EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

• Question 711:

  This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

  A. UDP Scanning

  B. IP Fragment Scanning

  C. Inverse TCP flag scanning

  D. ACK flag scanning

  Correct Answer: B

• Question 712:

  If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

  

  How would you prevent such type of attacks?

  A. It is impossible to block these attacks

  B. Hire the people through third-party job agencies who will vet them for you

  C. Conduct thorough background checks before you engage them

  D. Investigate their social networking profiles

  Correct Answer: C

• Question 713:

  Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

  A. Configure Port Security on the switch

  B. Configure Port Recon on the switch

  C. Configure Switch Mapping

  D. Configure Multiple Recognition on the switch

  Correct Answer: A

• Question 714:

  Josh is the network administrator for Consultants Galore, an IT consulting firm based in Kansas City. Josh is responsible for the company's entire network which consists of one Windows Server 2003 Active Directory domain. Almost all employees have Remote Desktop access to the servers so they can perform their work duties. Josh has created a security group in Active Directory called "RDP Deny" which contains all the user accounts that should not have Remote Desktop permission to any of the servers. What Group Policy change can Jayson make to ensure that all users in the "RDP Deny" group cannot access the company servers through Remote Desktop?

  A. Josh should add the "RDP Deny" group into the list of Restricted Groups to prevent the users from accessing servers remotely.

  B. By adding the "RDP Deny" group to the "Deny logon as a service" policy, the users in that security group will not be able to establish remote connections to any of the servers.

  C. He should add the "RDP Deny" group to the "Deny RDP connections to member servers" policy.

  D. Josh needs to add the "RDP Deny" group to the "Deny logon through Terminal Services" policy. *

  Correct Answer: D

• Question 715:

  You are the chief information officer for your company, a shipping company based out of Oklahoma City. You are responsible for network security throughout the home office and all branch offices. You have implemented numerous layers of security from logical to physical. As part of your procedures, you perform a yearly network assessment which includes vulnerability analysis, internal network scanning, and external penetration tests. Your main concern currently is the server in the DMZ which hosts a number of company websites. To see how the server appears to external users, you log onto a laptop at a Wi-Fi hot spot. Since you already know the IP address of the web server, you create a telnet session to that server and type in the command:

  HEAD /HTTP/1.0

  After typing in this command, you are presented with the following screen:

  What are you trying to do here?

  A. You are attempting to send an html file over port 25 to the web server.

  B. By typing in the HEAD command, you are attempting to create a buffer overflow on the web server.

  C. You are trying to open a remote shell to the web server.

  D. You are trying to grab the banner of the web server. *

  Correct Answer: D

• Question 716:

  Curt has successfully compromised a web server sitting behind a firewall using a vulnerability in the web server program. He would now like to install a backdoor program but knows that all ports are not open inbound on the firewall. Which port in the list below will most likely be open and allowed to reach the server that Curt has just compromised? (Select the Best Answer)

  A. 53

  B. 25

  C. 110

  D. 69

  Correct Answer: A

• Question 717:

  Lyle is a systems security analyst for Gusteffson and Sons, a large law firm in Beverly Hills. Lyle's responsibilities include network vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a user in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the hard drive is almost full. Lyle runs a scan on the computer with the company antivirus software and finds nothing. Lyle downloads another free antivirus application and scans the computer again. This time a virus is found on the computer. The infected files appear to be Microsoft Office files since they are in the same directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer?

  A. This type of virus that Lyle has found is called a cavity virus.

  B. Lyle has discovered a camouflage virus on the computer.

  C. By using the free antivirus software, Lyle has found a tunneling virus on the computer.

  D. Lyle has found a polymorphic virus on this computer

  Correct Answer: C

• Question 718:

  Attacker forges a TCP/IP packet, which causes the victim to try opening a connection with itself. This causes the system to go into an infinite loop trying to resolve this unexpected connection. Eventually, the connection times out, but during this resolution, the machine appears to hang or become very slow. The attacker sends such packets on a regular basis to slow down the system.

  Unpatched Windows XP and Windows Server 2003 machines are vulnerable to these attacks. What type of Denial of Service attack is represented here?

  A. SMURF Attacks

  B. Targa attacks

  C. LAND attacks

  D. SYN Flood attacks

  Correct Answer: C

  The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination.The reason a LAND attack works is because it causes the machine to reply to itself continuously.

  http://en.wikipedia.org/wiki/LAND

• Question 719:

  Steven is the senior network administrator for Onkton Incorporated, an oil well drilling company in Oklahoma City. Steven and his team of IT technicians are in charge of keeping inventory for the entire company; including computers, software, and oil well equipment. To keep track of everything, Steven has decided to use RFID tags on their entire inventory so they can be scanned with either a wireless scanner or a handheld scanner. These RFID tags hold as much information as possible about the equipment they are attached to. When Steven purchased these tags, he made sure they were as state of the art as possible. One feature he really liked was the ability to disable RFID tags if necessary. This comes in very handy when the company actually sells oil drilling equipment to other companies. All Steven has to do is disable the RFID tag on the sold equipment and it cannot give up any information that was previously stored on it. What technology allows Steven to disable the RFID tags once they are no longer needed?

  A. Newer RFID tags can be disabled by using Terminator Switches built into the chips

  B. RFID Kill Switches built into the chips enable Steven to disable them

  C. The company's RFID tags can be disabled by Steven using Replaceable ROM technology

  D. The technology used to disable an RFIP chip after it is no longer needed, or possibly stolen, is called RSA Blocking

  Correct Answer: D

  http://www.rsa.com/rsalabs/node.asp?id=2060

• Question 720:

  When a malicious hacker identifies a target and wants to eventually compromise this target, what would be the first step the attacker would perform?

  A. Cover his tracks by eradicating the log files

  B. Gain access to the remote computer for identification of venue of attacks

  C. Perform a reconnaissance of the remote target for identification of venue of attacks

  D. Always starts with a scan in order to quickly identify venue of attacks

  Correct Answer: C