EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 341:

  You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back.

  What is happening?

  A. ICMP could be disabled on the target server.

  B. The ARP is disabled on the target server.

  C. TCP/IP doesn't support ICMP.

  D. You need to run the ping command with root privileges.

  Correct Answer: A

  The ping utility is implemented using the ICMP "Echo request" and "Echo reply" messages. Note: The Internet Control Message Protocol (ICMP) is one of the main protocols of the internet protocol suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.

  References: https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

• Question 342:

  The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

  A. Private

  B. Public

  C. Shared

  D. Root

  Correct Answer: A

  The data obtained by a Heartbleed attack may include unencrypted exchanges between TLS parties likely to be confidential, including any form post data in users' requests. Moreover, the confidential data exposed could include authentication secrets such as session cookies and passwords, which might allow attackers to impersonate a user of the service. An attack may also reveal private keys of compromised parties.

  References: https://en.wikipedia.org/wiki/Heartbleed

• Question 343:

  During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

  What type of firewall is inspecting outbound traffic?

  A. Application

  B. Circuit

  C. Stateful

  D. Packet Filtering

  Correct Answer: A

  An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.

  References: http://searchsoftwarequality.techtarget.com/definition/application-firewall

• Question 344:

  It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.

  Which of the following terms best matches the definition?

  A. Ransomware

  B. Adware

  C. Spyware

  D. Riskware

  Correct Answer: A

  Ransomware is a type of malware that can be covertly installed on a computer without knowledge or intention of the user that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, which become difficult or impossible to decrypt without paying the ransom for the encryption key, while some may simply lock the system and display messages intended to coax the user into paying. Ransomware typically propagates as a Trojan.

  References: https://en.wikipedia.org/wiki/Ransomware

• Question 345:

  It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.

  Which of the following regulations best matches the description?

  A. HIPAA

  B. ISO/IEC 27002

  C. COBIT

  D. FISMA

  Correct Answer: A

  The HIPAA Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) held by "covered entities" (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.)[15] By regulation, the Department of Health and Human Services extended the HIPAA privacy rule to independent contractors of covered entities who fit within the definition of "business associates".

  References: https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act#Privacy _Rule

• Question 346:

  You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.

  What tool will help you with the task?

  A. Metagoofil

  B. Armitage

  C. Dimitry

  D. cdpsnarf

  Correct Answer: A

  Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

  Metagoofil will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner? and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.

  References: http://www.edge-security.com/metagoofil.php

• Question 347:

  Which of the following is a component of a risk assessment?

  A. Administrative safeguards

  B. Physical security

  C. DMZ

  D. Logical interface

  Correct Answer: A

  Risk assessment include:

  References: https://en.wikipedia.org/wiki/IT_risk_management#Risk_assessment

• Question 348:

  Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state.

  Which of the following activities should not be included in this phase? (see exhibit)

  Exhibit: A. III

  

  B. IV

  C. III and IV

  D. All should be included.

  Correct Answer: A

  The post-attack phase revolves around returning any modified system(s) to the pretest state. Examples of such activities:

  References: Computer and Information Security Handbook, John R. Vacca (2012), page

• Question 349:

  Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

  A. tcpdump

  B. nessus

  C. etherea

  D. Jack the ripper

  Correct Answer: A

  tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. References: https://en.wikipedia.org/wiki/Tcpdump

• Question 350:

  Which of the following is the BEST way to defend against network sniffing?

  A. Using encryption protocols to secure network communications

  B. Register all machines MAC Address in a Centralized Database

  C. Restrict Physical Access to Server Rooms hosting Critical Servers

  D. Use Static IP Address

  Correct Answer: A

  A way to protect your network traffic from being sniffed is to use encryption such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Encryption doesn't prevent packet sniffers from seeing source and destination information, but it does encrypt the data packet's payload so that all the sniffer sees is encrypted gibberish.

  References: http://netsecurity.about.com/od/informationresources/a/What-Is-A-Packet- Sniffer.htm