EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 371:

  It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers).

  Which of the following vulnerabilities is being described?

  A. Shellshock

  B. Rootshock

  C. Rootshell

  D. Shellbash

  Correct Answer: A

  Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014.

  References: https://en.wikipedia.org/wiki/Shellshock_(software_bug)

• Question 372:

  In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving.

  Which Algorithm is this referring to?

  A. Wired Equivalent Privacy (WEP)

  B. Wi-Fi Protected Access (WPA)

  C. Wi-Fi Protected Access 2 (WPA2)

  D. Temporal Key Integrity Protocol (TKIP)

  Correct Answer: A

  WEP is the currently most used protocol for securing 802.11 networks, also called wireless lans or wlans. In 2007, a new attack on WEP, the PTW attack, was discovered, which allows an attacker to recover the secret key in less than 60 seconds in some cases.

  Note: Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).

  References: https://events.ccc.de/camp/2007/Fahrplan/events/1943.en.html

• Question 373:

  Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The attackers run exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against these exploits.

  What type of attack is outlined in the scenario?

  A. Watering Hole Attack

  B. Heartbleed Attack

  C. Shellshock Attack

  D. Spear Phising Attack

  Correct Answer: A

  Watering Hole is a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.

• Question 374:

  You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

  

  What seems to be wrong?

  A. OS Scan requires root privileges.

  B. The nmap syntax is wrong.

  C. This is a common behavior for a corrupted nmap application.

  D. The outgoing TCP/IP fingerprinting is blocked by the host firewall.

  Correct Answer: A

  You requested a scan type which requires root privileges.

  References: http://askubuntu.com/questions/433062/using-nmap-for-information-regarding- web-host

• Question 375:

  Which of the following is the successor of SSL?

  A. TLS

  B. RSA

  C. GRE

  D. IPSec

  Correct Answer: A

  Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols that provide communications security over a computer network. References: https://en.wikipedia.org/wiki/Transport_Layer_Security

• Question 376:

  During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

  What is this type of DNS configuration commonly called?

  A. Split DNS

  B. DNSSEC

  C. DynDNS

  D. DNS Scheme

  Correct Answer: A

  In a split DNS infrastructure, you create two zones for the same domain, one to be used by the internal network, the other used by the external network. Split DNS directs internal hosts to an internal domain name server for name resolution and external hosts are directed to an external domain name server for name resolution.

  References: http://www.webopedia.com/TERM/S/split_DNS.html

• Question 377:

  This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.

  Which of the following tools is being described?

  A. Aircrack-ng

  B. Airguard

  C. WLAN-crack

  D. wificracker

  Correct Answer: A

  Aircrack-ng is a complete suite of tools to assess WiFi network security. The default cracking method of Aircrack-ng is PTW, but Aircrack-ng can also use the FMS/KoreK method, which incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing.

  References: http://www.aircrack-ng.org/doku.php?id=aircrack-ng

• Question 378:

  Your company was hired by a small healthcare provider to perform a technical assessment on the network.

  What is the best approach for discovering vulnerabilities on a Windows-based computer?

  A. Use a scan tool like Nessus

  B. Use the built-in Windows Update tool

  C. Check MITRE.org for the latest list of CVE findings

  D. Create a disk image of a clean Windows installation

  Correct Answer: A

  Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and

  Exposures architecture for easy cross-linking between compliant security tools.

  The Nessus server is currently available for Unix, Linux and FreeBSD. The client is available for Unix- or

  Windows-based operating systems. Note: Significant capabilities of Nessus include:

  References: http://searchnetworking.techtarget.com/definition/Nessus

• Question 379:

  You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.

  What should you do?

  A. Report immediately to the administrator

  B. Do not report it and continue the penetration test.

  C. Transfer money from the administrator's account to another account.

  D. Do not transfer the money but steal the bitcoins.

  Correct Answer: A

• Question 380:

  You are using NMAP to resolve domain names into IP addresses for a ping sweep later.

  Which of the following commands looks for IP addresses?

  A. >host -t a hackeddomain.com

  B. >host -t soa hackeddomain.com

  C. >host -t ns hackeddomain.com

  D. >host -t AXFR hackeddomain.com

  Correct Answer: A

  The A record is an Address record. It returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host.

  References: https://en.wikipedia.org/wiki/List_of_DNS_record_types