[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 312-50 Dumps with VCE and PDF 481-490

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 481 – (Topic 19)

Why would an ethical hacker use the technique of firewalking?

  1. It is a technique used to discover wireless network on foot.

  2. It is a technique used to map routers on a network link.

  3. It is a technique used to discover the nature of rules configured on a gateway.

  4. It is a technique used to discover interfaces in promiscuous mode.

Answer: C

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.

Question No: 482 – (Topic 19)

Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host#39;s TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload?

  1. Defrag

  2. Tcpfrag

  3. Tcpdump

  4. Fragroute

Answer: D

Explanation: fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks quot;Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detectionquot; paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.

Question No: 483 – (Topic 19)

What is a primary advantage a hacker gains by using encryption or programs such as Loki?

  1. It allows an easy way to gain administrator rights

  2. It is effective against Windows computers

  3. It slows down the effective response of an IDS

  4. IDS systems are unable to decrypt it

  5. Traffic will not be modified in transit

Answer: D

Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.

Question No: 484 – (Topic 19)

If you come across a sheepdip machine at your client’s site, what should you do?

  1. A sheepdip computer is used only for virus-checking.

  2. A sheepdip computer is another name for a honeypot

  3. A sheepdip coordinates several honeypots.

  4. A sheepdip computers defers a denial of service attack.

Answer: A

Explanation: Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

Question No: 485 – (Topic 19)

Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.

Which of the choices below indicate the other features offered by Snort?

  1. IDS, Packet Logger, Sniffer

  2. IDS, Firewall, Sniffer

  3. IDS, Sniffer, Proxy

  4. IDS, Sniffer, content inspector

Answer: A

Explanation: Snort is a free software network intrusion detection and prevention system capable of performing packet logging amp; real-time traffic analysis, on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire

Question No: 486 – (Topic 19)

A program that defends against a port scanner will attempt to:

  1. Sends back bogus data to the port scanner

  2. Log a violation and recommend use of security-auditing tools

  3. Limit access by the scanning system to publicly available ports only

  4. Update a firewall rule in real time to prevent the port scan from being completed

Answer: D

Question No: 487 – (Topic 19)

An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS?

Select the best answer.

  1. Firewalk

  2. Manhunt

  3. Fragrouter

  4. Fragids

Answer: C

Explanation: Explanations:

Firewalking is a way to disguise a portscan. Thus, firewalking is not a tool, but a method of conducting a port scan in which it can be hidden from some firewalls. Synamtec Man-Hunt is an IDS, not a tool to evade an IDS.

Fragrouter is a tool that can take IP traffic and fragment it into multiple pieces. There is a legitimate reason that fragmentation is done, but it is also a technique that can help an attacker to evade detection while Fragids is a made-up tool and does not exist.

Question No: 488 – (Topic 19)

What makes web application vulnerabilities so aggravating? (Choose two)

  1. They can be launched through an authorized port.

  2. A firewall will not stop them.

  3. They exist only on the Linux platform.

  4. They are detectable by most leading antivirus software.

Answer: A,B

Explanation: As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack.

Question No: 489 – (Topic 19)

What type of attack changes its signature and/or payload to avoid detection by antivirus programs?

  1. Polymorphic

  2. Rootkit

  3. Boot sector

  4. File infecting

Answer: A

Explanation: In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.

Question No: 490 – (Topic 19)

What is the tool Firewalk used for?

  1. To test the IDS for proper operation

  2. To test a firewall for proper operation

  3. To determine what rules are in place for a firewall

  4. To test the webserver configuration

  5. Firewalk is a firewall auto configuration tool

Answer: C

Explanation: Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device quot;firewallquot; will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.