312-50 EC-Council Exam Questions and Free Practice Test

Question 49

- (Topic 5)
An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile> 1234
He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?

A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234

B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine> 1234

C. Machine A: netcat -l -p 1234 < testfile> 1234 -pw password

D. Use cryptcat instead of netcat

Correct Answer:D
Netcat cannot encrypt the file transfer itself but would need to use a third
party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption.

Question 50

- (Topic 15)
On wireless networks, SSID is used to identify the network. Why are SSID not
considered to be a good security mechanism to protect a wireless networks?

A. The SSID is only 32 bits in length.

B. The SSID is transmitted in clear text.

C. The SSID is the same as the MAC address for all vendors.

D. The SSID is to identify a station, not a network.

Correct Answer:B
The SSID IS constructed to identify a network, it IS NOT the same as the MAC address and SSID’s consists of a maximum of 32 alphanumeric characters.

Question 51

- (Topic 5)
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A. All are hacking tools developed by the legion of doom

B. All are tools that can be used not only by hackers, but also security personnel

C. All are DDOS tools

D. All are tools that are only effective against Windows

E. All are tools that are only effective against Linux

Correct Answer:C
All are DDOS tools.

Question 52

- (Topic 19)
Exhibit
312-50 dumps exhibit
Study the log given in the exhibit,
Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

A. Disallow UDP 53 in from outside to DNS server

B. Allow UDP 53 in from DNS server to outside

C. Disallow TCP 53 in from secondaries or ISP server to DNS server

D. Block all UDP traffic

Correct Answer:C
According to the exhibit, the question is regarding the DNS Zone Transfer. Since Zone Transfers are done with TCP port 53, you should not allow this connect external to you organization.

Question 53

- (Topic 23)
Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:
312-50 dumps exhibit
From the above list identify the user account with System Administrator privileges?

A. John

B. Rebecca

C. Sheela

D. Shawn

E. Somia

F. Chang

G. Micah

Correct Answer:F

Question 54

- (Topic 5)
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?

A. There is a NIDS present on that segment.

B. Kerberos is preventing it.

C. Windows logons cannot be sniffed.

D. L0phtcrack only sniffs logons to web servers.

Correct Answer:B
In a Windows 2000 network using Kerberos you normally use pre- authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.

START 312-50 EXAM