EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 361:

  Why should the security analyst disable/remove unnecessary ISAPI filters?

  A. To defend against social engineering attacks

  B. To defend against webserver attacks

  C. To defend against jailbreaking

  D. To defend against wireless attacks

  Correct Answer: B

• Question 362:

  Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

  A. Nikto

  B. Nmap

  C. Metasploit

  D. Armitage

  Correct Answer: B

• Question 363:

  The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

  A. Have the network team document the reason why the rule was implemented without prior manager approval.

  B. Monitor all traffic using the firewall rule until a manager can approve it.

  C. Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

  D. Immediately roll back the firewall rule until a manager can approve it

  Correct Answer: D

• Question 364:

  The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that

  the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

  

  A. The buffer overflow attack has been neutralized by the IDS

  B. The attacker is creating a directory on the compromised machine

  C. The attacker is attempting a buffer overflow attack and has succeeded

  D. The attacker is attempting an exploit that launches a command-line shell

  Correct Answer: D

• Question 365:

  infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

  A. Reconnaissance

  B. Maintaining access

  C. Scanning

  D. Gaining access

  Correct Answer: D

  This phase having the hacker uses different techniques and tools to realize maximum data from the system. they're Password cracking ?Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.?Password attacks ? Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.

• Question 366:

  A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

  A. The computer is not using a private IP address.

  B. The gateway is not routing to a public IP address.

  C. The gateway and the computer are not on the same network.

  D. The computer is using an invalid IP address.

  Correct Answer: B

• Question 367:

  Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

  A. Data-driven firewall

  B. Packet firewall

  C. Web application firewall

  D. Stateful firewall

  Correct Answer: C

• Question 368:

  During the process of encryption and decryption, what keys are shared?

  A. Private keys

  B. User passwords

  C. Public keys

  D. Public and private keys

  Correct Answer: C

• Question 369:

  in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

  A. IDEA

  B. Triple Data Encryption standard

  C. MDS encryption algorithm

  D. AES

  Correct Answer: B

  Triple DES is another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. In Stealth, you merely type within the entire 192-bit (24 character) key instead of entering each of the three keys individually. The Triple DES DLL then breaks the user-provided key into three subkeys, padding the keys if necessary in order that they are each 64 bits long. The procedure for encryption is strictly an equivalent as regular DES, but it's repeated 3 times , hence the name Triple DES. the info is encrypted with the primary key, decrypted with the second key, and eventually encrypted again with the third key.Triple DES runs 3 times slower than DES, but is far safer if used properly. The procedure for decrypting something is that the same because the procedure for encryption, except it's executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Although the input key for DES is 64 bits long, the particular key employed by DES is merely 56 bits long . the smallest amount significant (rightmost) bit in each byte may be a parity , and will be set in order that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most vital bits of every byte are used, leading to a key length of 56 bits. this suggests that the effective key strength for Triple DES is really 168 bits because each of the three keys contains 8 parity bits that aren't used during the encryption process.Triple DES ModesTriple ECB (Electronic Code Book)?This variant of Triple DES works precisely the same way because the ECB mode of DES.?this is often the foremost commonly used mode of operation.Triple CBC (Cipher Block Chaining)?This method is extremely almost like the quality DES CBC mode.?like Triple ECB, the effective key length is 168 bits and keys are utilized in an equivalent manner, as described above, but the chaining features of CBC mode also are employed.?the primary 64-bit key acts because the Initialization Vector to DES.?Triple ECB is then executed for one 64-bit block of plaintext.?The resulting ciphertext is then XORed with subsequent plaintext block to be encrypted, and therefore the procedure is repeated.?This method adds an additional layer of security to Triple DES and is therefore safer than Triple ECB, although it's not used as widely as Triple ECB.

• Question 370:

  This TCP flag instructs the sending system to transmit all buffered data immediately.

  A. SYN

  B. RST

  C. PSH

  D. URG

  E. FIN

  Correct Answer: C