312-50 EC-Council Exam Questions and Free Practice Test

Question 127

- (Topic 21)
Richard is a network Administrator working at a student loan company in lowa. This company processes over 20,000 students loan a year from colleges all over the state. Most communication between the company, schools and lenders is carried out through email. Because of privacy laws that are in the process of being
implemented, Richard wants to get ahead of the game and become compliant before any sort of auditing occurs. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, Richard wants to utilize email encryption agency-wide. The only problem for Richard is that his department only has couple of servers and they are utilized to their full capacity. Since a server-based PKI is not an option for him, he is looking for a low/no cost solution to encrypt email.
What should Richard use?

A. PGP

B. RSA

C. 3DES

D. OTP

Correct Answer:A
PGP (Pretty Good Privacy) is an encryption program being used for secure transmission of files and e-mails. This adapts public-key encryption technology in which pairs of keys are used to maintain secure communication. For PGP-based communication both the sender and receiver should have public and private key pairs. The sender's public key should be distributed to the receiver. Similarly, the receiver's public key should be distributed to the sender. When sending a message or a file, the sender can sign using his private key. Also, the sender's private key is never distributed. All encryption is made on the workstation sending the e-mail.

Question 128

- (Topic 23)
You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123.
Here is the output of your scan results:
312-50 dumps exhibit
Which of the following nmap command did you run?

A. nmap -A -sV -p21,110,123 10.0.0.5

B. nmap -F -sV -p21,110,123 10.0.0.5

C. nmap -O -sV -p21,110,123 10.0.0.5

D. nmap -T -sV -p21,110,123 10.0.0.5

Correct Answer:C

Question 129

- (Topic 23)
An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don't respond to requests with invalid community strings and the underlying protocol does not reliably report closed ports. This means that 'no response' from the probed IP address can mean which of the following:
(Select up to 3)

A. Invalid community string

B. S-AUTH protocol is running on the SNMP server

C. Machine unreachable

D. SNMP server not running

Correct Answer:ACD
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

Question 130

- (Topic 15)
Jacob would like your advice on using a wireless hacking tool that can save him time and get him better results with lesser packets. You would like to recommend a tool that uses KoreK's implementation. Which tool would you recommend from the list below?

A. Kismet

B. Shmoo

C. Aircrack

D. John the Ripper

Correct Answer:C
Implementing KoreK's attacks as well as improved FMS, aircrack provides the fastest and most effective statistical attacks available. John the Ripper is a password cracker, Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system, and

Question 131

- (Topic 19)
Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

A. Eric network has been penetrated by a firewall breach

B. The attacker is using the ICMP protocol to have a covert channel

C. Eric has a Wingate package providing FTP redirection on his network

D. Somebody is using SOCKS on the network to communicate through the firewall

Correct Answer:D
Port Description:
SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to.mil domain hosts.

Question 132

- (Topic 7)
Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.
Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

A. Ethernet Zapping

B. MAC Flooding

C. Sniffing in promiscuous mode

D. ARP Spoofing

Correct Answer:BD
In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be
sniffed) or an unreachable host (a denial of service attack).

START 312-50 EXAM