EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 311:

  How would you prevent session hijacking attacks?

  A. Using biometrics access tokens secures sessions against hijacking

  B. Using non-Internet protocols like http secures sessions against hijacking

  C. Using hardware-based authentication secures sessions against hijacking

  D. Using unpredictable sequence numbers secures sessions against hijacking

  Correct Answer: D

  Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.

• Question 312:

  You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250. Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?

  A. 200-250

  B. 121-371

  C. 120-321

  D. 121-231

  E. 120-370

  Correct Answer: B

  Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121 +250).

• Question 313:

  What is Hunt used for?

  A. Hunt is used to footprint networks

  B. Hunt is used to sniff traffic

  C. Hunt is used to hack web servers

  D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic

  E. Hunt is used for password cracking

  Correct Answer: D

  Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions.

• Question 314:

  Which is the right sequence of packets sent during the initial TCP three way handshake?

  A. FIN, FIN-ACK, ACK

  B. SYN, URG, ACK

  C. SYN, ACK, SYN-ACK

  D. SYN, SYN-ACK, ACK

  Correct Answer: D

  A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.

• Question 315:

  What type of cookies can be generated while visiting different web sites on the Internet?

  A. Permanent and long term cookies.

  B. Session and permanent cookies.

  C. Session and external cookies.

  D. Cookies are all the same, there is no such thing as different type of cookies.

  Correct Answer: B

  There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser.

• Question 316:

  What is the key advantage of Session Hijacking?

  A. It can be easily done and does not require sophisticated skills.

  B. You can take advantage of an authenticated connection.

  C. You can successfully predict the sequence number generation.

  D. You cannot be traced in case the hijack is detected.

  Correct Answer: B

  As an attacker you don't have to steal an account and password in order to take advantage of an authenticated connection.

• Question 317:

  John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.

  In the context of Session hijacking why would you consider this as a false sense of security?

  A. The token based security cannot be easily defeated.

  B. The connection can be taken over after authentication.

  C. A token is not considered strong authentication.

  D. Token security is not widely used in the industry.

  Correct Answer: B

  A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated.

• Question 318:

  Bob is going to perform an active session hijack against company. He has acquired the target that allows session oriented connections (Telnet) and performs sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.

  So, what is Bob most likely to do next?

  A. Take over the session.

  B. Reverse sequence prediction.

  C. Guess the sequence numbers.

  D. Take one of the parties' offline.

  Correct Answer: C

• Question 319:

  Barney is looking for a Windows NT/2000/XP command-line tool that can be used to assign display or modify ACLs (Access Control Lists) to files or folders and that could also be used within batch files. Which of the following tools could be used for this purpose?

  A. PERM.EXE

  B. CACLS.EXE

  C. CLACS.EXE

  D. NTPERM.EXE

  Correct Answer: B

  Cacls.exe (Change Access Control Lists) is an executable in Microsoft Windows to change Access Control List (ACL) permissions on a directory, its subcontents, or files. An access control list is a list of permissions for a file or directory that controls who can access it.

• Question 320:

  Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers.

  A. True

  B. False

  Correct Answer: A

  Using HTTP basic authentication will result in your password being sent over the internet as clear text. Don't use this technique unless you understand what the ramifications of this are.