312-50 EC-Council Exam Questions and Free Practice Test

Question 85

- (Topic 23)
In Trojan terminology, what is a covert channel?
312-50 dumps exhibit

A. A channel that transfers information within a computer system or network in a way that violates the security policy

B. A legitimate communication path within a computer system or network for transfer of data

C. It is a kernel operation that hides boot processes and services to mask detection

D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Correct Answer:A

Question 86

- (Topic 20)
When writing shellcodes, you must avoid because these will end the string.
312-50 dumps exhibit

A. Null Bytes

B. Root Bytes

C. Char Bytes

D. Unicode Bytes

Correct Answer:A
The null character (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets, and available in nearly all mainstream programming languages. The original meaning of this character was like NOP — when sent to a printer or a terminal, it does nothing (some terminals, however, incorrectly display it as space). Strings ending in a null character are said to be null-terminated.

Question 87

- (Topic 11)
Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

A. Internet Printing Protocol (IPP) buffer overflow

B. Code Red Worm

C. Indexing services ISAPI extension buffer overflow

D. NeXT buffer overflow

Correct Answer:ABC
Both the buffer overflow in the Internet Printing Protocol and the ISAPI extension buffer overflow is explained in Microsoft Security Bulletin MS01-023. The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.

Question 88

- (Topic 9)
Usernames, passwords, e-mail addresses, and the location of CGI scripts may be obtained from which of the following information sources?

A. Company web site

B. Search engines

C. EDGAR Database query

D. Whois query

Correct Answer:A
Whois query would not enable us to find the CGI scripts whereas in the actual website, some of them will have scripts written to make the website more user friendly. The EDGAR database would in fact give us a lot of the information requested but not the location of CGI scripts, as would a simple search engine on the Internet if you have the time needed.

Question 89

- (Topic 4)
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

A. 137 and 139

B. 137 and 443

C. 139 and 443

D. 139 and 445

Correct Answer:D
NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Primarily the following ports are vulnerable if they are accessible:
139
TCP
NETBIOS Session Service 139
UDP
NETBIOS Session Service
445
TCP SMB/CIFS

Question 90

- (Topic 14)
Exhibit:
312-50 dumps exhibit
You are conducting pen-test against a company’s website using SQL Injection techniques. You enter “anuthing or 1=1-“ in the username filed of an authentication form. This is the output returned from the server.
What is the next step you should do?

A. Identify the user context of the web application by running_ http://www.example.com/order/include_rsa_asp?pressReleaseID=5 ANDUSER_NAME() = ‘dbo’

B. Identify the database and table name by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 ANDascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=’U’),1))) > 109

C. Format the C: drive and delete the database by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; --

D. Reboot the web server by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘iisreset –reboot’; --

Correct Answer:A

START 312-50 EXAM