[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 312-50 Dumps with VCE and PDF 111-120

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 111 – (Topic 3)

You are performing a port scan with nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don#39;t want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results?

  1. XMAS scan

  2. Stealth scan

  3. Connect scan

  4. Fragmented packet scan

Answer: C

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three- way handshake, and the port scanner immediately closes the connection.

Question No: 112 – (Topic 3)

You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all

show port 21 in closed state.

What should be the next logical step that should be performed?

  1. Connect to open ports to discover applications.

  2. Perform a ping sweep to identify any additional systems that might be up.

  3. Perform a SYN scan on port 21 to identify any additional systems that might be up.

  4. Rescan every computer to verify the results.

Answer: C

Explanation: As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems.

Question No: 113 – (Topic 3)

John has performed a scan of the web server with NMAP but did not gather enough information to accurately identify which operating system is running on the remote host. How could you use a web server to help in identifying the OS that is being used?

  1. Telnet to an Open port and grab the banner

  2. Connect to the web server with an FTP client

  3. Connect to the web server with a browser and look at the web page

  4. Telnet to port 8080 on the web server and look at the default page code

Answer: A

Explanation: Most Web servers politely identify themselves and the OS to anyone who asks.

Question No: 114 – (Topic 3)

Why would an attacker want to perform a scan on port 137?

  1. To discover proxy servers on a network

  2. To disrupt the NetBIOS SMB service on the target host

  3. To check for file and print sharing on Windows systems

  4. To discover information about a target host using NBTSTAT

Answer: D

Explanation: Microsoft encapsulates netbios information within TCP/Ip using ports 135-139. It is trivial for an attacker to issue the following command:

nbtstat -A (your Ip address)

from their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders).

Question No: 115 – (Topic 3)

Paula works as the primary help desk contact for her company. Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he ca no longer work. Paula walks over to the user’s computer and sees the Blue Screen of Death screen. The user’s computer is running Windows XP, but the Blue screen looks like a familiar one that Paula had seen a Windows 2000 Computers periodically.

The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there. Paula also noticed that the hard drive activity light was flashing meaning that the computer was processing some thing. Paula knew this should not be the case since the computer should be completely frozen during a Blue screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

  1. Paula’s Network was scanned using FloppyScan

  2. Paula’s Netwrok was scanned using Dumpsec

  3. There was IRQ conflict in Paula’s PC

  4. Tool like Nessus will cause BSOD

Answer: A

Explanation: Floppyscan is a dangerous hacking tool which can be used to portscan a system using a floppy disk Bootsup mini Linux Displays Blue screen of death screen Port scans the network using NMAP Send the results by e-mail to a remote server.

Question No: 116 – (Topic 3)

Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

  1. To create a denial of service attack.

  2. To verify information about the mail administrator and his address.

  3. To gather information about internal hosts used in email treatment.

  4. To gather information about procedures that are in place to deal with such messages.

Answer: C

Explanation: The replay from the email server that states that there is no such recipient will also give you some information about the name of the email server, versions used and so on.

Question No: 117 – (Topic 3)

Sandra is the security administrator of ABC.com. One day she notices that the ABC.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

  1. NDCA

  2. NICP

  3. CIRP

  4. NPC

  5. CIA

Answer: D

Question No: 118 – (Topic 3)

Which of the following is an automated vulnerability assessment tool.

  1. Whack a Mole

  2. Nmap

  3. Nessus

  4. Kismet

  5. Jill32

Answer: C

Explanation: Nessus is a vulnerability assessment tool.

Question No: 119 – (Topic 3)

Lori has just been tasked by her supervisor conduct vulnerability scan on the corporate network. She has been instructed to perform a very thorough test of the

network to ensure that there are no security holes on any of the machines. Lori’s company does not own any commercial scanning products, so she decides to download a free one off the Internet. Lori has never done a vulnerability scan before, so she is unsure of some of the settings available in the software she downloaded. One of the option is to choose which ports that can be scanned. Lori wants to do exactly what her boos has told her, but she does not know ports should be scanned.

If Lori is supposed to scan all known TCP ports, how many ports should she select in the software?

A. 65536

B. 1024

C. 1025

D. Lori should not scan TCP ports, only UDP ports

Answer: A

Explanation: In both TCP and UDP, each packet header will specify a source port and a destination port, each of which is a 16-bit unsigned integer (i.e. ranging from 0 to 65535).

Question No: 120 – (Topic 3)

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

  1. The firewall is dropping the packets.

  2. An in-line IDS is dropping the packets.

  3. A router is blocking ICMP.

  4. The host does not respond to ICMP packets.

Answer: C

Explanation: Type 3 message = Destination Unreachable [RFC792], Code 13 (cause) = Communication Administratively Prohibited [RFC1812]

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.