EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 391:

  env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

  What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host?

  A. Display passwd content to prompt

  B. Removes the passwd file

  C. Changes all passwords in passwd

  D. Add new user to the passwd file

  Correct Answer: A Section: (none)

  To extract private information, attackers are using a couple of techniques. The simplest extraction attacks are in the form: () {:;}; /bin/cat /etc/passwd That reads the password file /etc/passwd, and adds it to the response from the web server. So an attacker injecting this code through the Shellshock vulnerability would see the password file dumped out onto their screen as part of the web page returned.

  References: https://blog.cloudflare.com/inside-shellshock/

• Question 392:

  Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close.

  What just happened?

  A. Piggybacking

  B. Masqurading

  C. Phishing

  D. Whaling

  Correct Answer: A Section: (none)

  In security, piggybacking refers to when a person tags along with another person who is authorized to gain entry into a restricted area, or pass a certain checkpoint.

  References: https://en.wikipedia.org/wiki/Piggybacking_(security)

• Question 393:

  You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?

  A. CHNTPW

  B. Cain and Abel

  C. SET

  D. John the Ripper

  Correct Answer: A Section: (none)

  chntpw is a software utility for resetting or blanking local passwords used by Windows NT, 2000, XP, Vista, 7, 8 and 8.1. It does this by editing the SAM database where Windows stores password hashes.

  References: https://en.wikipedia.org/wiki/Chntpw

• Question 394:

  Perspective clients want to see sample reports from previous penetration tests.

  What should you do next?

  A. Decline but, provide references.

  B. Share full reports, not redacted.

  C. Share full reports with redactions.

  D. Share reports, after NDA is signed.

  Correct Answer: A Section: (none)

  Penetration tests data should not be disclosed to third parties.

• Question 395:

  During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

  What type of firewall is inspecting outbound traffic?

  A. Application

  B. Circuit

  C. Stateful

  D. Packet Filtering

  Correct Answer: A Section: (none)

  An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.

  References: http://searchsoftwarequality.techtarget.com/definition/application-firewall

• Question 396:

  Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

  A. Maltego

  B. Cain and Abel

  C. Metasploit

  D. Wireshark

  Correct Answer: A Section: (none)

  Maltego is proprietary software used for open-source intelligence and forensics, developed by Paterva. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.

  References: https://en.wikipedia.org/wiki/Maltego

• Question 397:

  While using your bank's online servicing you notice the following string in the URL bar: "http:// www.MyPersonalBank.com/account?id=368940911028389andDamount=10980andCamount=21"

  You observe that if you modify the Damount and Camount values and submit the request, that data on the web page reflect the changes.

  Which type of vulnerability is present on this site?

  A. Web Parameter Tampering

  B. Cookie Tampering

  C. XSS Reflection

  D. SQL injection

  Correct Answer: A Section: (none)

  The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.

  References: https://www.owasp.org/index.php/Web_Parameter_Tampering

• Question 398:

  In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known as wardriving.

  Which Algorithm is this referring to?

  A. Wired Equivalent Privacy (WEP)

  B. Wi-Fi Protected Access (WPA)

  C. Wi-Fi Protected Access 2 (WPA2)

  D. Temporal Key Integrity Protocol (TKIP)

  Correct Answer: A Section: (none)

  WEP is the currently most used protocol for securing 802.11 networks, also called wireless lans or wlans. In 2007, a new attack on WEP, the PTW attack, was discovered, which allows an attacker to recover the secret key in less than 60 seconds in some cases.

  Note: Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).

  References: https://events.ccc.de/camp/2007/Fahrplan/events/1943.en.html

• Question 399:

  This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

  Which of the following organizations is being described?

  A. Payment Card Industry (PCI)

  B. Center for Disease Control (CDC)

  C. Institute of Electrical and Electronics Engineers (IEEE)

  D. International Security Industry Organization (ISIO)

  Correct Answer: A Section: (none)

  The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. The PCI DSS standards are very explicit about the requirements for the back end storage and access of PII (personally identifiable information).

  References: https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

• Question 400:

  Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

  What should you do?

  A. Immediately stop work and contact the proper legal authorities.

  B. Copy the data to removable media and keep it in case you need it.

  C. Confront the client in a respectful manner and ask her about the data.

  D. Ignore the data and continue the assessment until completed as agreed.

  Correct Answer: A Section: (none)