EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 291:

  You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

  A. Traffic is Blocked on UDP Port 53

  B. Traffic is Blocked on TCP Port 80

  C. Traffic is Blocked on TCP Port 54

  D. Traffic is Blocked on UDP Port 80

  Correct Answer: A

• Question 292:

  A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

  What kind of Web application vulnerability likely exists in their software?

  A. Cross-site scripting vulnerability

  B. SQL injection vulnerability

  C. Web site defacement vulnerability

  D. Gross-site Request Forgery vulnerability

  Correct Answer: A

• Question 293:

  The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

  What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

  A. Public

  B. Private

  C. Shared

  D. Root

  Correct Answer: B

• Question 294:

  What is the minimum number of network connections in a multihomed firewall?

  A. 3

  B. 5

  C. 4

  D. 2

  Correct Answer: A

• Question 295:

  #!/usr/bin/python import socket buffer=[""A""] counter=50 while len(buffer)<=100: buffer.append (""A""*counter)

  counter=counter+50 commands= [""HELP"",""STATS ."",""RTIME ."",""LTIME. "",""SRUN ."',""TRUN ."",""GMON."",""GDOG ."",""KSTET .",""GTER ."",""HTER ."", ""LTER .",""KSTAN .""] for command in commands: for buffstring in buffer: print ""Exploiting"" +command +"":""+str(len(buffstring)) s=socket.socket (socket.AF_INET, socket.SOCK_STREAM) s.connect((`127.0.0.1', 9999)) s.recv(50) send(command +buffstring) s.close()

  What is the code written for?

  A. Denial-of-service (DOS)

  B. Buffer Overflow

  C. Bruteforce

  D. Encryption

  Correct Answer: B

• Question 296:

  Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning. What should Bob recommend to deal with such a threat?

  A. The use of security agents in clients' computers

  B. The use of DNSSEC

  C. The use of double-factor authentication

  D. Client awareness

  Correct Answer: B

• Question 297:

  Which utility will tell you in real time which ports are listening or in another state?

  A. Netstat

  B. TCPView

  C. Nmap

  D. Loki

  Correct Answer: B

• Question 298:

  You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through. invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

  What seems to be wrong?

  A. The nmap syntax is wrong.

  B. This is a common behavior for a corrupted nmap application.

  C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.

  D. OS Scan requires root privileges.

  Correct Answer: D

• Question 299:

  What is the least important information when you analyze a public IP address in a security alert?

  A. DNS

  B. Whois

  C. Geolocation

  D. ARP

  Correct Answer: D

• Question 300:

  Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

  A. Preparation

  B. Cleanup

  C. Persistence

  D. initial intrusion

  Correct Answer: D

  After the attacker completes preparations, subsequent step is an effort to realize an edge within the target's environment. a particularly common entry tactic is that the use of spearphishing emails containing an internet link or attachment. Email links usually cause sites where the target's browser and related software are subjected to varied exploit techniques or where the APT actors plan to social engineer information from the victim which will be used later. If a successful exploit takes place, it installs an initial malware payload on the victim's computer. Figure 2 illustrates an example of a spearphishing email that contains an attachment. Attachments are usually executable malware, a zipper or other archive containing malware, or a malicious Office or Adobe PDF (Portable Document Format) document that exploits vulnerabilities within the victim's applications to ultimately execute malware on the victim's computer. Once the user has opened a malicious file using vulnerable software, malware is executing on the target system. These phishing emails are often very convincing and difficult to differentiate from legitimate email messages. Tactics to extend their believability include modifying legitimate documents from or associated with the organization. Documents are sometimes stolen from the organization or their collaborators during previous exploitation operations. Actors modify the documents by adding exploits and malicious code then send them to the victims. Phishing emails are commonly sent through previously compromised email servers, email accounts at organizations associated with the target or public email services. Emails also can be sent through mail relays with modified email headers to form the messages appear to possess originated from legitimate sources. Exploitation of vulnerabilities on public- facing servers is another favorite technique of some APT groups. Though this will be accomplished using exploits for known vulnerabilities, 0-days are often developed or purchased to be used in intrusions as required .

  

  Gaining an edge within the target environment is that the primary goal of the initial intrusion. Once a system is exploited, the attacker usually places malware on the compromised system and uses it as a jump point or proxy for further actions. Malware placed during the initial intrusion phase is usually an easy downloader, basic Remote Access Trojan or an easy shell. Figure 3 illustrates a newly infected system initiating an outbound connection to notify the APT actor that the initial intrusion attempt was successful which it's able to accept commands.