EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 321:

  Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor authentication, which option below offers that?

  A. A new username and password

  B. A fingerprint scanner and his username and password.

  C. Disable his username and use just a fingerprint scanner.

  D. His username and a stronger password.

  Correct Answer: B

• Question 322:

  What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

  A. Firewalking

  B. Session hijacking

  C. Network sniffing

  D. Man-in-the-middle attack

  Correct Answer: A

• Question 323:

  Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

  A. Network-based intrusion detection system (NIDS)

  B. Host-based intrusion detection system (HIDS)

  C. Firewalls

  D. Honeypots

  Correct Answer: A

• Question 324:

  An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.

  Which AAA protocol is most likely able to handle this requirement?

  A. RADIUS

  B. DIAMETER

  C. Kerberos

  D. TACACS+

  Correct Answer: A

  Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e-mail services. These networks may incorporate modems, DSL, access points, VPNs, network ports, web servers, etc.

  References: https://en.wikipedia.org/wiki/RADIUS

• Question 325:

  What is not a PCI compliance recommendation?

  A. Limit access to card holder data to as few individuals as possible.

  B. Use encryption to protect all transmission of card holder data over any public network.

  C. Rotate employees handling credit card transactions on a yearly basis to different departments.

  D. Use a firewall between the public network and the payment card data.

  Correct Answer: C

• Question 326:

  Which of the following Nmap commands will produce the following output?

  Output: A. nmap -sN -Ps -T4 192.168.1.1

  

  B. nmap -sT -sX -Pn -p 1-65535 192.168.1.1

  C. nmap -sS -Pn 192.168.1.1

  D. nmap -sS -sU -Pn -p 1-65535 192.168.1.1

  Correct Answer: D

• Question 327:

  If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

  A. Spoof Scan

  B. TCP Connect scan

  C. TCP SYN

  D. Idle Scan

  Correct Answer: C

• Question 328:

  The security concept of "separation of duties" is most similar to the operation of which type of security device?

  A. Firewall

  B. Bastion host

  C. Intrusion Detection System

  D. Honeypot

  Correct Answer: A

  In most enterprises the engineer making a firewall change is also the one reviewing the firewall metrics for unauthorized changes. What if the firewall administrator wanted to hide something? How would anyone ever find out? This is where the separation of duties comes in to focus on the responsibilities of tasks within security.

  References: http://searchsecurity.techtarget.com/tip/Modern-security-management- strategy-requiressecurity-separation-of-duties

• Question 329:

  You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

  A. False Negative

  B. False Positive

  C. True Negative

  D. True Positive

  Correct Answer: A

  A false negative error, or in short false negative, is where a test result indicates that a condition failed, while it actually was successful. I.e. erroneously no effect has been assumed.

  References: https://en.wikipedia.org/wiki/False_positives_and_false_negatives#False_negative_error

• Question 330:

  Which of the following parameters describe LM Hash (see exhibit):

  Exhibit:

  

  A. I, II, and III

  B. I

  C. II

  D. I and II

  Correct Answer: A

  The LM hash is computed as follows:

  1.

  The user's password is restricted to a maximum of fourteen characters.

  2.

  The user's password is converted to uppercase.

  Etc.

  14 character Windows passwords, which are stored with LM Hash, can be cracked in five seconds.

  References: https://en.wikipedia.org/wiki/LM_hash