[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 312-50 Dumps with VCE and PDF 441-450

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 441 – (Topic 18)

Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.

What is the name of this library?


  2. LibPCAP

  3. WinPCAP

  4. PCAP

Answer: C

Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Question No: 442 – (Topic 18)

What is the expected result of the following exploit?

Ensurepass 2018 PDF and VCE

  1. Opens up a telnet listener that requires no username or password.

  2. Create a FTP server with write permissions enabled.

  3. Creates a share called “sasfile” on the target system.

  4. Creates an account with a user name of Anonymous and a password of noone@nowhere.com.

Answer: A


The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) –

– $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife – netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The ##39;s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on.

Question No: 443 – (Topic 18)

What is Cygwin?

  1. Cygwin is a free C compiler that runs on Windows

  2. Cygwin is a free Unix subsystem that runs on top of Windows

  3. Cygwin is a free Windows subsystem that runs on top of Linux

  4. Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment

Answer: B

Explanation: Cygwin is a Linux-like environment for Windows. It consists of two parts:

A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux API functionality.

A collection of tools which provide Linux look and feel.

The Cygwin DLL works with all non-beta, non quot;release candidatequot;, ix86 32 bit versions of Windows since Windows 95, with the exception of Windows CE.

Question No: 444 – (Topic 18)

Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this?

  1. The services are protected by TCP wrappers

  2. There is a honeypot running on the scanned machine

  3. An attacker has replaced the services with trojaned ones

  4. This indicates that the telnet and SMTP server have crashed

Answer: A

Explanation: Explanation: TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

Question No: 445 – (Topic 18)

On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner?

  1. Use quot;Isquot;

  2. Use quot;lsofquot;

  3. Use quot;echoquot;

  4. Use quot;netstatquot;

Answer: B

Explanation: lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several

UNIX flavors.

Question No: 446 – (Topic 18)

Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host?

  1. Honeypot

  2. DMZ host

  3. DWZ host

  4. Bastion Host

Answer: D

Explanation: A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. Depending on a network#39;s complexity and configuration, a single bastion host may stand guard by itself, or be part of a larger security system with different layers of protection.

Question No: 447 – (Topic 18)

Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management?

  1. Rebecca should make a recommendation to disable the () system call

  2. Rebecca should make a recommendation to upgrade the Linux kernel promptly

  3. Rebecca should make a recommendation to set all child-process to sleep within the execve()

  4. Rebecca should make a recommendation to hire more system administrators to monitor all child processes to ensure that each child process can#39;t elevate privilege

Answer: B

Question No: 448 – (Topic 18)

John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module.

What does this mean in the context of Linux Security?

  1. Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation.

  2. Loadable Kernel Modules are a mechanism for adding functionality to an operating- system kernel after it has been recompiled and the system rebooted.

  3. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation.

  4. Loadable Kernel Modules are a mechanism for adding functionality to an operating- system kernel without requiring a kernel recompilation.

Answer: D

Explanation: Loadable Kernel Modules, or LKM, are object files that contain code to extend the running kernel, or so-called base kernel, without the need of a kernel recompilation. Operating systems other than Linux, such as BSD systems, also provide support for LKM#39;s. However, the Linux kernel generally makes far greater and more versatile use of LKM#39;s than other systems. LKM#39;s are typically used to add support for new hardware, filesystems or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded, freeing memory.

Question No: 449 – (Topic 18)

Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.

  1. Linux passwords can be encrypted with MD5

  2. Linux passwords can be encrypted with SHA

  3. Linux passwords can be encrypted with DES

  4. Linux passwords can be encrypted with Blowfish

  5. Linux passwords are encrypted with asymmetric algrothims

Answer: A,C,D

Explanation: Linux passwords are enrcypted using MD5, DES, and the NEW addition Blowfish. The default on most linux systems is dependant on the distribution, RedHat uses MD5, while slackware uses DES. The blowfish option is there for those who wish to use it. The encryption algorithm in use can be determined by authconfig on RedHat-based systems, or by reviewing one of two locations, on PAM-based systems (Pluggable Authentication Module) it can be found in /etc/pam.d/, the system-auth file or authconfig files. In other systems it can be found in /etc/security/ directory.

Question No: 450 – (Topic 18)

Joe the Hacker breaks into company’s Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.

Running “ifconfig -a” will produce the following:

# ifconfig -a

1o0: flags=848lt;UP,LOOPBACK,RUNNING,MULTICASTgt; mtu 8232

inet netmask ff000000hme0: flags=863lt;UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICASTgt; mtu 1500

inet netmask ffffff00 broadcast ether 8:0:20:9c:a2:35

What can Joe do to hide the wiretap program from being detected by ifconfig


  1. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu

  2. Run the wiretap program in stealth mode from being detected by the ifconfig command.

  3. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.

  4. You cannot disable Promiscuous mode detection on Linux systems.

Answer: C

Explanation: The normal way to hide these rogue programs running on systems is the use crafted commands like ifconfig and ls.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.