EC-Council 312-50v11 Free Practice Questions

NEW QUESTION 1
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

• A. Perform a vulnerability scan of the system.
• B. Determine the impact of enabling the audit feature.
• C. Perform a cost/benefit analysis of the audit feature.
• D. Allocate funds for staffing of audit log review.

Answer: B

NEW QUESTION 2
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

• A. Exploration
• B. Investigation
• C. Reconnaissance
• D. Enumeration

Answer: C

NEW QUESTION 3
Why containers are less secure that virtual machines?

• A. Host OS on containers has a larger surface attack.
• B. Containers may full fill disk space of the host.
• C. A compromise container may cause a CPU starvation of the host.
• D. Containers are attached to the same virtual network.

Answer: A

NEW QUESTION 4
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

• A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
• B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
• C. Symmetric encryption allows the server to security transmit the session keys out-of-band.
• D. Asymmetric cryptography is computationally expensive in compariso
• E. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Answer: A

NEW QUESTION 5
During an Xmas scan what indicates a port is closed?

• A. No return response
• B. RST
• C. ACK
• D. SYN

Answer: B

NEW QUESTION 6
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site.
Which file does the attacker need to modify?

• A. Boot.ini
• B. Sudoers
• C. Networks
• D. Hosts

Answer: D

NEW QUESTION 7
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

• A. Use the built-in Windows Update tool
• B. Use a scan tool like Nessus
• C. Check MITRE.org for the latest list of CVE findings
• D. Create a disk image of a clean Windows installation

Answer: B

NEW QUESTION 8
What does a firewall check to prevent particular ports and applications from getting packets into an organization?

• A. Transport layer port numbers and application layer headers
• B. Presentation layer headers and the session layer port numbers
• C. Network layer headers and the session layer port numbers
• D. Application layer port numbers and the transport layer headers

Answer: A

NEW QUESTION 9
What is the role of test automation in security testing?

• A. It is an option but it tends to be very expensive.
• B. It should be used exclusivel
• C. Manual testing is outdated because of low speed and possible test setup inconsistencies.
• D. Test automation is not usable in security due to the complexity of the tests.
• E. It can accelerate benchmark tests and repeat them with a consistent test setu
• F. But it cannot replace manual testing completely.

Answer: D

NEW QUESTION 10
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?

• A. nmap -T4 -q 10.10.0.0/24
• B. nmap -T4 -F 10.10.0.0/24
• C. nmap -T4 -r 10.10.1.0/24
• D. nmap -T4 -O 10.10.0.0/24

Answer: B

NEW QUESTION 11
Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

• A. WebDav
• B. SQL Slammer
• C. MS Blaster
• D. MyDoom

Answer: C

NEW QUESTION 12
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.
You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.
In other words, you are trying to penetrate an otherwise impenetrable system. How would you proceed?

• A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
• B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
• C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"
• D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Answer: B

NEW QUESTION 13
Which of the following tools can be used for passive OS fingerprinting?

• A. nmap
• B. tcpdump
• C. tracert
• D. ping

Answer: B

NEW QUESTION 14
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

• A. The network devices are not all synchronized.
• B. Proper chain of custody was not observed while collecting the logs.
• C. The attacker altered or erased events from the logs.
• D. The security breach was a false positive.

Answer: A

NEW QUESTION 15
Scenario1:
* 1. Victim opens the attacker's web site.
* 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
* 3. Victim clicks to the interesting and attractive content URL.
* 4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

• A. Session Fixation
• B. HTML Injection
• C. HTTP Parameter Pollution
• D. Clickjacking Attack

Answer: D

NEW QUESTION 16
During the process of encryption and decryption, what keys are shared? During the process of encryption and decryption, what keys are shared?

• A. Private keys
• B. User passwords
• C. Public keys
• D. Public and private keys

Answer: C

NEW QUESTION 17
Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

• A. ARP spoofing
• B. SQL injection
• C. DNS poisoning
• D. Routing table injection

Answer: C

NEW QUESTION 18
Which regulation defines security and privacy controls for Federal information systems and organizations?

• A. HIPAA
• B. EU Safe Harbor
• C. PCI-DSS
• D. NIST-800-53

Answer: D

NEW QUESTION 19
Which is the first step followed by Vulnerability Scanners for scanning a network?

• A. OS Detection
• B. Firewall detection
• C. TCP/UDP Port scanning
• D. Checking if the remote host is alive

Answer: D

NEW QUESTION 20
You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.
Dear valued customers,
We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta
Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama
How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

• A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
• B. Connect to the site using SSL, if you are successful then the website is genuine
• C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
• D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
• E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Answer: C

NEW QUESTION 21
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

• A. Kismet
• B. Abel
• C. Netstumbler
• D. Nessus

Answer: A

NEW QUESTION 22
Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

• A. USER, NICK
• B. LOGIN, NICK
• C. USER, PASS
• D. LOGIN, USER

Answer: A

NEW QUESTION 23
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

• A. Macro virus
• B. Stealth/Tunneling virus
• C. Cavity virus
• D. Polymorphic virus

Answer: B

NEW QUESTION 24
How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender’s identity?

• A. Hash value
• B. Private key
• C. Digital signature
• D. Digital certificate

Answer: D

NEW QUESTION 25
......