Considering the variety of types of certification these days covering up almost every computer program offered, it can be tough to know what certification could be important to be able to get plus which often other ones wouldn?¡¥t enjoy the extreme yank you are researching for. In the of people offered, quite a few IT pros experience a EC-Council among the the majority of greatly regarded plus respectable certification accessible in the information know-how entire world. So if you feel undecided, EC-Council certification may end up being value picking a second examine. Or if you have by now thought i would bring this particular one on, you are well on on your path with an really important plus pleasing credential.
2021 Oct 312-50 exams
Q441. Dan is conducting a penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?
A. Dan cannot spoof his IP address over TCP network
B. The server will send replies back to the spoofed IP address
C. Dan can establish an interactive session only if he uses a NAT
D. The scenario is incorrect as Dan can spoof his IP and get responses
Answer: B
Explanation: Spoofing your IP address is only effective when there is no need to establish a two way connection as all traffic meant to go to the attacker will end up at the place of the spoofed address.
Q442. What do you call a pre-computed hash?
A. Sun tables
B. Apple tables
C. Rainbow tables
D. Moon tables
Answer: C
Q443. Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee:
a. Frequently leaves work early, arrive late or call in sick
b. Spends time surfing the Internet or on the phone
c. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments
d. Always negative; finds fault with everything
These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)
A. Limit access to the applications they can run on their desktop computers and enforce strict work hour rules
B. By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees
C. Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed
D. Limit Internet access, e-mail communications, access to social networking sites and job hunting portals
Answer: BC
Q444. Stephanie, a security analyst, has just returned from a Black Hat conference in Las Vegas where she learned of many powerful tools used by hackers and security professionals alike. Stephanie is primarily worried about her Windows network because of all the legacy computers and servers that she must use, due to lack of funding.
Stephanie wrote down many of the tools she learned of in her notes and was particularly interested in one tool that could scan her network for vulnerabilities and return reports on her network's weak spots called SAINT. She remembered from her notes that SAINT is very flexible and can accomplish a number of tasks. Stephanie asks her supervisor, the CIO, if she can download and run SAINT on the network. Her boss said to not bother with it since it will not work for her at all.
Why did Stephanie's boss say that SAINT would not work?
A. SAINT only works on Macintosh-based machines
B. SAINT is too expensive and is not cost effective
C. SAINT is too network bandwidth intensive
D. SAINT only works on LINUX and UNIX machines
Answer: D
Explanation: Works with Unix/Linux/BSD and MacOS X http://www.saintcorporation.com/
Up to date 312-50 exam guide:
Q445. Lori was performing an audit of her company's internal Sharepoint pages when she came across the following code: What is the purpose of this code?
A. This JavaScript code will use a Web Bug to send information back to another server.
B. This code snippet will send a message to a server at 192.154.124.55 whenever the "escape" key is pressed.
C. This code will log all keystrokes.
D. This bit of JavaScript code will place a specific image on every page of the RSS feed.
Answer: C
Q446. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c
What is the hexadecimal value of NOP instruction?
A. 0x60
B. 0x80
C. 0x70
D. 0x90
Answer: D
Q447. NTP allows you to set the clocks on your systems very accurately, to within 100ms and sometimes-even 10ms. Knowing the exact time is extremely important for enterprise security. Various security protocols depend on an accurate source of time information in order to prevent "playback" attacks. These protocols tag their communications with the current time, to prevent attackers from replaying the same communications, e.g., a login/password interaction or even an entire communication, at a later date. One can circumvent this tagging, if the clock can be set back to the time the communication was recorded. An attacker attempts to try corrupting the clocks on devices on your network. You run Wireshark to detect the NTP traffic to see if there are any irregularities on the network. What port number you should enable in Wireshark display filter to view NTP packets?
A. TCP Port 124
B. UDP Port 125
C. UDP Port 123
D. TCP Port 126
Answer: C
Q448. Which of the following Trojans would be considered 'Botnet Command Control Center'?
A. YouKill DOOM
B. Damen Rock
C. Poison Ivy D. Matten Kit
Answer: C
Q449. While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?
A. Scan more slowly.
B. Do not scan the broadcast IP.
C. Spoof the source IP address.
D. Only scan the Windows systems.
Answer: B
Explanation: Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.