EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

• Question 821:

  Which of the following are potential attacks on cryptography? (Select 3)

  A. One-Time-Pad Attack

  B. Chosen-Ciphertext Attack

  C. Man-in-the-Middle Attack

  D. Known-Ciphertext Attack

  E. Replay Attack

  Correct Answer: BCE

• Question 822:

  ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

  

  An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.

  Which of the following strategies can be used to defeat detection by a network-based IDS application?

  A. Create a SYN flood

  B. Create a network tunnel

  C. Create multiple false positives

  D. Create a ping flood

  Correct Answer: B

• Question 823:

  To scan a host downstream from a security gateway, Firewalking:

  A. Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

  B. Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

  C. Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment.

  D. Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

  Correct Answer: B

• Question 824:

  Which of the following is not an effective countermeasure against replay attacks?

  A. Digital signatures

  B. Time Stamps

  C. System identification

  D. Sequence numbers

  Correct Answer: C

• Question 825:

  You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

  A. Sending a mail message to a valid address on the target network,and examining the header information generated by the IMAP servers

  B. Examining the SMTP header information generated by using the -mx command parameter of DIG

  C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address

  D. Sending a mail message to an invalid address on the target network,and examining the header information generated by the POP servers

  Correct Answer: C

• Question 826:

  What type of attack changes its signature and/or payload to avoid detection by antivirus programs?

  A. Polymorphic

  B. Rootkit

  C. Boot sector

  D. File infecting

  Correct Answer: A

• Question 827:

  If you come across a sheepdip machaine at your client site, what would you infer?

  A. A sheepdip computer is used only for virus checking.

  B. A sheepdip computer is another name for honeypop.

  C. A sheepdip coordinates several honeypots.

  D. A sheepdip computer defers a denial of service attack.

  Correct Answer: A

• Question 828:

  If you come across a sheepdip machine at your client's site, what should you do?

  A. A sheepdip computer is used only for virus-checking.

  B. A sheepdip computer is another name for a honeypot

  C. A sheepdip coordinates several honeypots.

  D. A sheepdip computers defers a denial of service attack.

  Correct Answer: A

• Question 829:

  What is a sheepdip?

  A. It is another name for Honeynet

  B. It is a machine used to coordinate honeynets

  C. It is the process of checking physical media for virus before they are used in a computer

  D. None of the above

  Correct Answer: C

• Question 830:

  All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?

  A. They are all Windows based webserver

  B. They are all Unix based webserver

  C. The company is not using IDS

  D. The company is not using a stateful firewall

  Correct Answer: D