312-50 EC-Council Exam Questions and Free Practice Test

Question 115

- (Topic 3)
Nathalie would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. Which of the following type of scans would be the most accurate and reliable?

A. A FIN Scan

B. A Half Scan

C. A UDP Scan

D. The TCP Connect Scan

Correct Answer:D
The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. This is the fastest scanning method supported by nmap, and is available with the -t (TCP) option. The big downside is that this sort of scan is easily detectable and filterable.

Question 116

- (Topic 11)
On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?

A. Everyone

B. Guest

C. System

D. Administrator

Correct Answer:C
If not changed during the installation, IIS will execute as Local System with way to high privileges.

Question 117

- (Topic 23)
What is the IV key size used in WPA2?

A. 32

B. 24

C. 16

D. 48

E. 128

Correct Answer:D

Question 118

- (Topic 3)
War dialing is a very old attack and depicted in movies that were made years ago. Why would a modem security tester consider using such an old technique?

A. It is cool, and if it works in the movies it must work in real life.

B. It allows circumvention of protection mechanisms by being on the internal network.

C. It allows circumvention of the company PBX.

D. A good security tester would not use such a derelict technique.

Correct Answer:B
If you are lucky and find a modem that answers and is connected to the target network, it usually is less protected (as only employees are supposed to know of its existence) and once connected you don’t need to take evasive actions towards any firewalls or IDS.

Question 119

- (Topic 15)
Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP?
Select the best answer.

A. Stands for Wireless Encryption Protocol

B. It makes a WLAN as secure as a LAN

C. Stands for Wired Equivalent Privacy

D. It offers end to end security

Correct Answer:C
Explanations:
WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired, this makes access much easier. Also, WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network.

Question 120

- (Topic 5)
Which of the following are well know password-cracking programs?(Choose all that apply.

A. L0phtcrack

B. NetCat

C. Jack the Ripper

D. Netbus

E. John the Ripper

Correct Answer:AE
L0phtcrack and John the Ripper are two well know password-cracking programs. Netcat is considered the Swiss-army knife of hacking tools, but is not used for password cracking

START 312-50 EXAM