[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 312-50 Dumps with VCE and PDF 451-460

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 451 – (Topic 18)

Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage. How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?

  1. Ensure all files have at least a 755 or more restrictive permissions.

  2. Configure rules using ipchains.

  3. Configure and enable portsentry on his server.

  4. Install an intrusion detection system on her computer such as Snort.

Answer: B

Explanation: ipchains is a free software based firewall for Linux. It is a rewrite of Linux#39;s previous IPv4 firewalling code, ipfwadm. In Linux 2.2, ipchains is required to administer the IP packet filters. ipchains was written because the older IPv4 firewall code used in Linux

2.0 did not work with IP fragments and didn#39;t allow for specification of protocols other than TCP, UDP, and ICMP.

Question No: 452 – (Topic 18)

Peter is a Linux network admin. As a knowledgeable security consultant, he turns to you to look for help on a firewall. He wants to use Linux as his firewall and use the latest freely available version that is offered. What do you recommend?

Select the best answer.

  1. Ipchains

  2. Iptables

  3. Checkpoint FW for Linux

  4. Ipfwadm

    Answer: B

    Explanation: Explanations:

    Ipchains was improved over ipfwadm with its chaining mechanism so that it can have multiple rulesets. However, it isn#39;t the latest version of a free Linux firewall. Iptables replaced ipchains and is the latest of the free Linux firewall tools. Any Checkpoint firewall is not going to meet Jason#39;s desire to have a free firewall. Ipfwadm is used to build Linux firewall rules prior to 2.2.0. It is a outdated version.

    Question No: 453 – (Topic 18)

    After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

    1. mkdir -p /etc/X11/applnk/Internet/.etc

    2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd

    3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

    4. touch -acmr /etc /etc/X11/applnk/Internet/.etc

    5. passwd nobody -d

    6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

    7. passwd dns -d

    8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

    9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

      1. IUSR_

      2. acmr, dns

      3. nobody, dns

      4. nobody, IUSR_

Answer: C

Explanation: Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns.

Question No: 454 – (Topic 18)

WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use ?

  1. LibPcap

  2. WinPcap

  3. Wincap

  4. None of the above

Answer: B

Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Question No: 455 – (Topic 18)

Jim’s Organization just completed a major Linux roll out and now all of the organization’s systems are running Linux 2.5 Kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ, which built-in functionality of Linux can achieve this?

  1. IP ICMP

  2. IP Sniffer

  3. IP tables

  4. IP Chains

Answer: C

Explanation: iptables is the name of the user space tool by which administrators create rules for the packet filtering and NAT modules. While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself. iptables is a standard part of all modern Linux distributions.

Question No: 456 – (Topic 18)

Bob is a Junior Administrator at ABC Company. On One of Linux machine he entered the following firewall rules:

iptables -t filter -A INPUT -p tcp -dport 23 -j DROP

Why he entered the above line?

  1. To accept the Telnet connection

  2. To deny the Telnet connection

  3. The accept all connection except telnet connection

  4. None of Above

Answer: B Explanation:

-t, -table

This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there.

The tables are as follows: filter This is the default table, and contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). nat This table is consulted when a packet which is creates a new connection is encountered. It consists of three built- ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing).

-A, -append

Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.

-p, -protocol [!] protocol

The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. Also a protocol name from /etc/protocols is allowed. A quot;!quot; argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted. All may not be used in in combination with the check command.

-destination-port [!] [port[:port]]

Destination port or port range specification. The flag -dport is an alias for this option.

-j, -jump target

This specifies the target of the rule; ie. what to do if the packet matches it. The target can be a user-defined chain (not the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet#39;s fate, but the counters on the rule will be incremented.

Question No: 457 – (Topic 18)

You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data.

What kind of program can you use to track changes to files on the server?

  1. Network Based IDS (NIDS)

  2. Personal Firewall

  3. System Integrity Verifier (SIV)

  4. Linux IP Chains

Answer: C

Explanation: System Integrity Verifiers like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.

Question No: 458 – (Topic 18)

You are trying to compromise a Linux Machine and steal the password hashes for cracking with password brute forcing program. Where is the password file kept is Linux?

  1. /etc/shadow

  2. /etc/passwd

  3. /bin/password

  4. /bin/shadow

Answer: A

Explanation: /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file.

Topic 19, Evading IDS, Firewalls and Honeypots

Question No: 459 – (Topic 19)

While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80.

What can you infer from this observation?

  1. They are using Windows based web servers.

  2. They are using UNIX based web servers.

  3. They are not using an intrusion detection system.

  4. They are not using a stateful inspection firewall.

Answer: D

Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.

Question No: 460 – (Topic 19)

You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby

bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. What can you do to solve this problem?

  1. Install a network-based IDS

  2. Reconfigure the firewall

  3. Conduct a needs analysis

  4. Enforce your security policy

Answer: D

Explanation: The employee was unaware of security policy.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.