EC-COUNCIL 312-50V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V8 Online Questions & Answers

• Question 841:

  In the following example, which of these is the "exploit"?

  Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been

  automated using basic scripting.

  Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites. Select the best answer.

  A. Microsoft Corporation is the exploit.
  B. The security "hole" in the product is the exploit.
  C. Windows 2003 Server
  D. The exploit is the hacker that would use this vulnerability.
  E. The documented method of how to use the vulnerability to gain unprivileged access.
  E. The documented method of how to use the vulnerability to gain unprivileged access.

• Question 842:

  Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?

  A. Jacob is seeing a Smurf attack.
  B. Jacob is seeing a SYN flood.
  C. He is seeing a SYN/ACK attack.
  D. He has found evidence of an ACK flood.
  B. Jacob is seeing a SYN flood.

• Question 843:

  International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

  A. guidelines and practices for security controls.
  B. financial soundness and business viability metrics.
  C. standard best practice for configuration management.
  D. contract agreement writing standards.
  A. guidelines and practices for security controls.

• Question 844:

  What is GINA?

  A. Gateway Interface Network Application
  B. GUI Installed Network Application CLASS
  C. Global Internet National Authority (G-USA)
  D. Graphical Identification and Authentication DLL
  D. Graphical Identification and Authentication DLL

• Question 845:

  Which one of the following instigates a SYN flood attack?

  A. Generating excessive broadcast packets.
  B. Creating a high number of half-open connections.
  C. Inserting repetitive Internet Relay Chat (IRC) messages.
  D. A large number of Internet Control Message Protocol (ICMP) traces.
  B. Creating a high number of half-open connections.

• Question 846:

  This is an example of whois record.

  

  Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

  A. Search engines like Google,Bing will expose information listed on the WHOIS record
  B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record
  C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record
  D. IRS Agents will use this information to track individuals using the WHOIS record information
  B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record
  C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

• Question 847:

  What is the main reason the use of a stored biometric is vulnerable to an attack?

  A. The digital representation of the biometric might not be unique,even if the physical characteristic is unique.
  B. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
  C. A stored biometric is no longer "something you are" and instead becomes "something you have".
  D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.
  D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

• Question 848:

  How does an operating system protect the passwords used for account logins?

  A. The operating system performs a one-way hash of the passwords.
  B. The operating system stores the passwords in a secret file that users cannot find.
  C. The operating system encrypts the passwords,and decrypts them when needed.
  D. The operating system stores all passwords in a protected segment of non-volatile memory.
  A. The operating system performs a one-way hash of the passwords.

• Question 849:

  An attacker runs netcat tool to transfer a secret file between two hosts.

  Machine A: netcat -l -p 1234 < secretfile

  Machine B: netcat 192.168.3.4 > 1234

  He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

  A. Machine A: netcat -l -p -s password 1234 < testfile Machine B: netcat 1234
  B. Machine A: netcat -l -e magickey -p 1234 < testfile Machine B: netcat 1234
  C. Machine A: netcat -l -p 1234 < testfile -pw password Machine B: netcat 1234 -pw password
  D. Use cryptcat instead of netcat
  D. Use cryptcat instead of netcat

• Question 850:

  Symmetric encryption algorithms are known to be fast but present great challenges on the key management side. Asymmetric encryption algorithms are slow but allow communication with a remote host without having to transfer a key out of band or in person.

  If we combine the strength of both crypto systems where we use the symmetric algorithm to encrypt the bulk of the data and then use the asymmetric encryption system to encrypt the symmetric key, what would this type of usage be known as?

  A. Symmetric system
  B. Combined system
  C. Hybrid system
  D. Asymmetric system
  C. Hybrid system