelict technique.

  Correct Answer: B

• Question 642:

  Ann would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point.

  Which of the following type of scans would be the most accurate and reliable option?

  A. A half-scan

  B. A UDP scan

  C. A TCP Connect scan

  D. A FIN scan

  Correct Answer: C

• Question 643:

  You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.

  What should be the next logical step that should be performed?

  A. Connect to open ports to discover applications.

  B. Perform a ping sweep to identify any additional systems that might be up.

  C. Perform a SYN scan on port 21 to identify any additional systems that might be up.

  D. Rescan every computer to verify the results.

  Correct Answer: C

• Question 644:

  Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

  A. To create a denial of service attack.

  B. To verify information about the mail administrator and his address.

  C. To gather information about internal hosts used in email treatment.

  D. To gather information about procedures that are in place to deal with such messages.

  Correct Answer: C

• Question 645:

  Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

  Within the context of penetration testing methodology, what phase is Bob involved with?

  A. Passive information gathering

  B. Active information gathering

  C. Attack phase

  D. Vulnerability Mapping

  Correct Answer: A

• Question 646:

  The following excerpt is taken from a honeyput log. The log captures activities across three days. There

  are several intrusion attempts; however, a few are successful. Study the log given below and answer the

  following question:

  (Note: The objective of this questions is to test whether the student has learnt about passive OS

  fingerprinting (which should tell them the OS from log captures):

  can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker

  and whether they can read plain source ?destination entries from log entries.)

  

  What can you infer from the above log?

  A. The system is a windows system which is being scanned unsuccessfully.

  B. The system is a web application server compromised through SQL injection.

  C. The system has been compromised and backdoored by the attacker.

  D. The actual IP of the successful attacker is 24.9.255.53.

  Correct Answer: A

• Question 647:

  While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

  What is the most likely cause behind this response?

  A. The firewall is dropping the packets.

  B. An in-line IDS is dropping the packets.

  C. A router is blocking ICMP.

  D. The host does not respond to ICMP packets.

  Correct Answer: C

• Question 648:

  Exhibit

  

  Joe Hacker runs the hping2 hacking tool to predict the target host's sequence numbers in one of the hacking session.

  What does the first and second column mean? Select two.

  A. The first column reports the sequence number

  B. The second column reports the difference between the current and last sequence number

  C. The second column reports the next sequence number

  D. The first column reports the difference between current and last sequence number

  Correct Answer: AB

• Question 649:

  Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target.

  Which of the following could be the most likely cause behind this lack of response? Select 4.

  A. UDP is filtered by a gateway

  B. The packet TTL value is too low and cannot reach the target

  C. The host might be down

  D. The destination network might be down

  E. The TCP windows size does not match

  F. ICMP is filtered by a gateway

  Correct Answer: ABCF

• Question 650:

  Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm?

  Select the best answer.

  A. There are two external DNS Servers for Internet domains. Both are AD integrated.

  B. All external DNS is done by an ISP.

  C. Internal AD Integrated DNS servers are using private DNS names that are

  D. unregistered.

  E. Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

  Correct Answer: A