EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 301:

  An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

  A. ARP Poisoning

  B. Smurf Attack

  C. DNS spoofing

  D. MAC Flooding

  Correct Answer: C

• Question 302:

  Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

  A. Nikto

  B. Snort

  C. John the Ripper

  D. Dsniff

  Correct Answer: A

  Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

  References: https://en.wikipedia.org/wiki/Nikto_Web_Scanner

• Question 303:

  Risks = Threats x Vulnerabilities is referred to as the:

  A. Risk equation

  B. Threat assessment

  C. BIA equation

  D. Disaster recovery formula

  Correct Answer: A

  The most effective way to define risk is with this simple equation:

  Risk = Threat x Vulnerability x Cost

  This equation is fundamental to all information security.

  References: http://www.icharter.org/articles/risk_equation.html

• Question 304:

  Scenario: 1. Victim opens the attacker's web site.

  2.

  Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make S100 In a day?',

  3.

  Victim clicks to the interesting and attractive content url.

  4- Attacker creates a transparent iframe' in front of the url which victim attempt to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/sne clicks to the content or url that exists in the transparent iframe' which is setup by the attacker.

  What is the name of the attack which is mentioned in the scenario?

  A. HTTP Parameter Pollution

  B. HTML Injection

  C. Session Fixation

  D. ClickJacking Attack

  Correct Answer: D

• Question 305:

  What is the role of test automation in security testing?

  A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

  B. It is an option but it tends to be very expensive.

  C. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

  D. Test automation is not usable in security due to the complexity of the tests.

  Correct Answer: A

• Question 306:

  Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

  A. Internal Whitebox

  B. External, Whitebox

  C. Internal, Blackbox

  D. External, Blackbox

  Correct Answer: C

• Question 307:

  A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

  A. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

  B. Attempts by attackers to access the user and password information stored in the company's SQL database.

  C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

  D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

  Correct Answer: A

  Cookies can store passwords and form content a user has previously entered, such as a credit card

  number or an address.

  Cookies can be stolen using a technique called cross-site scripting. This occurs when an attacker takes

  advantage of a website that allows its users to post unfiltered HTML and JavaScript content.

  References: https://en.wikipedia.org/wiki/HTTP_cookie#Cross- site_scripting_.E2.80.93_cookie_theft

• Question 308:

  The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124.

  An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is:

  nmap 192.168.1.64/28.

  Why he cannot see the servers?

  A. The network must be down and the nmap command and IP address are ok.

  B. He needs to add the command ''''ip address'''' just before the IP address.

  C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range.

  D. He needs to change the address to 192.168.1.0 with the same mask.

  Correct Answer: C

• Question 309:

  Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

  A. Scalability

  B. Speed

  C. Key distribution

  D. Security

  Correct Answer: B

• Question 310:

  _________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.

  A. DNSSEC

  B. Zone transfer

  C. Resource transfer

  D. Resource records

  Correct Answer: A