EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 711:

  A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

  A. Forensic attack
  B. ARP spoofing attack
  C. Social engineering attack
  D. Scanning attack
  C. Social engineering attack

• Question 712:

  Risk = Threats x Vulnerabilities is referred to as the:

  A. Threat assessment
  B. Disaster recovery formula
  C. BIA equation
  D. Risk equation
  D. Risk equation

• Question 713:

  Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

  A. There is no mutual authentication between wireless clients and access points
  B. Automated tools like AirSnort are available to discover WEP keys
  C. The standard does not provide for centralized key management
  D. The 24 bit Initialization Vector (IV) field is too small
  C. The standard does not provide for centralized key management

• Question 714:

  Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

  

  A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\Run
  C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run
  D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

• Question 715:

  Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP.

  How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?

  A. Use any ARP requests found in the capture
  B. Derek can use a session replay on the packets captured
  C. Derek can use KisMAC as it needs two USB devices to generate traffic
  D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic
  D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic

• Question 716:

  A XYZ security System Administrator is reviewing the network system log files.

  He notes the following:

  What should he assume has happened and what should he do about the situation?

  A. He should contact the attacker's ISP as soon as possible and have the connection disconnected.
  B. He should log the event as suspicious activity,continue to investigate,and take further steps according to site security policy.
  C. He should log the file size,and archive the information,because the router crashed.
  D. He should run a file system check,because the Syslog server has a self correcting file system problem.
  E. He should disconnect from the Internet discontinue any further unauthorized use,because an attack has taken place.
  B. He should log the event as suspicious activity,continue to investigate,and take further steps according to site security policy.

• Question 717:

  Study the snort rule given below and interpret the rule.

  alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

  A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
  B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
  C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet
  D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
  D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

• Question 718:

  When you are testing a web application, it is very useful to employ a prosy tool to save every request and response.Nyou can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

  What proxy tool will help you find web vulnerabilities?

  A. Burpsuite
  B. Dimitry
  C. Proxychains
  D. Maskgen
  A. Burpsuite

• Question 719:

  Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.

  One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker

  Message: You are dead! Freaks!

  From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of

  his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site.

  To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

  After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

  H@cker Mess@ge:

  Y0u @re De@d! Fre@ks!

  After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran

  Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

  How did the attacker accomplish this hack?

  A. ARP spoofing
  B. SQL injection
  C. DNS poisoning
  D. Routing table injection
  C. DNS poisoning

• Question 720:

  Which of the following is the successor of SSL?

  A. RSA
  B. GRE
  C. TLS
  D. IPSec
  C. TLS