Your success in EC-Council 312-50 is our sole target and we develop all our 312-50 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50 study material the best you can find, it is also the most detailed and the most updated. 312-50 Practice Exams for EC-Council 312-50 are written to the highest standards of technical accuracy.
Q221. When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?
A. macof
B. webspy
C. filesnarf
D. nfscopy
Answer: C
Explanation: Filesnarf - sniff files from NFS traffic
OPTIONS
-i interface
Specify the interface to listen on.
-v "Versus" mode. Invert the sense of matching, to
select non-matching files.
pattern
Specify regular expression for filename matching.
expression
Specify a tcpdump(8) filter expression to select
traffic to sniff.
SEE ALSO
Dsniff, nfsd
Q222. Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.
Choose the attack type from the choices given below.
A. Database Fingerprinting
B. Database Enumeration
C. SQL Fingerprinting
D. SQL Enumeration
Answer: A
Explanation: He is trying to create a view of the characteristics of the target database, he is taking it’s fingerprints.
Q223. Which of the following ICMP message types are used for destinations unreachables?
A. 0
B. 3
C. 11
D. 13
E. 17
Answer: B
Explanation: Type 3 messages are used for unreachable messages. 0 is Echo Reply, 8 is Echo request, 11 is time exceeded, 13 is timestamp and 17 is subnet mask request. Learning these would be advisable for the test.
Q224. Attacking well-known system defaults is one of the most common hacker attacks. Most software is shipped with a default configuration that makes it easy to install and setup the application. You should change the default settings to secure the system.
Which of the following is NOT an example of default installation?
A. Many systems come with default user accounts with well-known passwords that administrators forget to change
B. Often, the default location of installation files can be exploited which allows a hacker to retrieve a file from the system
C. Many software packages come with "samples" that can be exploited, such as the sample programs on IIS web services
D. Enabling firewall and anti-virus software on the local system
Answer: D
Q225. Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?
A. Jacob is seeing a Smurf attack.
B. Jacob is seeing a SYN flood.
C. He is seeing a SYN/ACK attack.
D. He has found evidence of an ACK flood.
Answer: B
Q226. Hackers usually control Bots through:
A. IRC Channel
B. MSN Messenger
C. Trojan Client Software
D. Yahoo Chat
E. GoogleTalk
Answer: A
Explanation: Most of the bots out today has a function to connect to a predetermined IRC channel in order to get orders.
Q227. Which one of the following instigates a SYN flood attack?
A. Generating excessive broadcast packets.
B. Creating a high number of half-open connections.
C. Inserting repetitive Internet Relay Chat (IRC) messages.
D. A large number of Internet Control Message Protocol (ICMP) traces.
Answer: B
Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process" queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable.
Q228. Jenny a well known hacker scanning to remote host of 204.4.4.4 using nmap. She got the scanned output but she saw that 25 port states is filtered. What is the meaning of filtered port State?
A. Can Accessible
B. Filtered by firewall
C. Closed
D. None of above
Answer: B
Explanation: The state is either open, filtered, closed, or unfiltered. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.
Q229. Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client but he wants to know if the email is forwarded on to any other recipients. The client is explicitly asked not to re-send the email since that would be a violation of the lawyer's and client's agreement for this particular case. What can Blane use to accomplish this?
A. He can use a split-DNS service to ensure the email is not forwarded on.
B. A service such as HTTrack would accomplish this.
C. Blane could use MetaGoofil tracking tool.
D. Blane can use a service such as ReadNotify tracking tool.
Answer: D
Q230. Which of the following is a patch management utility that scans one or more computers on your network and alerts you if you important Microsoft Security patches are missing. It then provides links that enable those missing patches to be downloaded and installed.
A. MBSA
B. BSSA
C. ASNB
D. PMUS
Answer: A
Explanation: The Microsoft Baseline Security Analyzer (MBSA) is a tool put out by Microsoft to help analyze security problems in Microsoft Windows. It does this by scanning the system for security problems in Windows, Windows components such as the IIS web server application, Microsoft SQL Server, and Microsoft Office. One example of an issue might be that permissions for one of the directories in the wwwroot folder of IIS could be set at too low a level, allowing unwanted modification of files from outsiders.