[Free] 2018(Jan) EnsurePass Testking ECCouncil 312-50 Dumps with VCE and PDF 431-440

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 431 – (Topic 16)

Melissa is a virus that attacks Microsoft Windows platforms. To which category does this virus belong?

  1. Polymorphic

  2. Boot Sector infector

  3. System

  4. Macro

Answer: D

Explanation: The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment.

Topic 17, Physical Security

Question No: 432 – (Topic 17)

Samuel is high school teenager who lives in Modesto California. Samuel is a straight ‘A’ student who really likes tinkering around with computers and other types of electronic devices. Samuel just received a new laptop for his birthday and has been configuring it ever since. While tweaking the registry, Samuel notices a pop up at the bottom of his screen stating that his computer was now connected to a wireless network. All of a sudden, he was able to get online and surf the Internet.

Samuel did some quick research and was able to gain access to the wireless router he was connecting to and see al of its settings? Being able to hop onto someone else’s wireless network so easily fascinated Samuel so he began doing more and more research on wireless technologies and how to exploit them. The next day Samuel’s fried said that he could drive around all over town and pick up hundred of wireless networks. This really excited Samuel so they got into his friend’s car and drove around the city seeing which networks they could connect to and which ones they could not.

What has Samuel and his friend just performed?

  1. Wardriving

  2. Warwalking

  3. Warchalking

  4. Webdriving

Answer: A

Explanation: Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect the networks. It was also known (as of 2002) as quot;WiLDingquot; (Wireless Lan Driving, although this term never gained any popularity and is no longer used), originating in the San Francisco Bay Area with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio.

Question No: 433 – (Topic 17)

Joseph has just been hired on to a contractor company of the Department of Defense as their senior Security Analyst. Joseph has been instructed on the Company’s strict security policies that have been implemented and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph’s supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number.

Joseph’s company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication?

  1. Security token

  2. Biometric device

  3. OTP

  4. Proximity cards

Answer: A

Explanation: A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in.

Question No: 434 – (Topic 17)

Which of the following keyloggers can’t be detected by anti-virus or anti-spyware products?

  1. Hardware keylogger

  2. Software Keylogger

  3. Stealth Keylogger

  4. Convert Keylogger

Answer: A

Explanation: A hardware keylogger will never interact with the operating system and therefore it will never be detected by any security programs running in the operating system.

Question No: 435 – (Topic 17)

What does the this symbol mean?

Ensurepass 2018 PDF and VCE

  1. Open Access Point

  2. WPA Encrypted Access Point

  3. WEP Encrypted Access Point

  4. Closed Access Point

Answer: A

Explanation: This symbol is a “warchalking” symbol for a open node (open circle) with the SSID tsunami and the bandwidth 2.0 Mb/s

Question No: 436 – (Topic 17)

In an attempt to secure his 802.11b wireless network, Bob decides to use strategic antenna positioning. He places the antenna for the access point near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the buildings center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Bob figures that with this and his placement of antennas, his wireless network will be safe from attack. Which of he following statements is true?

  1. Bob’s network will not be safe until he also enables WEP

  2. With the 300-foot limit of a wireless signal, Bob’s network is safe

  3. Bob’s network will be sage but only if he doesn’t switch to 802.11a

  4. Wireless signals can be detected from miles away; Bob’s network is not safe

Answer: D

Explanation: It’s all depending on the capacity of the antenna that a potential hacker will use in order to gain access to the wireless net.

Topic 18, Linux Hacking

Question No: 437 – (Topic 18)

Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ.

Which built-in functionality of Linux can achieve this?

  1. IP Tables

  2. IP Chains

  3. IP Sniffer

  4. IP ICMP

Answer: A

Explanation: iptables is a user space application program that allows a system administrator to configure the netfilter tables, chains, and rules (described above). Because iptables requires elevated privileges to operate, it must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /sbin/iptables. IP Tables performs stateful inspection while the older IP Chains only performs stateless inspection.

Question No: 438 – (Topic 18)

Which of the following snort rules look for FTP root login attempts?

  1. alert tcp -gt; any port 21 (msg:quot;user rootquot;;)

  2. alert tcp -gt; any port 21 (message:quot;user rootquot;;)

  3. alert ftp -gt; ftp (content:quot;user password rootquot;;)

  4. alert tcp any any -gt; any any 21 (content:quot;user rootquot;;)

Answer: D

Explanation: The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:”user root”;)

Question No: 439 – (Topic 18)

John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the logfiles to investigate the attack.

Take a look at the following Linux logfile snippet. The hacker compromised and quot;ownedquot; a Linux machine. What is the hacker trying to accomplish here?

[root@apollo /]# rm rootkit.c

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm –

rf /root/.bash_history ; rm – rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 inetd 359 ? 00:00:00 inetd

rm: cannot remove `/tmp/h#39;: No such file or directory

rm: cannot remove `/usr/sbin/rpc.portmap#39;: No such file or directory [root@apollo /]# ps -aux | grep portmap

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm

/sbin/portmap ;

rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm – rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ?

00:00:00 inetd

rm: cannot remove `/sbin/portmap#39;: No such file or directory rm: cannot remove `/tmp/h#39;: No such file or directory

gt;rm: cannot remove `/usr/sbin/rpc.portmap#39;: No such file or directory [root@apollo /]# rm: cannot remove `/sbin/portmap#39;: No such file or directory

  1. The hacker is planting a rootkit

  2. The hacker is trying to cover his tracks

  3. The hacker is running a buffer overflow exploit to lock down the system

  4. The hacker is attempting to compromise more machines on the network

    Answer: B

    Explanation: By deleting temporary directories and emptying like bash_history that contains the last commands used with the bash shell he is trying to cover his tracks.

    Question No: 440 – (Topic 18)

    After studying the following log entries, what is the attacker ultimately trying to achieve as inferred from the log sequence?

    1. mkdir -p /etc/X11/applnk/Internet/.etc

    2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd

    3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

    4. touch -acmr /etc /etc/X11/applnk/Internet/.etc

    5. passwd nobody -d

    6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

    7. passwd dns -d

    8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

    9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

      1. Change password of user nobody

      2. Extract information from a local directory

      3. Change the files Modification Access Creation times

      4. Download rootkits and passwords into a new directory

Answer: C

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.