EC-COUNCIL EC-COUNCIL Certifications 312-38 Questions & Answers

• Question 501:

  Which of the following tools is an open source network intrusion prevention and detection system that works network sniffer and record the operation of the network, which is coordinated pre-signatures?

  A. dsniff

  B. kismet

  C. None

  D. KisMAC

  E. bridle

  Correct Answer: E

• Question 502:

  Which of the following statements best describes the consequences of a disaster recovery test?

  A. None

  B. The test results should be kept secret.

  C. If no deficiencies were found during the test, so the plan is probably perfect.

  D. If no deficiencies were found during the test, the test was probably erroneous.

  E. The plan should not change any of the test results would be.

  Correct Answer: D

• Question 503:

  Which of the following flag to set whether the scan sends TCP Christmas tree frame with the remote machine? Each correct answer represents a part of the solution. Choose all that apply.

  A. FIN

  B. URG

  C. RST

  D. PUSH

  Correct Answer: ABD

• Question 504:

  What is used for drawing symbols in public places following techniques of advertising an open Wi-Fi network?

  A. wardriving

  B. None

  C. spam

  D. war call

  E. warchalking

  Correct Answer: E

• Question 505:

  Which of the following firewalls are used to monitor the status of active connections, and configure the network packets to pass through the firewall? Each correct answer represents a complete solution. Choose all that apply.

  A. Farm owner

  B. Proxy server

  C. Dynamic packet filtering

  D. The circuit gateway

  Correct Answer: AC

• Question 506:

  You work for a professional computer hacking forensic investigator DataEnet Inc. To explore the e-mail information about an employee of the company. The suspect an employee to use the online e-mail systems such as Hotmail or Yahoo. Which of the following folders on the local computer you are going to check to accomplish the task? Each correct answer represents a complete solution. Choose all that apply.

  A. cookies folder

  B. Temporary Internet Folder

  C. download folder

  D. History Folder

  Correct Answer: ABD

• Question 507:

  Which of the following standards is a change in the original IEEE 802.11 and defines the security mechanisms for wireless networks?

  A. 802.11b

  B. 802.11a

  C. None

  D. 802.11e

  E. 802.11i

  Correct Answer: E

• Question 508:

  Which of the following representatives of the incident response team takes the forensic backups of systems that are essential event?

  A. the legal representative

  B. technical representative

  C. lead investigator

  D. None

  E. Information Security representative

  Correct Answer: B

• Question 509:

  Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

  A. Disaster Recovery Plan

  B. Business Continuity Plan

  C. Contingency Plan

  D. Continuity of Operations Plan

  Correct Answer: B

  BCP is a strategy to minimize the consequence of the instability and to allow for the continuation of business processes. The goal of BCP is to minimize the effects of a disruptive event on a company, and is formed to avoid interruptions to normal business activity. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan. Answer option C is incorrect. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and "triggers" for initiating planned actions. They are required to help governments, businesses, or individuals to recover from serious incidents in the minimum time with minimum cost and disruption. Answer option A is incorrect. Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking), and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication, and reputation protection, and should refer to the disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. Answer option D is incorrect. The Continuity Of Operation Plan (COOP) refers to the preparations and institutions maintained by the United States government, providing survival of federal government operations in the case of catastrophic events. It provides procedures and capabilities to sustain an organization's essential. COOP is the procedure documented to ensure persistent critical operations throughout any period where normal operations are unattainable.

• Question 510:

  Adam works as a Security Analyst for Umbrella Inc. The company has a Linux-based network comprising an Apache server for Web applications. He received the following Apache Web server log, which is as follows:

  [Sat Nov 16 14:32:52 2009] [error] [client 128.0.0.7] client denied by server configuration: /export/home/htdocs/test

  The first piece in the log entry is the date and time of the log message. The second entry determines the severity of the error being reported. Now Adam wants to change the severity level to control the types of errors that are sent to the error

  log. Which of the following directives will Adam use to accomplish the task?

  A. CustomLog

  B. ErrorLog

  C. LogFormat

  D. LogLevel

  Correct Answer: D

  The LogLevel directive is used in server Error log of the Apache Web server log. This directive is used to control the types of errors that are sent to the error log by constraining the severity level. Eight different levels are present in the LogLevel directive, which are shown below in order of their descending significance:

  

  Note: When a certain level is specified, the messages from all other levels of higher significance will also be reported. For example, when LogLevel crit is specified, then messages with log levels of alert and emerg will also be reported.

  Answer option B is incorrect. The ErrorLog directive is used to set the name and location of the file to which the server will log any errors it encounters. If the file-path does not begin with a slash sign (/), it is assumed to be relative to the

  ServerRoot. If the file-path begins with a pipe sign (|), then it is assumed to be a command that handles the error log.

  Answer option A is incorrect. The CustomLog directive is used to log requests to the server. The format of the log is specified and the logging can be made conditional on request characteristics with the help of environment variables.

  Environment variables can be adjusted on a per-request basis with the help of the mod_setenvif or mod_rewrite module.

  Answer option C is incorrect. The LogFormat directive can exist in one of the two forms. In the first form, only one argument is specified; and in the second form explicit format with a nickname is associated. This directive specifies the log

  format that is used by logs specified in subsequent TransferLog directives.