312-50 EC-Council Exam Questions and Free Practice Test

Question 7

- (Topic 5)
_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

A. Canonicalization

B. Character Mapping

C. Character Encoding

D. UCS transformation formats

Correct Answer:A
Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a "standard" canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.

Question 8

- (Topic 13)
Which of the following is most effective against passwords ? Select the Answer

A. Dictionary Attack

B. BruteForce attack

C. Targeted Attack

D. Manual password Attack

Correct Answer:B
The most effective means of password attack is brute force, in a brute force attack the program will attempt to use every possible combination of characters. While this takes longer then a dictionary attack, which uses a text file of real words, it is always capable of breaking the password.

Question 9

- (Topic 23)
This method is used to determine the Operating system and version running on a remote target system. What is it called?

A. Service Degradation

B. OS Fingerprinting

C. Manual Target System

D. Identification Scanning

Correct Answer:B

Question 10

- (Topic 20)
You have been using the msadc.pl attack script to execute arbitrary commands on an NT4 web server. While it is effective, you find it tedious to perform extended functions. On further research you come across a perl script that runs the following msadc functions:
312-50 dumps exhibit
What kind of exploit is indicated by this script?

A. A buffer overflow exploit.

B. A SUID exploit.

C. A SQL injection exploit.

D. A chained exploit.

E. A buffer under run exploit.

Correct Answer:D

Question 11

- (Topic 23)
If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response?

A. The zombie computer will respond with an IPID of 24334.

B. The zombie computer will respond with an IPID of 24333.

C. The zombie computer will not send a response.

D. The zombie computer will respond with an IPID of 24335.

Correct Answer:C

Question 12

- (Topic 6)
You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:) for data with the following text “Credit Card” and “password”. It then zips all the scanned files and sends an email to a predefined hotmail address.
You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent?

A. HKEY_LOCAL_MACHINE\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServic es

B. HKEY_LOCAL_USER\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices

C. HKEY_LOCAL_SYSTEM\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunService s

D. HKEY_CURRENT_USER\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServic es

Correct Answer:A
HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted.

START 312-50 EXAM