[Free] 2018(Jan) EnsurePass Testking ECCouncil 312-50 Dumps with VCE and PDF 491-500

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 491 – (Topic 19)

Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used

account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges?

  1. Give users tokens

  2. Give user the least amount of privileges

  3. Give users two passwords

  4. Give users a strong policy document

Answer: B

Explanation: With less privileges it is harder to increase the privileges.

Question No: 492 – (Topic 19)


Ensurepass 2018 PDF and VCE

Study the log given in the exhibit,

Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

  1. Disallow UDP 53 in from outside to DNS server

  2. Allow UDP 53 in from DNS server to outside

  3. Disallow TCP 53 in from secondaries or ISP server to DNS server

  4. Block all UDP traffic

Answer: C

Explanation: According to the exhibit, the question is regarding the DNS Zone Transfer. Since Zone Transfers are done with TCP port 53, you should not allow this connect external to you organization.

Question No: 493 – (Topic 19)

SSL has been as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to Point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between Point A to Point B?

  1. SSL is redundant if you already have IDS’s in place

  2. SSL will trigger rules at regular interval and force the administrator to turn them off

  3. SSL will make the content of the packet and Intrusion Detection System are blinded

  4. SSL will slow down the IDS while it is breaking the encryption to see the packet content

Answer: C

Explanation: An IDS will not be able to evaluate the content in the packets if it is encrypted.

Question No: 494 – (Topic 19)

Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well- known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS?

  1. He can use a shellcode that will perform a reverse telnet back to his machine

  2. He can use a dynamic return address to overwrite the correct value in the target machine computer memory

  3. He can chain NOOP instructions into a NOOP quot;sledquot; that advances the processor#39;s instruction pointer to a random place of choice

  4. He can use polymorphic shell code-with a tool such as ADMmutate – to change the signature of his exploit as seen by a network IDS

Answer: D

Explanation: ADMmutate is using a polymorphic technique designed to circumvent certain forms of signature based intrusion detection. All network based remote buffer overflow exploits have similarities in how they function. ADMmutate has the ability to emulate the protocol of the service the attacker is attempting to exploit. The data payload (sometimes referred to as an egg) contains the instructions the attacker wants to execute on the target machine. These eggs are generally interchangeable and can be utilized in many different buffer overflow exploits. ADMmutate uses several techniques to randomize the contents of the egg in any given buffer overflow exploit. This randomization effectively changes the content or #39;signature#39; of the exploit without changing the functionality of the exploit.

Question No: 495 – (Topic 19)

What is a sheepdip?

  1. It is another name for Honeynet

  2. It is a machine used to coordinate honeynets

  3. It is the process of checking physical media for virus before they are used in a computer

  4. None of the above

Answer: C

Explanation: Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

Question No: 496 – (Topic 19)

To scan a host downstream from a security gateway, Firewalking:

  1. Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

  2. Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

  3. Sends an ICMP #39;#39;administratively prohibited#39;#39; packet to determine if the gateway will drop the packet without comment.

  4. Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

Answer: B

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.

Question No: 497 – (Topic 19)

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

  1. They are using UDP that is always authorized at the firewall

  2. They are using an older version of Internet Explorer that allow them to bypass the proxy server

  3. They have been able to compromise the firewall, modify the rules, and give themselves

    proper access

  4. They are using tunneling software that allows them to communicate with protocols in a way it was not intended

Answer: D

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.

Question No: 498 – (Topic 19)

Which of the following is not an effective countermeasure against replay attacks?

  1. Digital signatures

  2. Time Stamps

  3. System identification

  4. Sequence numbers

Answer: C

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)

Question No: 499 – (Topic 19)

All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?

  1. They are all Windows based webserver

  2. They are all Unix based webserver

  3. The company is not using IDS

  4. The company is not using a stateful firewall

Answer: D

Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.

Question No: 500 – (Topic 19)

You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

  1. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers

  2. Examining the SMTP header information generated by using the -mx command parameter of DIG

  3. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address

  4. Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers

Answer: C

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.