EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 541:

  Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

  A. SYN scan

  B. ACK scan

  C. RST scan

  D. Connect scan

  E. FIN scan

  Correct Answer: D Section: (none)

• Question 542:

  What are two things that are possible when scanning UDP ports? (Choose two.)

  A. A reset will be returned

  B. An ICMP message will be returned

  C. The four-way handshake will not be completed

  D. An RFC 1294 message will be returned

  E. Nothing

  Correct Answer: BE Section: (none)

• Question 543:

  What does a type 3 code 13 represent? (Choose two.)

  A. Echo request

  B. Destination unreachable

  C. Network unreachable

  D. Administratively prohibited

  E. Port unreachable

  F. Time exceeded

  Correct Answer: BD Section: (none)

• Question 544:

  Destination unreachable administratively prohibited messages can inform the hacker to what?

  A. That a circuit level proxy has been installed and is filtering traffic

  B. That his/her scans are being blocked by a honeypot or jail

  C. That the packets are being malformed by the scanning software

  D. That a router or other packet-filtering device is blocking traffic

  E. That the network is functioning normally

  Correct Answer: D Section: (none)

• Question 545:

  Which of the following Nmap commands would be used to perform a stack fingerprinting?

  A. Nmap -O -p80

  B. Nmap -hU -Q

  C. Nmap -sT -p

  D. Nmap -u -o -w2

  E. Nmap -sS -0p targe

  Correct Answer: B Section: (none)

• Question 546:

  (Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal? What is odd about this attack? Choose the best answer.

  

  A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

  B. This is back orifice activity as the scan comes from port 31337.

  C. The attacker wants to avoid creating a sub-carries connection that is not normally valid.

  D. These packets were crafted by a tool, they were not created by a standard IP stack.

  Correct Answer: B Section: (none)

• Question 547:

  Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement?

  A. TACACS+

  B. DIAMETER

  C. Kerberos

  D. RADIUS

  Correct Answer: D Section: (none)

• Question 548:

  Which type of cryptography does SSL, IKE and PGP belongs to?

  A. Secret Key

  B. Hash Algorithm

  C. Digest

  D. Public Key

  Correct Answer: D Section: (none)

• Question 549:

  A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

  A. True Positive

  B. False Negative

  C. False Positive

  D. False Positive

  Correct Answer: B Section: (none)

• Question 550:

  A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?

  A. Insufficient security management

  B. Insufficient database hardening

  C. Insufficient input validation

  D. Insufficient exception handling

  Correct Answer: B Section: (none)