[Free] 2017(Sep) EnsurePass Braindumps ECCouncil 312-50 Dumps with VCE and PDF 151-160

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 151 – (Topic 4)

Exhibit:

Ensurepass 2017 PDF and VCE

Study the following log extract and identify the attack.

  1. Hexcode Attack

  2. Cross Site Scripting

  3. Multiple Domain Traversal Attack

  4. Unicode Directory Traversal Attack

    Answer: D

    Explanation: The “Get /msadc/……/……/……/winnt/system32/cmd.exe?” shows that a Unicode Directory Traversal Attack has been performed.

    Question No: 152 – (Topic 4)

    One of your team members has asked you to analyze the following SOA record. What is the version?

    Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

    3600 604800 2400.

    A. 200303028

    B. 3600

    C. 604800

    D. 2400

  5. 60

F. 4800

Answer: A

Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version.

Question No: 153 – (Topic 4)

What is a NULL scan?

  1. A scan in which all flags are turned off

  2. A scan in which certain flags are off

  3. A scan in which all flags are on

  4. A scan in which the packet size is set to zero

  5. A scan with a illegal packet size

Answer: A

Explanation: A null scan has all flags turned off.

Question No: 154 – (Topic 4)

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.

Which of the following features makes this possible? (Choose two)

  1. It used TCP as the underlying protocol.

  2. It uses community string that is transmitted in clear text.

  3. It is susceptible to sniffing.

  4. It is used by all network devices on the market.

Answer: B,C

Explanation: Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly #39;READ#39; and #39;WRITE#39; (or PUBLIC and PRIVATE). If an attacker is able to guess a PUBLIC community string, they would be able to read SNMP data (depending on which MIBs are installed) from the remote device. This information might include system time, IP addresses, interfaces, processes running, etc. Version 1 of SNMP has been criticized for its poor security. Authentication of clients is performed only by a quot;community stringquot;, in effect a type of password, which is transmitted in cleartext.

Question No: 155 – (Topic 4)

Exhibit:

Ensurepass 2017 PDF and VCE

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

  1. har.txt

  2. SAM file

  3. wwwroot

  4. Repair file

Answer: B

Explanation: He is actually trying to get the file har.txt but this file contains a copy of the SAM file.

Question No: 156 – (Topic 4)

What is the proper response for a NULL scan if the port is closed?

  1. SYN

  2. ACK

  3. FIN

  4. PSH

  5. RST

  6. No response

Answer: E

Explanation: Closed ports respond to a NULL scan with a reset.

Question No: 157 – (Topic 4)

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Select the best answers.

  1. Use the same machines for DNS and other applications

  2. Harden DNS servers

  3. Use split-horizon operation for DNS servers

  4. Restrict Zone transfers

  5. Have subnet diversity between DNS servers

Answer: B,C,D,E Explanation: Explanations:

A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called split-horizon operation). Zone transfers should only be accepted from authorized DNS servers.

By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down.

Question No: 158 – (Topic 4)

Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?

  1. A sniffing attack

  2. A spoofing attack

  3. A man in the middle attack

  4. A denial of service attack

Answer: C

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.

Question No: 159 – (Topic 4)

Exhibit:

Ensurepass 2017 PDF and VCE

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice quot;/bin/shquot; in the ASCII part of the output. As an analyst what would you conclude about the attack?

  1. The buffer overflow attack has been neutralized by the IDS

  2. The attacker is creating a directory on the compromised machine

  3. The attacker is attempting a buffer overflow attack and has succeeded

  4. The attacker is attempting an exploit that launches a command-line shell

Answer: D

Explanation: This log entry shows a hacker using a buffer overflow to fill the data buffer and trying to insert the execution of /bin/sh into the executable code part of the thread. It is probably an existing exploit that is used, or a directed attack with a custom built buffer overflow with the “payload” that launches the command shell.

Question No: 160 – (Topic 4)

Which of the following statements about a zone transfer correct?(Choose three.

  1. A zone transfer is accomplished with the DNS

  2. A zone transfer is accomplished with the nslookup service

  3. A zone transfer passes all zone information that a DNS server maintains

  4. A zone transfer passes all zone information that a nslookup server maintains

  5. A zone transfer can be prevented by blocking all inbound TCP port 53 connections

  6. Zone transfers cannot occur on the Internet

Answer: A,C,E

Explanation: Securing DNS servers should be a priority of the organization. Hackers obtaining DNS information can discover a wealth of information about an organization. This information can be used to further exploit the network.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass 312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.