EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 211:

  Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

  A. symmetric algorithms

  B. asymmetric algorithms

  C. hashing algorithms

  D. integrity algorithms

  Correct Answer: C

  In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.

• Question 212:

  Study the snort rule given below:

  

  From the options below, choose the exploit against which this rule applies.

  A. WebDav

  B. SQL Slammer

  C. MS Blaster

  D. MyDoom

  Correct Answer: C

  MS Blaster scans the Internet for computers that are vulnerable to its attack. Once found, it tries to enter the system through the port 135 to create a buffer overflow. TCP ports 139 and 445 may also provide attack vectors.

• Question 213:

  Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

  Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers.

  A. Hardware, Software, and Sniffing.

  B. Hardware and Software Keyloggers.

  C. Passwords are always best obtained using Hardware key loggers.

  D. Software only, they are the most effective.

  Correct Answer: A

  Different types of keylogger planted into the environment would retrieve the passwords for Bob..

• Question 214:

  If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

  A. Birthday

  B. Brute force

  C. Man-in-the-middle

  D. Smurf

  Correct Answer: B

  Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.

• Question 215:

  You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:\) for data with the following text "Credit Card" and "password". It then zips all the scanned files and sends an email to a predefined hotmail address. You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent?

  A. HKEY_LOCAL_MACHINE\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices

  B. HKEY_LOCAL_USER\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices

  C. HKEY_LOCAL_SYSTEM\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices

  D. HKEY_CURRENT_USER\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices

  Correct Answer: A

  HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted.

• Question 216:

  John wants to try a new hacking tool on his Linux System. As the application comes from a site in his untrusted zone, John wants to ensure that the downloaded tool has not been Trojaned. Which of the following options would indicate the best course of action for John?

  A. Obtain the application via SSL

  B. Obtain the application from a CD-ROM disc

  C. Compare the files' MD5 signature with the one published on the distribution media

  D. Compare the file's virus signature with the one published on the distribution media

  Correct Answer: C

  In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.

• Question 217:

  William has received a Tetris game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Tetris.

  After William installs the game, he plays it for a couple of hours. The next day, William plays the Tetris game again and notices that his machines have begun to slow down. He brings up his Task Manager and sees the following programs

  running (see Screenshot):

  What has William just installed?

  A. Remote Access Trojan (RAT)

  B. Zombie Zapper (ZoZ)

  C. Bot IRC Tunnel (BIT)

  D. Root Digger (RD)

  Correct Answer: A

  RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. On a basic level, many RATs mimic the functionality of legitimate remote control programs such as Symantec's pcAnywhere but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.

• Question 218:

  Spears Technology, Inc is a software development company located in Los Angeles, California. They reported a breach in security, stating that its "security defenses has been breached and exploited for 2 weeks by hackers. "The hackers had

  accessed and downloaded 90,000 address containing customer credit cards and password. Spears Technology found this attack to be so to law enforcement officials to protect their intellectual property.

  How did this attack occur? The intruder entered through an employees home machine, which was connected to Spears Technology, Inc's corporate VPN network. The application called BEAST Trojan was used in the attack to open a "Back

  Door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge.

  The hackers were traced back to Beijing China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Spears Technology's network from a remote

  location, posing as employees. The intent of the attacker was to steal the source code for their VOIP system and "hold it hostage" from Spears Technology, Inc exchange for ransom.

  The hackers had intended on selling the stolen VOIP software source code to competitors.

  How would you prevent such attacks from occurring in the future at Spears Technology?

  A. Disable VPN access to all your employees from home machines

  B. Allow VPN access but replace the standard authentication with biometric authentication

  C. Replace the VPN access with dial-up modem access to the company's network

  D. Enable 25 character complex password policy for employees to access the VPN network.

  Correct Answer: A

  As long as there is a way in for employees through all security measures you can't be secure because you never know what computer the employees use to access recourses at their workplace.

• Question 219:

  Which definition below best describes a covert channel?

  A. Making use of a Protocol in a way it was not intended to be used

  B. It is the multiplexing taking place on communication link

  C. It is one of the weak channels used by WEP that makes it insecure

  D. A Server Program using a port that is not well known

  Correct Answer: A

  A covert channel is a hidden communication channel not intended for information transfer at all. Redundancy can often be used to communicate in a covert way. There are several ways that hidden communication can be set up.

• Question 220:

  Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.

  $ nc -l -p 1026 -u -v

  In response, he sees the following message.

  cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

  Windows has found 47 Critical Errors.

  To fix the errors please do the following:

  1.

  Download Registry Repair from: www.reg-patch.com

  2.

  Install Registry Repair

  3.

  Run Registry Repair

  4.

  Reboot your computer

  FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!

  What would you infer from this alert?

  A. The machine is redirecting traffic to www.reg-patch.com using adware

  B. It is a genuine fault of windows registry and the registry needs to be backed up

  C. An attacker has compromised the machine and backdoored ports 1026 and 1027

  D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities

  Correct Answer: D

  The "net send" Messenger service can be used by unauthorized users of your computer, without gaining any kind of privileged access, to cause a pop-up window to appear on your computer. Lately, this feature has been used by unsolicited commercial advertisers to inform many campus users about a "university diploma service"...