[Free] 2018(Jan) EnsurePass Testking ECCouncil 312-50 Dumps with VCE and PDF 511-520

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 511 – (Topic 19)

Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized.

What type of technique might be used by these offenders to access the Internet without restriction?

  1. They are using UDP which is always authorized at the firewall.

  2. They are using tunneling software which allows them to communicate with protocols in a way it was not intended.

  3. They have been able to compromise the firewall, modify the rules, and give themselves proper access.

  4. They are using an older version of Internet Explorer that allows them to bypass the

proxy server.

Answer: B

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.

Question No: 512 – (Topic 19)

You are doing IP spoofing while you scan your target. You find that the target has port 23 open.Anyway you are unable to connect. Why?

  1. A firewall is blocking port 23

  2. You cannot spoof TCP

  3. You need an automated telnet tool

  4. The OS does not reply to telnet even if port 23 is open

Answer: A

Explanation: Explanation: The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of three states – “open”, “closed”, or “filtered” a port can be in an “open” state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for bsd). C and D to make any sense for this question, their bogus, and B, “You cannot spoof TCP”, well you can spoof TCP, so we strike that out.

Question No: 513 – (Topic 19)

Bob, an Administrator at company was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, including administrative tasks suck as configuring routers,

firewalls, IDS, via Telnet.

Bob, being an unhappy administrator, seeks your help to assist him in ensuring that attackers such as Trent will not be able to launch a session hijack in company.

Based on the above scenario, please choose which would be your corrective measurement actions (Choose two)

  1. Use encrypted protocols, like those found in the OpenSSH suite.

  2. Implement FAT32 filesystem for faster indexing and improved performance.

  3. Configure the appropriate spoof rules on gateways (internal and external).

  4. Monitor for CRP caches, by using IDS products.

Answer: A,C

Explanation: First you should encrypt the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e- commerce services, because it completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack. By configuring the appropriate spoof rules you prevent the attacker from using the same IP address as the victim as thus you can implement secondary check to see that the IP does not change in the middle of the session.

Question No: 514 – (Topic 19)

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C functions do not check bounds. Identify the line the source code that might lead to buffer overflow.

Ensurepass 2018 PDF and VCE

  1. Line number 31.

  2. Line number 15

  3. Line number 8

  4. Line number 14

Answer: B

Question No: 515 – (Topic 19)

The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. From the options given below choose the one best interprets the following entry:

Apr 26 06:43:05 [6282] IDS181/nops-x86: -gt;

(Note: The objective of this question is to test whether the student can read basic

information from log entries and interpret the nature of attack.)

Ensurepass 2018 PDF and VCE

Interpret the following entry:

Apr 26 06:43:05 [6283]: IDS181/nops-x86: -gt;

  1. An IDS evasion technique

  2. A buffer overflow attempt

  3. A DNS zone transfer

  4. Data being retrieved from

Answer: B

Explanation: The IDS log file is depicting numerous attacks, however, most of them are from different attackers, in reference to the attack in question, he is trying to mask his activity by trying to act legitimate, during his session on the honeypot, he changes users two times by using the quot;suquot; command, but never triess to attempt anything to severe.

Question No: 516 – (Topic 19)

Blake is in charge of securing all 20 of his company’s servers. He has enabled hardware and software firewalls, hardened the operating systems and disabled all

unnecessary service on all the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of the servers that requires the telnet service to function properly. Blake is especially concerned about his since telnet can be a very large security risk in an organization. Blake is concerned about how his particular server might look to an outside attacker so he decides to perform some footprinting scanning and penetration tests on the server. Blake telents into the server and types the following command:


After pressing enter twice, Blake gets the following results: What has the Blake just accomplished?

