EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 551:

  What type of port scan is represented here.

  

  A. Stealth Scan

  B. Full Scan

  C. XMAS Scan

  D. FIN Scan

  Correct Answer: A

• Question 552:

  Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate.

  What would you call this kind of activity?

  A. CI Gathering

  B. Scanning

  C. Dumpster Diving

  D. Garbage Scooping

  Correct Answer: C

• Question 553:

  What will the following command produce on a website's login page if executed successfully? SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

  A. This code will insert the [email protected] email address into the members table.

  B. This command will delete the entire members table.

  C. It retrieves the password for the first user in the members table.

  D. This command will not produce anything since the syntax is incorrect.

  Correct Answer: B

• Question 554:

  You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

  A. Convert the Trojan.exe file extension to Trojan.txt disguising as text file

  B. Break the Trojan into multiple smaller files and zip the individual pieces

  C. Change the content of the Trojan using hex editor and modify the checksum

  D. Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

  Correct Answer: A

• Question 555:

  Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

  alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg: "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) alert

  A. The payload of 485 is what this Snort signature will look for.

  B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

  C. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

  D. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

  Correct Answer: B

• Question 556:

  The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.

  The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.

  

  How would you overcome the Firewall restriction on ICMP ECHO packets?

  A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

  B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

  C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

  D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command

  E. \> JOHNTHETRACER www.eccouncil.org -F -evade

  Correct Answer: A

• Question 557:

  Which of the following Exclusive OR transforms bits is NOT correct?

  A. 0 xor 0 = 0

  B. 1 xor 0 = 1

  C. 1 xor 1 = 1

  D. 0 xor 1 = 1

  Correct Answer: C

• Question 558:

  Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner?

  A. He can use SNMPv3

  B. Jake can use SNMPrev5

  C. He can use SecWMI

  D. Jake can use SecSNMP

  Correct Answer: A

• Question 559:

  If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

  A. 31400

  B. 31402

  C. The zombie will not send a response

  D. 31401

  Correct Answer: D

• Question 560:

  Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?

  

  A. IRC (Internet Relay Chat)

  B. Legitimate "shrink-wrapped" software packaged by a disgruntled employee

  C. NetBIOS (File Sharing)

  D. Downloading files, games and screensavers from Internet sites

  Correct Answer: B