EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 371:

  The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

  A. Injection

  B. Cross Site Scripting

  C. Cross Site Request Forgery

  D. Path disclosure

  Correct Answer: A Section: (none)

  The top item of the OWASP 2013 OWASP's Top Ten Project Most Critical Web Application Security Risks

  is injection.

  Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter

  as part of a command or query. The attacker's hostile data can trick the interpreter into executing

  unintended commands or accessing data without proper authorization.

  References: https://www.owasp.org/index.php/Top_10_2013-Top_10

• Question 372:

  Which of the following parameters describe LM Hash (see exhibit):

  Exhibit:

  

  A. I, II, and III

  B. I

  C. II

  D. I and II

  Correct Answer: A Section: (none)

  The LM hash is computed as follows:

  1.

  The user's password is restricted to a maximum of fourteen characters.

  2.

  The user's password is converted to uppercase.

  Etc.

  14 character Windows passwords, which are stored with LM Hash, can be cracked in five seconds.

  References: https://en.wikipedia.org/wiki/LM_hash

• Question 373:

  What is the process of logging, recording, and resolving events that take place in an organization?

  A. Incident Management Process

  B. Security Policy

  C. Internal Procedure

  D. Metrics

  Correct Answer: A Section: (none)

  The activities within the incident management process include: Incident detection and recording

  Classification and initial support

  Investigation and analysis

  Resolution and record

  Incident closure

  Incident ownership, monitoring, tracking and communication

  Establish incident framework management

  Evaluation of incident framework management

  References: https://en.wikipedia.org/wiki/Incident_management_(ITSM)#Incident_management_procedure

• Question 374:

  This asymmetry cipher is based on factoring the product of two large prime numbers.

  What cipher is described above?

  A. RSA

  B. SHA

  C. RC5

  D. MD5

  Correct Answer: A Section: (none)

  RSA is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem.

  Note: A user of RSA creates and then publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message.

  References: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

• Question 375:

  When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server.

  You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.

  What nmap script will help you with this task?

  A. http-methods

  B. http enum

  C. http-headers

  D. http-git

  Correct Answer: A Section: (none)

  You can check HTTP method vulnerability using NMAP. Example: #nmap 璼cript=http-methods.nse 192.168.0.25

  References: http://solutionsatexperts.com/http-method-vulnerability-check-using-nmap/

• Question 376:

  When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

  What proxy tool will help you find web vulnerabilities?

  A. Burpsuite

  B. Maskgen

  C. Dimitry

  D. Proxychains

  Correct Answer: A Section: (none)

  Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

  References: https://portswigger.net/burp/

• Question 377:

  You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.

  What wireshark filter will show the connections from the snort machine to kiwi syslog machine?

  A. tcp.dstport==514 andand ip.dst==192.168.0.150

  B. tcp.srcport==514 andand ip.src==192.168.0.99

  C. tcp.dstport==514 andand ip.dst==192.168.0.0/16

  D. tcp.srcport==514 andand ip.src==192.168.150

  Correct Answer: A Section: (none)

  We need to configure destination port at destination ip. The destination ip is 192.168.0.150, where the kiwi syslog is installed.

  References: https://wiki.wireshark.org/DisplayFilters

• Question 378:

  When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.

  What command will help you to search files using Google as a search engine?

  A. site: target.com filetype:xls username password email

  B. inurl: target.com filename:xls username password email

  C. domain: target.com archive:xls username password email

  D. site: target.com file:xls username password email

  Correct Answer: A Section: (none)

  If you include site: in your query, Google will restrict your search results to the site or domain you specify. If you include filetype:suffix in your query, Google will restrict the results to pages whose names end in suffix. For example, [ web page evaluation checklist filetype:pdf ] will return Adobe Acrobat pdf files that match the terms "web," "page," "evaluation," and "checklist."

  References: http://www.googleguide.com/advanced_operators_reference.html

• Question 379:

  What is a "Collision attack" in cryptography?

  A. Collision attacks try to find two inputs producing the same hash.

  B. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key.

  C. Collision attacks try to get the public key.

  D. Collision attacks try to break the hash into three parts to get the plaintext value.

  Correct Answer: A Section: (none)

  A Collision Attack is an attempt to find two input strings of a hash function that produce the same hash result.

  References: https://learncryptography.com/hash-functions/hash-collision-attack

• Question 380:

  You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

  What testing method did you use?

  A. Social engineering

  B. Tailgating

  C. Piggybacking

  D. Eavesdropping

  Correct Answer: A Section: (none)

  Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

  Incorrect Answers:

  B: Using tailgaiting an attacker, seeking entry to a restricted area secured by unattended, electronic access control, e.g. by RFID card, simply walks in behind a person who has legitimate access.

  References: https://en.wikipedia.org/wiki/Social_engineering_(security)