EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 321:

  While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

  A. -sA

  B. -sX

  C. -sT

  D. -sF

  Correct Answer: A

• Question 322:

  Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

  A. Fed RAMP

  B. PCIDSS

  C. SOX

  D. HIPAA

  Correct Answer: C

  The Sarbanes-Oxley Act of 2002 could be a law the U.S. Congress passed on July thirty of that year to assist defend investors from fallacious money coverage by companies.Also called the SOX Act of 2002 and also the company Responsibility Act of 2002, it mandated strict reforms to existing securities rules and obligatory powerful new penalties on law breakers. The Sarbanes-Oxley law Act of 2002 came in response to money scandals within the early 2000s involving in public listed corporations like Enron Corporation, Tyco International plc, and WorldCom. The high-profile frauds cask capitalist confidence within the trustiness of company money statements Associate in Nursingd light-emitting diode several to demand an overhaul of decades-old restrictive standards.

• Question 323:

  John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?

  A. Advanced persistent

  B. threat Diversion theft

  C. Spear-phishing sites

  D. insider threat

  Correct Answer: A

  An advanced persistent threat (APT) may be a broad term wont to describe AN attack campaign within which an intruder, or team of intruders, establishes a bootleg, long presence on a network so as to mine sensitive knowledge. The targets of those assaults, that square measure terribly fastidiously chosen and researched, usually embrace massive enterprises or governmental networks. the implications of such intrusions square measure huge, and include: Intellectual property thieving (e.g., trade secrets or patents) Compromised sensitive info (e.g., worker and user personal data) The sabotaging of essential structure infrastructures (e.g., information deletion) Total website takeovers Executing an APT assault needs additional resources than a regular internet application attack. The perpetrators square measure typically groups of intimate cybercriminals having substantial resource. Some APT attacks square measure government-funded and used as cyber warfare weapons. APT attacks dissent from ancient internet application threats, in that: They're considerably additional advanced. They're not hit and run attacks--once a network is infiltrated, the culprit remains so as to realize the maximum amount info as potential. They're manually dead (not automated) against a selected mark and indiscriminately launched against an outsized pool of targets. They typically aim to infiltrate a complete network, as opposition one specific half. More common attacks, like remote file inclusion (RFI), SQL injection and cross-site scripting (XSS), square measure oftentimes employed by perpetrators to ascertain a footing in a very targeted network. Next, Trojans and backdoor shells square measure typically wont to expand that foothold and make a persistent presence inside the targeted perimeter.

• Question 324:

  The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host

  10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network?

  access-list 102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any

  A. The ACL 104 needs to be first because is UDP

  B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

  C. The ACL for FTP must be before the ACL 110

  D. The ACL 110 needs to be changed to port 80

  Correct Answer: B

• Question 325:

  Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

  A. UDP hijacking

  B. Blind hijacking

  C. TCP/IP hacking

  D. Forbidden attack

  Correct Answer: C

  A TCP/IP hijack is an attack that spoofs a server into thinking it's talking with a sound client, once actually it's communication with an assaulter that has condemned (or hijacked) the tcp session. Assume that the client has administrator-level privileges, which the attacker needs to steal that authority so as to form a brand new account with root-level access of the server to be used afterward. A tcp Hijacking is sort of a two-phased man-in- the-middle attack. The man-in-the-middle assaulter lurks within the circuit between a shopper and a server so as to work out what port and sequence numbers are being employed for the conversation. First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with some reasonably ICMP storm. This renders the client unable to transmit any packets to the server. Then, with the client crashed, the attacker assumes the client's identity so as to talk with the server. By this suggests, the attacker gains administrator-level access to the server. One of the most effective means of preventing a hijack attack is to want a secret, that's a shared secret between the shopper and also the server. looking on the strength of security desired, the key may be used for random exchanges. this is often once a client and server periodically challenge each other, or it will occur with each exchange, like Kerberos.

• Question 326:

  A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

  The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag:"b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?

  A. Banner grabbing

  B. SQL injection

  C. Whois database query

  D. Cross-site scripting

  Correct Answer: A

• Question 327:

  You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

  A. IDS log

  B. Event logs on domain controller

  C. Internet Firewall/Proxy log.

  D. Event logs on the PC

  Correct Answer: C

• Question 328:

  When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

  A. Data items and vulnerability scanning

  B. Interviewing employees and network engineers

  C. Reviewing the firewalls configuration

  D. Source code review

  Correct Answer: A

• Question 329:

  Consider the following Nmap output:

  

  what command-line parameter could you use to determine the type and version number of the web server?

  A. -sv

  B. -Pn

  C. -V

  D. -ss

  Correct Answer: A

• Question 330:

  Which of the following is the BEST way to defend against network sniffing?

  A. Using encryption protocols to secure network communications

  B. Register all machines MAC Address in a Centralized Database

  C. Use Static IP Address

  D. Restrict Physical Access to Server Rooms hosting Critical Servers

  Correct Answer: A