EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 581:

  Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

  A. Detective

  B. Passive

  C. Intuitive

  D. Reactive

  Correct Answer: B

• Question 582:

  Which of the following is a symmetric cryptographic standard?

  A. DSA

  B. PKI

  C. RSA

  D. 3DES

  Correct Answer: D

• Question 583:

  A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

  A. Cupp

  B. Nessus

  C. Cain and Abel

  D. John The Ripper Pro

  Correct Answer: C

• Question 584:

  A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.

  During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.

  Which of the following is an issue with the situation?

  A. Segregation of duties

  B. Undue influence

  C. Lack of experience

  D. Inadequate disaster recovery plan

  Correct Answer: A

• Question 585:

  To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

  A. Recipient's private key

  B. Recipient's public key

  C. Master encryption key

  D. Sender's public key

  Correct Answer: B

• Question 586:

  A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

  

  When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover?

  A. Cross-site request forgery

  B. Command injection

  C. Cross-site scripting

  D. SQL injection

  Correct Answer: C

• Question 587:

  How does an operating system protect the passwords used for account logins?

  A. The operating system performs a one-way hash of the passwords.

  B. The operating system stores the passwords in a secret file that users cannot find.

  C. The operating system encrypts the passwords, and decrypts them when needed.

  D. The operating system stores all passwords in a protected segment of non-volatile memory.

  Correct Answer: A

• Question 588:

  What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43 1234"?

  A. Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

  B. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

  C. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

  D. Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

  Correct Answer: B

• Question 589:

  Which tool would be used to collect wireless packet data?

  A. NetStumbler

  B. John the Ripper

  C. Nessus

  D. Netcat

  Correct Answer: A

• Question 590:

  While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?

  A. 10.10.10.10

  B. 127.0.0.1

  C. 192.168.1.1

  D. 192.168.168.168

  Correct Answer: B