On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner?
A. Use "Is"
B. Use "lsof"
C. Use "echo"
D. Use "netstat"
Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen.
What are you most likely to infer from this?
A. The services are protected by TCP wrappers
B. There is a honeypot running on the scanned machine
C. An attacker has replaced the services with trojaned ones
D. This indicates that the telnet and SMTP server have crashed
After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?
1.
mkdir -p /etc/X11/applnk/Internet/.etc
2.
mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3.
touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4.
touch -acmr /etc /etc/X11/applnk/Internet/.etc
5.
passwd nobody -d
6.
/usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7.
passwd dns -d
8.
touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9.
touch -acmr /etc/X11/applnk/Internet/.etc /etc
A. Change password of user nobody
B. Extract information from a local directory
C. Change the files Modification Access Creation times
D. Download rootkits and passwords into a new directory
Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router.
What would you call such a host?
A. Honeypot
B. DMZ host
C. DWZ host
D. Bastion Host
What is Cygwin?
A. Cygwin is a free C++ compiler that runs on Windows
B. Cygwin is a free Unix subsystem that runs on top of Windows
C. Cygwin is a free Windows subsystem that runs on top of Linux
D. Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment
Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability.
What is the correct action to be taken by Rebecca in this situation as a recommendation to management?
A. Rebecca should make a recommendation to disable the() system call
B. Rebecca should make a recommendation to upgrade the Linux kernel promptly
C. Rebecca should make a recommendation to set all child-process to sleep within the execve()
D. Rebecca should make a recommendation to hire more system administrators to monitor all child processes to ensure that each child process can't elevate privilege
After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?
1.
mkdir -p /etc/X11/applnk/Internet/.etc
2.
mkdir -p /etc/X11/applnk/Internet/.etcpasswd
3.
touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
4.
touch -acmr /etc /etc/X11/applnk/Internet/.etc
5.
passwd nobody -d
6.
/usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
7.
passwd dns -d
8.
touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
9.
touch -acmr /etc/X11/applnk/Internet/.etc /etc
A. IUSR_
B. acmr,dns
C. nobody,dns
D. nobody,IUSR_
Which of the following snort rules look for FTP root login attempts?
A. alert tcp -> any port 21 (msg:"user root";)
B. alert tcp -> any port 21 (message:"user root";)
C. alert ftp -> ftp (content:"user password root";)
D. alert tcp any any -> any any 21 (content:"user root";)
John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module.
What does this mean in the context of Linux Security?
A. Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation.
B. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel after it has been recompiled and the system rebooted.
C. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation.
D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation.
Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage.
How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?
A. Ensure all files have at least a 755 or more restrictive permissions.
B. Configure rules using ipchains.
C. Configure and enable portsentry on his server.
D. Install an intrusion detection system on her computer such as Snort.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.