♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/312-50-exam-dumps.html
Q341. Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges?
A. Give users tokens
B. Give user the least amount of privileges
C. Give users two passwords
D. Give users a strong policy document
Answer: B
Explanation: With less privileges it is harder to increase the privileges.
Q342. Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to
johndoe@gmail.com". What do you think has occurred?
A. The web application picked up a record at random
B. The web application returned the first record it found
C. The server error has caused the application to malfunction
D. The web application emailed the administrator about the error
Answer: B
Explanation: The web application sends a query to an SQL database and by giving it the criteria 1=1, which always will be true, it will return the first value it finds.
Q343. What are the differences between SSL and S-HTTP?
A. SSL operates at the network layer and S-HTTP operates at the application layer
B. SSL operates at the application layer and S-HTTP operates at the network layer
C. SSL operates at the transport layer and S-HTTP operates at the application layer
D. SSL operates at the application layer and S-HTTP operates at the transport layer
Answer: C
Explanation: The main difference between the protocols is the layer at which they operate. SSL operates at the transport layer and mimics the "socket library," while S-HTTP operates at the application layer. Encryption of the transport layer allows SSL to be application-independent, while S-HTTP is limited to the specific software implementing it. The protocols adopt different philosophies towards encryption as well, with SSL encrypting the entire communications channel and S-HTTP encrypting each message independently.
Q344. Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:
s-1-5-21-1125394485-807628933-54978560-100Johns s-1-5-21-1125394485-807628933-54978560-652Rebecca s-1-5-21-1125394485-807628933-54978560-412Sheela s-1-5-21-1125394485-807628933-54978560-999Shawn s-1-5-21-1125394485-807628933-54978560-777Somia s-1-5-21-1125394485-807628933-54978560-500chang s-1-5-21-1125394485-807628933-54978560-555Micah
From the above list identify the user account with System Administrator privileges.
A. John
B. Rebecca
C. Sheela
D. Shawn
E. Somia
F. Chang
G. Micah
Answer: F
Explanation: The SID of the built-in administrator will always follow this example: S-1-5-domain-
Q345. What hacking attack is challenge/response authentication used to prevent?
A. Replay attacks
B. Scanning attacks
C. Session hijacking attacks
D. Password cracking attacks
Answer: A
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. With a challenge/response authentication you ensure that captured packets can’t be retransmitted without a new authentication.
Q346. What type of Trojan is this?
A. RAT Trojan
B. E-Mail Trojan
C. Defacement Trojan
D. Destructing Trojan
E. Denial of Service Trojan
Answer: C
Q347. Which of these are phases of a reverse social engineering attack?
Select the best answers.
A. Sabotage
B. Assisting
C. Deceiving
D. Advertising
E. Manipulating
Answer: ABD
Explanations:
According to "Methods of Hacking: Social Engineering", by Rick Nelson, the three phases of reverse social engineering attacks are sabotage, advertising, and assisting.
Q348. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use?
A. 443
B. 139
C. 179
D. 445
Answer: D
Q349. An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -1 –p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network.
How would the attacker use netcat to encrypt information before transmitting it on the wire?
A. Machine A: netcat -1 –p –s password 1234 < testfile Machine B: netcat <machine A IP> 1234
B. Machine A: netcat -1 –e magickey –p 1234 < testfile Machine B: netcat <machine A IP> 1234
C. Machine A: netcat -1 –p 1234 < testfile –pw password Machine B: netcat <machine A IP> 1234 –pw password
D. Use cryptcat instead of netcat.
Answer: D
Explanation: Cryptcat is the standard netcat enhanced with twofish encryption with ports for WIndows NT, BSD and Linux. Twofish is courtesy of counterpane, and cryptix. A default netcat installation does not contain any cryptography support.
Q350. You have installed antivirus software and you want to be sure that your AV signatures are working correctly. You don't want to risk the deliberate introduction of a live virus to test the AV software. You would like to write a harmless test virus, which is based on the European Institute for Computer Antivirus Research format that can be detected by the AV software.
How should you proceed?
A. Type the following code in notepad and save the file as SAMPLEVIRUS.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
B. Type the following code in notepad and save the file as AVFILE.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
C. Type the following code in notepad and save the file as TESTAV.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
D. Type the following code in notepad and save the file as EICAR.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Answer: D
Explanation: The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative.