EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

• Question 801:

  The following exploit code is extracted from what kind of attack?

  

  A. Remote password cracking attack

  B. SQL Injection

  C. Distributed Denial of Service

  D. Cross Site Scripting

  E. Buffer Overflow

  Correct Answer: E

• Question 802:

  A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold.

  What is the most common cause of buffer overflow in software today?

  A. Bad permissions on files.

  B. High bandwidth and large number of users.

  C. Usage of non standard programming languages.

  D. Bad quality assurance on software produced.

  Correct Answer: D

• Question 803:

  The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.

  What kind of attack is this program susceptible to?

  A. Buffer of Overflow

  B. Denial of Service

  C. Shatter Attack

  D. Password Attack

  Correct Answer: A

• Question 804:

  Study the following exploit code taken from a Linux machine and answer the questions below:

  echo “ingreslock stream tcp nowait root /bin/sh sh –I" > /tmp/x;

  /usr/sbin/inetd –s /tmp/x;

  sleep 10;

  /bin/ rm –f /tmp/x AAAA…AAA

  In the above exploit code, the command “/bin/sh sh –I" is given.

  What is the purpose, and why is `sh' shown twice?

  A. The command /bin/sh sh appearing in the exploit code is actually part of an inetd configuration file.

  B. The length of such a buffer overflow exploit makes it prohibitive for user to enter manually. The second `sh' automates this function.

  C. It checks for the presence of a codeword (setting the environment variable) among the environment variables.

  D. It is a giveaway by the attacker that he is a script kiddy.

  Correct Answer: A

• Question 805:

  What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

  A. Encryption of agent communications will conceal the presence of the agents

  B. The monitor will know if counterfeit messages are being generated because they will not be encrypted

  C. Alerts are sent to the monitor when a potential intrusion is detected

  D. An intruder could intercept and delete data or alerts and the intrusion can go undetected

  Correct Answer: B

• Question 806:

  An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him.

  What tool might he use to bypass the IDS? Select the best answer.

  A. Firewalk

  B. Manhunt

  C. Fragrouter

  D. Fragids

  Correct Answer: C

• Question 807:

  There are two types of honeypots- high and low interaction.

  Which of these describes a low interaction honeypot? Select the best answers.

  A. Emulators of vulnerable programs

  B. More likely to be penetrated

  C. Easier to deploy and maintain

  D. Tend to be used for production

  E. More detectable

  F. Tend to be used for research

  Correct Answer: ACDE

• Question 808:

  Given the following extract from the snort log on a honeypot, what service is being exploited? :

  A. FTP

  B. SSH

  C. Telnet

  D. SMTP

  Correct Answer: A

• Question 809:

  Exhibit: Given the following extract from the snort log on a honeypot, what do you infer from the attack?

  

  A. A new port was opened

  B. A new user id was created

  C. The exploit was successful

  D. The exploit was not successful

  Correct Answer: D

• Question 810:

  A program that defends against a port scanner will attempt to:

  A. Sends back bogus data to the port scanner

  B. Log a violation and recommend use of security-auditing tools

  C. Limit access by the scanning system to publicly available ports only

  D. Update a firewall rule in real time to prevent the port scan from being completed

  Correct Answer: D