EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 521:

  What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd

  A. logs the incoming connections to /etc/passwd file

  B. loads the /etc/passwd file to the UDP port 55555

  C. grabs the /etc/passwd file when connected to UDP port 55555

  D. deletes the /etc/passwd file when connected to the UDP port 55555

  Correct Answer: C

• Question 522:

  Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

  A. Exchanges data between web services

  B. Only compatible with the application protocol HTTP

  C. Provides a structured model for messaging

  D. Based on XML

  Correct Answer: B

• Question 523:

  Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

  A. Enumeration

  B. Vulnerability analysis

  C. Malware analysis

  D. Scanning networks

  Correct Answer: D

• Question 524:

  Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provider, in the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario?

  A. Cloud booker

  B. Cloud consumer

  C. Cloud carrier

  D. Cloud auditor

  Correct Answer: C

  A cloud carrier acts as an intermediary that provides connectivity and transport of cloud services between cloud consumers and cloud providers. Cloud carriers provide access to consumers through network, telecommunication and other access devices. for instance, cloud consumers will obtain cloud services through network access devices, like computers, laptops, mobile phones, mobile web devices (MIDs), etc. The distribution of cloud services is often provided by network and telecommunication carriers or a transport agent, wherever a transport agent refers to a business organization that provides physical transport of storage media like high-capacity hard drives. Note that a cloud provider can started SLAs with a cloud carrier to provide services consistent with the level of SLAs offered to cloud consumers, and will require the cloud carrier to provide dedicated and secure connections between cloud consumers and cloud providers.

• Question 525:

  To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system. What is this type of rootkit an example of?

  A. Mypervisor rootkit

  B. Kernel toolkit

  C. Hardware rootkit

  D. Firmware rootkit

  Correct Answer: B

  Kernel-mode rootkits run with the best operating system privileges (Ring 0) by adding code or replacement parts of the core operating system, as well as each the kernel and associated device drivers. Most operative systems support kernel-mode device drivers, that execute with a similar privileges because the software itself. As such, several kernel-mode rootkits square measure developed as device drivers or loadable modules, like loadable kernel modules in Linux or device drivers in Microsoft Windows. This category of rootkit has unrestricted security access, however is tougher to jot down. The quality makes bugs common, and any bugs in code operative at the kernel level could seriously impact system stability, resulting in discovery of the rootkit. one amongst the primary wide familiar kernel rootkits was developed for Windows NT four.0 and discharged in Phrack magazine in 1999 by Greg Hoglund. Kernel rootkits is particularly tough to observe and take away as a result of they operate at a similar security level because the software itself, and square measure therefore able to intercept or subvert the foremost sure software operations. Any package, like antivirus package, running on the compromised system is equally vulnerable. during this scenario, no a part of the system is sure.

• Question 526:

  Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

  A. Exploitation

  B. Weaponization

  C. Delivery

  D. Reconnaissance

  Correct Answer: B

• Question 527:

  What is GINA?

  A. Gateway Interface Network Application

  B. GUI Installed Network Application CLASS

  C. Global Internet National Authority (G-USA)

  D. Graphical Identification and Authentication DLL

  Correct Answer: D

• Question 528:

  When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of

  the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting

  to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

  How would an attacker exploit this design by launching TCP SYN attack?

  A. Attacker generates TCP SYN packets with random destination addresses towards a victim host

  B. Attacker floods TCP SYN packets with random source addresses towards a victim host

  C. Attacker generates TCP ACK packets with random source addresses towards a victim host

  D. Attacker generates TCP RST packets with random source addresses towards a victim host

  Correct Answer: B

• Question 529:

  Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

  A. 113

  B. 69

  C. 123

  D. 161

  Correct Answer: C

  https://en.wikipedia.org/wiki/Network_Time_Protocol The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. NTP is intended to synchronize all participating computers within a few milliseconds of Coordinated Universal Time (UTC). It uses the intersection algorithm, a modified version of Marzullo's algorithm, to select accurate time servers and is designed to mitigate variable network latency effects. NTP can usually maintain time to within tens of milliseconds over the public Internet and achieve better than one millisecond accuracy in local area networks. Asymmetric routes and network congestion can cause errors of 100 ms or more. The protocol is usually described in terms of a client-server model but can easily be used in peer-to-peer relationships where both peers consider the other to be a potential time source. Implementations send and receive timestamps using the User Datagram Protocol (UDP) on port number 123.

• Question 530:

  What two conditions must a digital signature meet?

  A. Has to be the same number of characters as a physical signature and must be unique.

  B. Has to be unforgeable, and has to be authentic.

  C. Must be unique and have special characters.

  D. Has to be legible and neat.

  Correct Answer: B