EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 451:

  An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

  What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

  A. Side-channel attack

  B. Denial-of-service attack

  C. HMI-based attack

  D. Buffer overflow attack

  Correct Answer: C

• Question 452:

  Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

  A. Protect the payload and the headers

  B. Encrypt

  C. Work at the Data Link Layer

  D. Authenticate

  Correct Answer: D

• Question 453:

  Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

  He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

  A. Disable unused ports in the switches

  B. Separate students in a different VLAN

  C. Use the 802.1x protocol

  D. Ask students to use the wireless network

  Correct Answer: C

• Question 454:

  Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

  A. internal assessment

  B. Passive assessment

  C. External assessment

  D. Credentialed assessment

  Correct Answer: D

  Detached weakness evaluation adopts an interesting strategy: In checking network traffic, it endeavors to order a hub's working framework, ports and benefits, and to find weaknesses a functioning scan like Nessus or Qualys probably won't discover on the grounds that ports are hindered or another host has come on the web. The information may then give setting to security occasions, for example, relating with IDS alarms to lessen bogus positives. Uninvolved investigation offers two key points of interest. The first is perceivability. There's regularly a wide hole between the thing you believe is running on your organization and what really is. Both organization and host scan report just what they see. Scan are obstructed by organization and host firewalls. In any event, when a host is live, the data accumulated is here and there restricted to flag checks and some noninvasive setup checks. In the event that your scan has the host certifications, it can question for more data, however bogus positives are an immense issue, you actually may not see everything. Further, rootkits that introduce themselves may run on a nonscanned port or, on account of UDP, may not react to an irregular test. On the off chance that a functioning weakness appraisal scan doesn't see it, it doesn't exist to the scan. Host firewalls are regular even on worker PCs, so how would you identify a rebel worker or PC with a functioning output? An inactive sensor may see mavericks on the off chance that they're visiting on the organization; that is perceivability a scanner won't give you. A detached sensor likewise will recognize action to and from a port that isn't generally filtered, and may identify nonstandard port utilization, given the sensor can interpret and order the traffic. For instance, basic stream examination won't distinguish SSH or telnet on Port 80, however convention investigation may. The subsequent significant favorable position of inactive investigation is that it's noninvasive- ?it doesn't intrude on organization tasks. Dynamic weakness evaluation scanners are obtrusive and can disturb administrations, regardless of their designers' endeavors to limit the potential for blackouts. In any event, utilizing alleged safe sweeps, we've taken out switches, our NTP administration and a large group of other basic framework segments. Quite a long while prior, we even bobbed our center switch twice with a nmap port output.

• Question 455:

  Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

  A. Error-based injection

  B. Boolean-based blind SQL injection

  C. Blind SQL injection

  D. Union SQL injection

  Correct Answer: D

• Question 456:

  An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

  A. Reverse Social Engineering

  B. Tailgating

  C. Piggybacking

  D. Announced

  Correct Answer: B

• Question 457:

  To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system. What is this type of rootkit an example of?

  A. Mypervisor rootkit

  B. Kernel toolkit

  C. Hardware rootkit

  D. Firmware rootkit

  Correct Answer: B

  Kernel-mode rootkits run with the best operating system privileges (Ring 0) by adding code or replacement parts of the core operating system, as well as each the kernel and associated device drivers. Most operative systems support kernel- mode device drivers, that execute with a similar privileges because the software itself. As such, several kernel-mode rootkits square measure developed as device drivers or loadable modules, like loadable kernel modules in Linux or device drivers in Microsoft Windows. This category of rootkit has unrestricted security access, however is tougher to jot down. The quality makes bugs common, and any bugs in code operative at the kernel level could seriously impact system stability, resulting in discovery of the rootkit. one amongst the primary wide familiar kernel rootkits was developed for Windows NT four.0 and discharged in Phrack magazine in 1999 by Greg Hoglund. Kernel rootkits is particularly tough to observe and take away as a result of they operate at a similar security level because the software itself, and square measure therefore able to intercept or subvert the foremost sure software operations. Any package, like antivirus package, running on the compromised system is equally

  vulnerable. during this scenario, no a part of the system is sure.

• Question 458:

  joe works as an it administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider, in the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

  A. Cloud booker

  B. Cloud consumer

  C. Cloud carrier

  D. Cloud auditor

  Correct Answer: C

  A cloud carrier acts as an intermediary that provides connectivity and transport of cloud services between cloud consumers and cloud providers. Cloud carriers provide access to consumers through network, telecommunication and other access devices. for instance, cloud consumers will obtain cloud services through network access devices, like computers, laptops, mobile phones, mobile web devices (MIDs), etc. The distribution of cloud services is often provided by network and telecommunication carriers or a transport agent, wherever a transport agent refers to a business organization that provides physical transport of storage media like high-capacity hard drives. Note that a cloud provider can started SLAs with a cloud carrier to provide services consistent with the level of SLAs offered to cloud consumers, and will require the cloud carrier to provide dedicated and secure connections between cloud consumers and cloud providers.

• Question 459:

  The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

  A. ACK

  B. SYN

  C. RST

  D. SYN-ACK

  Correct Answer: B

• Question 460:

  You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

  Dear valued customers,

  We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

  

  or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama How will you determine if this is Real Anti-Virus

  or Fake Anti-Virus website?

  A. Look at the website design, if it looks professional then it is a Real Anti-Virus website

  B. Connect to the site using SSL, if you are successful then the website is genuine

  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

  D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

  E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

  Correct Answer: C