EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 331:

  To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?

  A. Vulnerability scanner

  B. Protocol analyzer

  C. Port scanner

  D. Intrusion Detection System

  Correct Answer: A Section: (none)

  A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.

  References: https://en.wikipedia.org/wiki/Vulnerability_scanner

• Question 332:

  To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

  What term is commonly used when referring to this type of testing?

  A. Fuzzing

  B. Randomizing

  C. Mutating

  D. Bounding

  Correct Answer: A Section: (none)

  Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing is commonly used to test for security problems in software or computer systems. It is a form of random testing which has been used for testing hardware or software.

  References: https://en.wikipedia.org/wiki/Fuzz_testing

• Question 333:

  The "white box testing" methodology enforces what kind of restriction?

  A. The internal operation of a system is completely known to the tester.

  B. Only the external operation of a system is accessible to the tester.

  C. Only the internal operation of a system is known to the tester.

  D. The internal operation of a system is only partly accessible to the tester.

  Correct Answer: A Section: (none)

  White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases.

  References: https://en.wikipedia.org/wiki/White-box_testing

• Question 334:

  The "gray box testing" methodology enforces what kind of restriction?

  A. The internal operation of a system is only partly accessible to the tester.

  B. The internal operation of a system is completely known to the tester.

  C. Only the external operation of a system is accessible to the tester.

  D. Only the internal operation of a system is known to the tester.

  Correct Answer: A Section: (none)

  A black-box tester is unaware of the internal structure of the application to be tested, while a white-box tester has access to the internal structure of the application. A gray-box tester partially knows the internal structure, which includes access to the documentation of internal data structures as well as the algorithms used.

  References: https://en.wikipedia.org/wiki/Gray_box_testing

• Question 335:

  The "black box testing" methodology enforces which kind of restriction?

  A. Only the external operation of a system is accessible to the tester.

  B. Only the internal operation of a system is known to the tester.

  C. The internal operation of a system is only partly accessible to the tester.

  D. The internal operation of a system is completely known to the tester.

  Correct Answer: A Section: (none)

  Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings.

  References: https://en.wikipedia.org/wiki/Black-box_testing

• Question 336:

  The security concept of "separation of duties" is most similar to the operation of which type of security device?

  A. Firewall

  B. Bastion host

  C. Intrusion Detection System

  D. Honeypot

  Correct Answer: A Section: (none)

  In most enterprises the engineer making a firewall change is also the one reviewing the firewall metrics for unauthorized changes. What if the firewall administrator wanted to hide something? How would anyone ever find out? This is where the separation of duties comes in to focus on the responsibilities of tasks within security.

  References: http://searchsecurity.techtarget.com/tip/Modern-security-management-strategy-requiressecurity-separation-of-duties

• Question 337:

  Which of the following security operations is used for determining the attack surface of an organization?

  A. Running a network scan to detect network services in the corporate DMZ

  B. Training employees on the security policy regarding social engineering

  C. Reviewing the need for a security clearance for each employee

  D. Using configuration management to determine when and where to apply security patches

  Correct Answer: A Section: (none)

  For a network scan the goal is to document the exposed attack surface along with any easily detected vulnerabilities.

  References: http://meisecurity.com/home/consulting/consulting-network-scanning/

• Question 338:

  Which of the following is a protocol specifically designed for transporting event messages?

  A. SYSLOG

  B. SMS

  C. SNMP

  D. ICMP

  Correct Answer: A Section: (none)

  syslog is a standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity label.

  References: https://en.wikipedia.org/wiki/Syslog#Network_protocol

• Question 339:

  An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

  A. Insufficient input validation

  B. Insufficient exception handling

  C. Insufficient database hardening

  D. Insufficient security management

  Correct Answer: A Section: (none)

  The most common web application security weakness is the failure to properly validate input coming from the client or from the environment before using it. This weakness leads to almost all of the major vulnerabilities in web applications, such as cross site scripting, SQL injection, interpreter injection, locale/ Unicode attacks, file system attacks, and buffer overflows.

  References: https://www.owasp.org/index.php/Testing_for_Input_Validation

• Question 340:

  An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.

  What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

  A. Protocol analyzer

  B. Intrusion Prevention System (IPS)

  C. Network sniffer

  D. Vulnerability scanner

  Correct Answer: A Section: (none)

  A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer--or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network. A packet analyzer can analyze packet traffic saved in a PCAP file.

  References: https://en.wikipedia.org/wiki/Packet_analyzer