EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

• Question 121:

  What is a sniffing performed on a switched network called?

  A. Spoofed sniffing

  B. Passive sniffing

  C. Direct sniffing

  D. Active sniffing

  Correct Answer: D

• Question 122:

  What file system vulnerability does the following command take advantage of? type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

  A. HFS

  B. Backdoor access

  C. XFS

  D. ADS

  Correct Answer: D

• Question 123:

  You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached cell phone 3G modem to his telephone line and workstation. He has used this cell phone 3G modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project.

  How would you resolve this situation?

  A. Reconfigure the firewall

  B. Enforce the corporate security policy

  C. Install a network-based IDS

  D. Conduct a needs analysis

  Correct Answer: B

• Question 124:

  A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

  Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

  

  Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.

  Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

  How do you ensure if the e-mail is authentic and sent from fedex.com?

  A. Verify the digital signature attached with the mail,the fake mail will not have Digital ID at all

  B. Check the Sender ID against the National Spam Database (NSD)

  C. Fake mail will have spelling/grammatical errors

  D. Fake mail uses extensive images,animation and flash content

  Correct Answer: A

• Question 125:

  This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker.

  A. Unique SQL Injection

  B. Blind SQL Injection

  C. Generic SQL Injection

  D. Double SQL Injection

  Correct Answer: B

• Question 126:

  What port number is used by Kerberos protocol?

  A. 88

  B. 44

  C. 487

  D. 419

  Correct Answer: A

• Question 127:

  What does FIN in TCP flag define?

  A. Used to abort a TCP connection abruptly

  B. Used to close a TCP connection

  C. Used to acknowledge receipt of a previous packet or transmission

  D. Used to indicate the beginning of a TCP connection

  Correct Answer: B

• Question 128:

  Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server.

  Why do you think this is possible?

  A. It works because encryption is performed at the application layer (single encryption key)

  B. The scenario is invalid as a secure cookie cannot be replayed

  C. It works because encryption is performed at the network layer (layer 1 encryption)

  D. Any cookie can be replayed irrespective of the session status

  Correct Answer: A

• Question 129:

  Which type of hacker represents the highest risk to your network?

  A. black hat hackers

  B. grey hat hackers

  C. disgruntled employees

  D. script kiddies

  Correct Answer: C

• Question 130:

  Shayla is an IT security consultant, specializing in social engineering and external penetration tests.

  Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security.

  No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices.

  What type of insider threat would Shayla be considered?

  A. She would be considered an Insider Affiliate

  B. Because she does not have any legal access herself,Shayla would be considered an Outside Affiliate

  C. Shayla is an Insider Associate since she has befriended an actual employee

  D. Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider

  Correct Answer: A