Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Replace EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.
Q31. Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)
A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run
C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run
D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Answer: AD
Q32. You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?
A. Block TCP at the firewall
B. Block UDP at the firewall
C. Block ICMP at the firewall
D. There is no way to completely block tracerouting into this area
Answer: D
Explanation: If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have.
Q33. You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data.
What kind of program can you use to track changes to files on the server?
A. Network Based IDS (NIDS)
B. Personal Firewall
C. System Integrity Verifier (SIV)
D. Linux IP Chains
Answer: C
Explanation: System Integrity Verifiers like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Q34. You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. What can you do to solve this problem?
A. Install a network-based IDS
B. Reconfigure the firewall
C. Conduct a needs analysis
D. Enforce your security policy
Answer: D
Explanation: The employee was unaware of security policy.
Q35. Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually in place to secure the company's network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company is lacking in. This report then becomes the basis for all of Charlie's remaining tests.
What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?
A. Charlie has performed a BREACH analysis; showing the company where its weak points are
B. This analysis would be considered a vulnerability analysis
C. This type of analysis is called GAP analysis
D. This initial analysis performed by Charlie is called an Executive Summary
Answer: C
Explanation: In business and economics, gap analysis is a tool that helps a company to compare its actual performance with its potential performance.
At its core are two questions: "Where are we?" and "Where do we want to be?".
http://en.wikipedia.org/wiki/Gap_analysis
Q36. Marshall is the information security manager for his company. Marshall was just hired on two months ago after the last information security manager retired. Since the last manager did not implement or even write IT policies, Marshall has begun writing IT security policies to cover every conceivable aspect. Marshall's supervisor has informed him that while most employees will be under one set of policies, ten other employees will be under another since they work on computers in publicly-accessible areas. Per his supervisor, Marshall has written two sets of policies. For the users working on publicly-accessible computers, their policies state that everything is forbidden. They are not allowed to browse the Internet or even use email. The only thing they can use is their work related applications like Word and Excel.
What types of policies has Marshall written for the users working on computers in the publicly-accessible areas?
A. He has implemented Permissive policies for the users working on public computers
B. These types of policies would be considered Promiscuous policies
C. He has written Paranoid policies for these users in public areas
D. Marshall has created Prudent policies for the computer users in publicly-accessible areas
Answer: C
Explanation: It says that everything is forbidden, this means that there is a Paranoid Policy implemented
Q37. Which definition among those given below best describes a covert channel?
A. A server program using a port that is not well known.
B. Making use of a protocol in a way it is not intended to be used.
C. It is the multiplexing taking place on a communication link.
D. It is one of the weak channels used by WEP which makes it insecure.
Answer: B
Explanation: A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy."
Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.
Q38. What is the command used to create a binary log file using tcpdump?
A. tcpdump -r log
B. tcpdump -w ./log
C. tcpdump -vde -r log
D. tcpdump -l /var/log/
Answer: B
Explanation: tcpdump [ -adeflnNOpqStvx ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ]
-w Write the raw packets to file rather than parsing and printing them out.
Q39. What is the proper response for a X-MAS scan if the port is closed?
A. SYN
B. ACK
C. FIN
D. PSH
E. RST
F. No response
Answer: E
Explanation: Closed ports respond to a X-MAS scan with a RST.
Q40. While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points. What would be the easiest way to circumvent and communicate on the WLAN?
A. Attempt to crack the WEP key using Airsnort.
B. Attempt to brute force the access point and update or delete the MAC ACL.
C. Steel a client computer and use it to access the wireless network.
D. Sniff traffic if the WLAN and spoof your MAC address to one that you captured.
Answer: D
Explanation: The easiest way to gain access to the WLAN would be to spoof your MAC address to one that already exists on the network.
Q41. A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?
A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database
B. An attacker submits user input that executes an operating system command to compromise a target system
C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access
D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database
Answer: A
Explanation: Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack.
Q42. What is the proper response for a FIN scan if the port is closed?
A. SYN
B. ACK
C. FIN
D. PSH
E. RST
Answer: E
Explanation: Closed ports respond to a FIN scan with a RST.
Q43. Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server.
User-agent: * Disallow: /images/ Disallow: /banners/ Disallow: /Forms/ Disallow: /Dictionary/ Disallow: /_borders/ Disallow: /_fpclass/ Disallow: /_overlay/ Disallow: /_private/ Disallow: /_themes/ What is the name of this file?
A. robots.txt
B. search.txt
C. blocklist.txt
D. spf.txt
Answer: A
Q44. What is the algorithm used by LM for Windows2000 SAM ?
A. MD4
B. DES
C. SHA
D. SSL
Answer: B
Explanation: Okay, this is a tricky question. We say B, DES, but it could be A “MD4” depending on what their asking - Windows 2000/XP keeps users passwords not "apparently", but as hashes, i.e. actually as "check sum" of the passwords. Let's go into the passwords keeping at large. The most interesting structure of the complex SAM-file building is so called V-block. It's size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length, and hash used during the authentication of access to the common resources of other computers LanMan Hash, or simply LM Hash, of the same 16-byte length. Algorithms of the formation of these hashes are following: NT Hash formation: LM Hash formation:
Q45. StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks.
A. Canary
B. Hex editing
C. Format checking
D. Non-executing stack
Answer: A
Explanation: Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.