EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 251:

  Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

  A. Blind SQLi

  B. DMS-specific SQLi

  C. Classic SQLi

  D. Compound SQLi

  Correct Answer: A

• Question 252:

  Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

  A. Wireshark

  B. Maltego

  C. Metasploit

  D. Nessus

  Correct Answer: C

• Question 253:

  Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

  

  What is she trying to achieve?

  A. She is encrypting the file.

  B. She is using John the Ripper to view the contents of the file.

  C. She is using ftp to transfer the file to another hacker named John.

  D. She is using John the Ripper to crack the passwords in the secret.txt file.

  Correct Answer: D

• Question 254:

  Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?

  A. a port scanner

  B. a vulnerability scanner

  C. a virus scanner

  D. a malware scanner

  Correct Answer: B

• Question 255:

  What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

  A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

  B. Manipulate format strings in text fields

  C. SSH

  D. SYN Flood

  Correct Answer: A

  Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell. One specific exploitation vector of the Shellshock bug is CGI-based web servers.

  Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the request to a handler program in the environment variable list. For example, the variable HTTP_USER_AGENT has a value that, in normal usage, identifies the program sending the request. If the request handler is a Bash script, or if it executes one for example using the system call, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request.

  References: https://en.wikipedia.org/wiki/Shellshock_(software_bug)#Specific_exploitation_vectors

• Question 256:

  You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

  A. Network-based IDS

  B. Firewall

  C. Proxy

  D. Host-based IDS

  Correct Answer: A

  A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to protect a system from network-based threats. A NIDS reads all inbound packets and searches for any suspicious patterns. When threats are discovered, based on its severity, the system can take action such as notifying administrators, or barring the source IP address from accessing the network.

  References: https://www.techopedia.com/definition/12941/network-based-intrusion- detection-system-nids

• Question 257:

  Which of the following is a protocol specifically designed for transporting event messages?

  A. SYSLOG

  B. SMS

  C. SNMP

  D. ICMP

  Correct Answer: A

  syslog is a standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity label.

  References: https://en.wikipedia.org/wiki/Syslog#Network_protocol

• Question 258:

  Emil uses nmap to scan two hosts using this command.

  nmap -sS -T4 -O 192.168.99.1 192.168.99.7

  He receives this output:

  

  What is his conclusion?

  A. Host 192.168.99.7 is an iPad.

  B. He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.

  C. Host 192.168.99.1 is the host that he launched the scan from.

  D. Host 192.168.99.7 is down.

  Correct Answer: B

• Question 259:

  Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism?

  

  Output: Segmentation fault

  A. C#

  B. Python

  C. Java

  D. C++

  Correct Answer: D

• Question 260:

  Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

  A. Protect the payload and the headers

  B. Authenticate

  C. Encrypt

  D. Work at the Data Link Layer

  Correct Answer: D