EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 441:

  Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

  What is this document called?

  A. Information Audit Policy (IAP)

  B. Information Security Policy (ISP)

  C. Penetration Testing Policy (PTP)

  D. Company Compliance Policy (CCP)

  Correct Answer: B Section: (none)

• Question 442:

  Take a look at the following attack on a Web Server using obstructed URL:

  

  How would you protect from these attacks?

  A. Configure the Web Server to deny requests involving "hex encoded" characters

  B. Create rules in IDS to alert on strange Unicode requests

  C. Use SSL authentication on Web Servers

  D. Enable Active Scripts Detection at the firewall and routers

  Correct Answer: B Section: (none)

• Question 443:

  You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are

  redirected to a website seeking you to download free Anti-Virus software.

  Dear valued customers,

  We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with

  total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit

  the link below and enter your antivirus code:

  

  or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

  How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  A. Look at the website design, if it looks professional then it is a Real Anti-Virus website

  B. Connect to the site using SSL, if you are successful then the website is genuine

  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

  D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

  E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

  Correct Answer: C Section: (none)

• Question 444:

  Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

  What would Yancey be considered?

  A. Yancey would be considered a Suicide Hacker

  B. Since he does not care about going to jail, he would be considered a Black Hat

  C. Because Yancey works for the company currently; he would be a White Hat D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

  Correct Answer: A Section: (none)

• Question 445:

  When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?

  A. Attacker generates TCP SYN packets with random destination addresses towards a victim host

  B. Attacker floods TCP SYN packets with random source addresses towards a victim host

  C. Attacker generates TCP ACK packets with random source addresses towards a victim host

  D. Attacker generates TCP RST packets with random source addresses towards a victim host

  Correct Answer: B Section: (none)

• Question 446:

  In Trojan terminology, what is a covert channel?

  

  A. A channel that transfers information within a computer system or network in a way that violates the security policy

  B. A legitimate communication path within a computer system or network for transfer of data

  C. It is a kernel operation that hides boot processes and services to mask detection

  D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

  Correct Answer: A Section: (none)

• Question 447:

  You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

  A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

  B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer

  C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

  D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

  Correct Answer: C Section: (none)

• Question 448:

  Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

  A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

  B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

  C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the

  192.168.1.0 subnet

  D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

  Correct Answer: D Section: (none)

• Question 449:

  What port number is used by LDAP protocol?

  A. 110

  B. 389

  C. 464

  D. 445

  Correct Answer: B Section: (none)

• Question 450:

  Fred is the network administrator for his company. Fred is testing an internal switch.

  From an external IP address, Fred wants to try and trick this switch into thinking it already has established

  a session with his computer. How can Fred accomplish this?

  A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

  B. He can send an IP packet with the SYN bit and the source address of his computer.

  C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

  D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

  Correct Answer: D Section: (none)