EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

• Question 81:

  A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

  A. -sO

  B. -sP

  C. -sS

  D. -sU

  Correct Answer: B Section: (none)

• Question 82:

  A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

  A. Fraggle

  B. MAC Flood

  C. Smurf

  D. Tear Drop

  Correct Answer: B Section: (none)

• Question 83:

  Which of the following open source tools would be the best choice to scan a network for potential targets?

  A. NMAP

  B. NIKTO

  C. CAIN

  D. John the Ripper

  Correct Answer: A Section: (none)

• Question 84:

  Which of the following parameters enables NMAP's operating system detection feature?

  A. NMAP -sV

  B. NMAP -oS

  C. NMAP -sR

  D. NMAP -O

  Correct Answer: D Section: (none)

• Question 85:

  What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?

  A. A stealth scan, opening port 123 and 153

  B. A stealth scan, checking open ports 123 to 153

  C. A stealth scan, checking all open ports excluding ports 123 to 153

  D. A stealth scan, determine operating system, and scanning ports 123 to 153

  Correct Answer: D Section: (none)

• Question 86:

  Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

  A. ping 192.168.2.

  B. ping 192.168.2.255

  C. for %V in (1 1 255) do PING 192.168.2.%V

  D. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

  Correct Answer: D Section: (none)

• Question 87:

  Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

  A. Firewall

  B. Honeypot

  C. Core server

  D. Layer 4 switch

  Correct Answer: B Section: (none)

• Question 88:

  A security administrator notices that the log file of the company's webserver contains suspicious entries:

  

  Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

  A. command injection.

  B. SQL injection.

  C. directory traversal.

  D. LDAP injection.

  Correct Answer: B Section: (none)

• Question 89:

  A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:

  

  When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover?

  A. Cross-site request forgery

  B. Command injection

  C. Cross-site scripting

  D. SQL injection

  Correct Answer: C Section: (none)

• Question 90:

  A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

  A. if (billingAddress = 50) {update field} else exit

  B. if (billingAddress != 50) {update field} else exit

  C. if (billingAddress >= 50) {update field} else exit

  D. if (billingAddress <= 50) {update field} else exit

  Correct Answer: D Section: (none)