312-50 EC-Council Exam Questions and Free Practice Test

Question 109

- (Topic 7)
Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

A. RSA, LSA, POP

B. SSID, WEP, Kerberos

C. SMB, SMTP, Smart card

D. Kerberos, Smart card, Stanford SRP

Correct Answer:D
Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer.

Question 110

- (Topic 2)
A Company security System Administrator is reviewing the network system log files. He notes the following:
✑ Network log files are at 5 MB at 12:00 noon.
✑ At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?

A. He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

B. He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C. He should log the file size, and archive the information, because the router crashed.

D. He should run a file system check, because the Syslog server has a self correcting file system problem.

E. He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Correct Answer:B
You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy.

Question 111

- (Topic 23)
Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main office switch. What type of port will Neil need to setup in order to accomplish this?

A. Neil will have to configure a Bridged port that will copy all packets to the protocol analyzer.

B. Neil will need to setup SPAN port that will copy all network traffic to the protocol analyzer.

C. He will have to setup an Ether channel port to get a copy of all network traffic to the analyzer.

D. He should setup a MODS port which will copy all network traffic.

Correct Answer:B

Question 112

- (Topic 11)
You work as security technician at ABC.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?

A. Use mget to download all pages locally for further inspection.

B. Use wget to download all pages locally for further inspection.

C. Use get* to download all pages locally for further inspection.

D. Use get() to download all pages locally for further inspection.

Correct Answer:B
Wget is a utility used for mirroring websites, get* doesn’t work, as for the actual FTP command to work there needs to be a space between get and * (ie. get *), get(); is just bogus, that’s a C function that’s written 100% wrong. mget is a command used from “within” ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the –R option (ie. wget –R www.ABC.com) it could mirror a site, all expect protected portions of course.
Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off.

Question 113

- (Topic 4)
Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.
In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B. Hire more computer security monitoring personnel to monitor computer systems and networks.

C. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Correct Answer:A
Bridging the gap would consist of educating the white hats and the black hats equally so that their knowledge is relatively the same. Using books, articles, the internet, and professional training seminars is a way of completing this goal.

Question 114

- (Topic 3)
Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

A. To create a denial of service attack.

B. To verify information about the mail administrator and his address.

C. To gather information about internal hosts used in email treatment.

D. To gather information about procedures that are in place to deal with such messages.

Correct Answer:C
The replay from the email server that states that there is no such recipient will also give you some information about the name of the email server, versions used and so on.

START 312-50 EXAM