Latest ECCouncil 312-50v8 Real Exam Download 791-800

Ensurepass

QUESTION 791

You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.

What caused this?

clip_image002

A. The Morris worm

B. The PIF virus

C. Trinoo

D. Nimda

E. Code Red

F. Ping of Death

 

Answer: D 

The Nimda worm modifies all web content files it finds. As a result,any user browsing web content on the system,whether via the file system or via a web server,may download a copy of the worm. Some browsers may automatically execute the downloaded copy,thereby,infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.

 

 

QUESTION 792

Which are true statements concerning the BugBear and Pretty Park worms?

Select the best answers.

 

A. Both programs use email to do their work.

B. Pretty Park propagates via network shares and email

C. BugBear propagates via network shares and email

D. Pretty Park tries to connect to an IRC server to send your personal passwords.

E. Pretty Park can terminate anti-virus applications that might be running to bypass them.

 

Answer: A,C,D 

Explanations: Both Pretty Park and BugBear use email to spread. Pretty Park cannot propagate via network shares,only email. BugBear propagates via network shares and email. It also terminates anti-virus applications and acts as a backdoor server for someone to get into the infected machine. Pretty Park tries to connect to an IRC server to send your personal passwords and all sorts of other information it retrieves from your PC. Pretty Park cannot terminate anti-virus applications. However,BugBear can terminate AV software so that it can bypass them.

 

 

QUESTION 793

One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3.

In the list below which of the choices represent the level that forces NetWare to sign all packets?

 

A. 0 (zero)

B. 1

C. 2

D. 3

 

Answer: D 

0Server does not sign packets (regardless of the client level).

1Server signs packets if the client is capable of signing (client level is 2 or higher).

2Server signs packets if the client is capable of signing (client level is 1 or higher).

3Server signs packets and requires all clients to sign packets or logging in will fail.

 

 

QUESTION 794

Which is the Novell Netware Packet signature level used to sign all packets ?

 

A. 0

B. 1

C. 2

D. 3

 

Answer: D 

Level 0 is no signature,Level 3 is communication using signature only.

 

 

QUESTION 795

If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

 

A. True

B. False

 

Answer: A

 When and ACK is sent to an open port,a RST is returned.

 

 

QUESTION 796

If you perform a port scan with a TCP ACK packet, what should an OPEN port return?

 

A. RST

B. No Reply

C. SYN/ACK

D. FIN

 

Answer: A

 Open ports return RST to an ACK scan.

 

 

QUESTION 797

Pandora is used to attack __________ network operating systems.

 

A. Windows

B. UNIX

C. Linux

D. Netware

E. MAC OS

 

Answer: D 

While there are not lots of tools available to attack Netware,Pandora is one that can be used.

 

 

QUESTION 798

What is the name of the software tool used to crack a single account on Netware Servers using a dictionary attack?

 

A. NPWCrack

B. NWPCrack

C. NovCrack

D. CrackNov

E. GetCrack

 

Answer: B

 NWPCrack is the software tool used to crack single accounts on Netware servers.

 

 

QUESTION 799

Which of the following is NOT a valid NetWare access level?

 

A. Not Logged in

B. Logged in

C. Console Access

D. Administrator

 

Answer: D 

Administrator is an account not a access level.

 

 

QUESTION 800

Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.

What is the name of this library?

 

A. NTPCAP

B. LibPCAP

C. WinPCAP

D. PCAP

 

Answer: C

 WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack,and has additional useful features,including kernel-level packet filtering,a network statistics engine and support for remote packet capture.

 

Download Latest ECCouncil 312-50v8 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.