312-50 EC-Council Exam Questions and Free Practice Test

Question 97

- (Topic 19)
An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.
Which of the following strategies can be used to defeat detection by a network- based IDS application? (Choose the best answer)

A. Create a network tunnel.

B. Create a multiple false positives.

C. Create a SYN flood.

D. Create a ping flood.

Correct Answer:A
Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.

Question 98

- (Topic 3)
312-50 dumps exhibit
Which of the following nmap command in Linux procedures the above output?

A. sudo nmap –sP 192.168.0.1/24

B. root nmap –sA 192.168.0.1/24

C. run nmap –TX 192.168.0.1/24

D. launch nmap –PP 192.168.0.1/24

Correct Answer:A
This is an output from a ping scan. The option –sP will give you a ping scan of the 192.168.0.1/24 network.

Question 99

- (Topic 23)
You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?

A. System services

B. EXEC master access

C. xp_cmdshell

D. RDC

Correct Answer:C

Question 100

- (Topic 23)
Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys
Which step would you perform to detect this type of Trojan?
312-50 dumps exhibit

A. Scan for suspicious startup programs using msconfig

B. Scan for suspicious network activities using Wireshark

C. Scan for suspicious device drivers in c:\windows\system32\drivers

D. Scan for suspicious open ports using netstat

Correct Answer:C

Question 101

- (Topic 7)
Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

A. Snort

B. argus

C. TCPflow

D. Tcpdump

Correct Answer:C
Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.

Question 102

- (Topic 23)
Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
312-50 dumps exhibit

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

A. Alternate between typing the login credentials and typing characters somewhere else in the focus window

B. Type a wrong password first, later type the correct password on the login page defeating the keylogger recording

C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.

D. The next key typed replaces selected text portio

E. E.

F. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"

G. The next key typed replaces selected text portio

H. E.

I. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"

Correct Answer:ACDE

START 312-50 EXAM