EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 221:

  The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

  

  What is most likely taking place?

  A. Ping sweep of the 192.168.1.106 network

  B. Remote service brute force attempt

  C. Port scan of 192.168.1.106

  D. Denial of service attack on 192.168.1.106

  Correct Answer: B Section: (none)

• Question 222:

  Passive reconnaissance involves collecting information through which of the following?

  A. Social engineering

  B. Network traffic sniffing

  C. Man in the middle attacks

  D. Publicly accessible sources

  Correct Answer: D Section: (none)

• Question 223:

  How can rainbow tables be defeated?

  A. Password salting

  B. Use of non-dictionary words

  C. All uppercase character passwords

  D. Lockout accounts under brute force password cracking attempts

  Correct Answer: A Section: (none)

• Question 224:

  In order to show improvement of security over time, what must be developed?

  A. Reports

  B. Testing tools

  C. Metrics

  D. Taxonomy of vulnerabilities

  Correct Answer: C Section: (none)

  Today, management demands metrics to get a clearer view of security.

  Metrics that measure participation, effectiveness, and window of exposure, however, offer information the

  organization can use to make plans and improve programs.

  References: http://www.infoworld.com/article/2974642/security/4-security-metrics-that-matter.html

• Question 225:

  Bluetooth uses which digital modulation technique to exchange information between paired devices?

  A. PSK (phase-shift keying)

  B. FSK (frequency-shift keying)

  C. ASK (amplitude-shift keying)

  D. QAM (quadrature amplitude modulation)

  Correct Answer: A Section: (none)

  Phase shift keying is the form of Bluetooth modulation used to enable the higher data rates achievable with Bluetooth 2 EDR (Enhanced Data Rate). Two forms of PSK are used: /4 DQPSK, and 8DPSK.

  References: http://www.radio-electronics.com/info/wireless/bluetooth/radio-interface-modulation.php

• Question 226:

  Which of the following programs is usually targeted at Microsoft Office products?

  A. Polymorphic virus

  B. Multipart virus

  C. Macro virus

  D. Stealth virus

  Correct Answer: C Section: (none)

  A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread.

  References: https://en.wikipedia.org/wiki/Macro_virus

• Question 227:

  Which statement is TRUE regarding network firewalls preventing Web Application attacks?

  A. Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

  B. Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

  C. Network firewalls can prevent attacks if they are properly configured.

  D. Network firewalls cannot prevent attacks because they are too complex to configure.

  Correct Answer: B Section: (none)

  Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. To prevent Web Application attacks an Application layer firewall would be required.

  References: https://en.wikipedia.org/wiki/Firewall_(computing)#Network_layer_or_packet_filters

• Question 228:

  Which of the following describes the characteristics of a Boot Sector Virus?

  A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

  B. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

  C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program

  D. Overwrites the original MBR and only executes the new virus code

  Correct Answer: B Section: (none)

  A boot sector virus is a computer virus that infects a storage device's master boot record (MBR). The virus moves the boot sector to another location on the hard drive.

  References: https://www.techopedia.com/definition/26655/boot-sector-virus

• Question 229:

  Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

  A. Restore a random file.

  B. Perform a full restore.

  C. Read the first 512 bytes of the tape.

  D. Read the last 512 bytes of the tape.

  Correct Answer: B Section: (none)

  A full restore is required.

• Question 230:

  A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

  A. Paros Proxy

  B. BBProxy

  C. BBCrack

  D. Blooover

  Correct Answer: B Section: (none)

  Blackberry users warned of hacking tool threat.

  Users have been warned that the security of Blackberry wireless e-mail devices is at risk due to the

  availability this week of a new hacking tool. Secure Computing Corporation said businesses that have installed Blackberry servers behind their gateway security devices could be vulnerable to a hacking attack from a tool call BBProxy.

  References: http://www.computerweekly.com/news/2240062112/Technology-news-in-brief