Ensurepass 2018 PDF and VCE

  1. Grabbed the banner

  2. Downloaded a file to his local computer

  3. Submitted a remote command to crash the server

  4. Poisoned the local DNS cache of the server

Answer: A

Question No: 517 – (Topic 19)

1 ( 0.724 ms 3.285 ms 0.613 ms

2 ip68-98-176-1.nv.nv.cox.net ( 12.169 ms 14.958 ms 13.416


3 ip68-98-176-1.nv.nv.cox.net ( 13.948 ms

ip68-100-0-1.nv.nv.cox.net ( 16.743 ms 16.207 ms

4 ip68-100-0-137.nv.nv.cox.net ( 17.324 ms 13.933 ms

20.938 ms

5 ( 12.439 ms 220.166 ms 204.170 ms

6 so-6-0-0.gar2.wdc1.Level3.net ( 16.177 ms 25.943 ms

14.104 ms

7 unknown.Level3.net ( 14.227 ms 17.553 ms 15.415 ms

8 so-0-1-0.bbr1.NewYork1.level3.net ( 17.063 ms 20.960 ms

19.512 ms

9 so-7-0-0.gar1.NewYork1.Level3.net ( 20.334 ms 19.440 ms

17.938 ms

10 so-4-0-0.edge1.NewYork1.Level3.net ( 27.526 ms 18.317

ms 21.202 ms

11 uunet-level3-oc48.NewYork1.Level3.net ( 21.411 ms

19.133 ms 18.830 ms

12 0.so-6-0-0.XL1.NYC4.ALTER.NET ( 21.203 ms 22.670 ms

20.111 ms

13 0.so-2-0-0.TL1.NYC8.ALTER.NET ( 30.929 ms 24.858 ms

23.108 ms

14 0.so-4-1-0.TL1.ATL5.ALTER.NET ( 37.894 ms 33.244 ms

33.910 ms

15 0.so-7-0-0.XL1.MIA4.ALTER.NET ( 51.165 ms 49.935 ms

49.466 ms

16 0.so-3-0-0.XR1.MIA4.ALTER.NET ( 50.937 ms 49.005 ms

51.055 ms

17 117.ATM6-0.GW5.MIA1.ALTER.NET ( 51.897 ms 50.280 ms

53.647 ms

18 target-gw1.customer.alter.net ( 51.921 ms 51.571 ms

56.855 ms

19 www.target.com lt;http://www.target.com/gt; ( 52.191 ms

52.571 ms 56.855 ms

20 www.target.com lt;http://www.target.com/gt; ( 53.561 ms

54.121 ms 58.333 ms

You perform the above traceroute and notice that hops 19 and 20 both show the same IP address. This probably indicates what?

  1. A host based IDS

  2. A Honeypot

  3. A stateful inspection firewall

  4. An application proxying firewall

Answer: C

Question No: 518 – (Topic 19)

When referring to the Domain Name Service, what is denoted by a ‘zone’?

  1. It is the first domain that belongs to a company.

  2. It is a collection of resource records.

  3. It is the first resource record type in the SOA.

  4. It is a collection of domains.

Answer: B

Explanation: A reasonable definition of a zone would be a portion of the DNS namespace

where responsibility has been delegated.

Topic 20, Buffer Overflows

Question No: 519 – (Topic 20)

Which of the following built-in C/C functions you should avoid to prevent your program from buffer overflow attacks?

  1. strcpy()

  2. strcat()

  3. streadd()

  4. strscock()

Answer: A,B,C

Explanation: When hunting buffer overflows, the first thing to look for is functions which write into arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you#39;re using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str…() family which expect NUL-terminated strings actually get them – store a #39;\0#39; in the last element of each array involved just before you call the function, if necessary.

Strscock() is not a valid C/C function.

Question No: 520 – (Topic 20)

Choose one of the following pseudo codes to describe this statement:

If we have written 200 characters to the buffer variable, the stack should stop

because it cannot hold any more data.

  1. If (I gt; 200) then exit (1)

  2. If (I lt; 200) then exit (1)

  3. If (I lt;= 200) then exit (1)

  4. If (I gt;= 200) then exit (1)

Answer: D

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.