While examining a log report you find out that an intrusion has been attempted by a machine whose IP address is displayed as 0xde.0xad.0xbe.0xef. It looks to you like a hexadecimal number. You perform a ping 0xde.0xad.0xbe.0xef.
Which of the following IP addresses will respond to the ping and hence will likely be responsible for the intrusion?
A. 192.10.25.9
B. 10.0.3.4
C. 203.20.4.5
D. 222.273.290.239
You are doing IP spoofing while you scan your target. You find that the target has port 23 open. Anyway you are unable to connect.
Why?
A. A firewall is blocking port 23
B. You cannot spoof + TCP
C. You need an automated telnet tool
D. The OS does not reply to telnet even if port 23 is open
Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies.
What do you think is the main reason behind the significant increase in hacking attempts over the past years?
A. It is getting more challenging and harder to hack for non technical people.
B. There is a phenomenal increase in processing power.
C. New TCP/IP stack features are constantly being added.
D. The ease with which hacker tools are available on the Internet.
When referring to the Domain Name Service, what is denoted by a `zone'?
A. It is the first domain that belongs to a company.
B. It is a collection of resource records.
C. It is the first resource record type in the SOA.
D. It is a collection of domains.
Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.
Which of the choices below indicate the other features offered by Snort?
A. IDS,Packet Logger,Sniffer
B. IDS,Firewall,Sniffer
C. IDS,Sniffer,Proxy
D. IDS,Sniffer,content inspector
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "Echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain.
What is the probable cause of Bill's problem?
A. The system is a honeypot.
B. There is a problem with the shell and he needs to run the attack again.
C. You cannot use a buffer overflow to deface a web page.
D. The HTML file has permissions of ready only.
What do you conclude from the nmap results below?
Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/) (The 1592 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open http 443/tcp open https Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed ?1 IP address (1 host up) scanned in 91.66 seconds
A. The system is a Windows Domain Controller.
B. The system is not firewalled.
C. The system is not running Linux or Solaris.
D. The system is not properly patched.
Network Intrusion Detection systems can monitor traffic in real time on networks.
Which one of the following techniques can be very effective at avoiding proper detection?
A. Fragmentation of packets.
B. Use of only TCP based protocols.
C. Use of only UDP based protocols.
D. Use of fragmented ICMP traffic only.
Bob, an Administrator at XYZ was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers, firewalls, IDS, via Telnet.
Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in XYZ.
Based on the above scenario, please choose which would be your corrective measurement actions. (Choose two)
A. Use encrypted protocols,like those found in the OpenSSH suite.
B. Implement FAT32 filesystem for faster indexing and improved performance.
C. Configure the appropriate spoof rules on gateways (internal and external).
D. Monitor for CRP caches,by using IDS products.
You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.
How can you achieve this?
A. Block ICMP at the firewall.
B. Block UDP at the firewall.
C. Both A and B.
D. There is no way to completely block doing a trace route into this area.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.