Halloween Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil 312-50 Ethical Hacking and Countermeasures Exam Practice Test

Page: 1 / 77
Total 765 questions

Ethical Hacking and Countermeasures Questions and Answers

Question 1

Which of the following is a detective control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Question 2

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Question 3

A covert channel is a channel that

Options:

A.

transfers information over, within a computer system, or network that is outside of the security policy.

B.

transfers information over, within a computer system, or network that is within the security policy.

C.

transfers information via a communication path within a computer system, or network for transfer of data.

D.

transfers information over, within a computer system, or network that is encrypted.

Question 4

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

Options:

A.

Reject all invalid email received via SMTP.

B.

Allow full DNS zone transfers.

C.

Remove A records for internal hosts.

D.

Enable null session pipes.

Question 5

Which of the following techniques will identify if computer files have been changed?

Options:

A.

Network sniffing

B.

Permission sets

C.

Integrity checking hashes

D.

Firewall alerts

Question 6

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Options:

A.

WHOIS

B.

IANA

C.

CAPTCHA

D.

IETF

Question 7

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Question # 7

Options:

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

Question 8

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

Question # 8

What is most likely taking place?

Options:

A.

Ping sweep of the 192.168.1.106 network

B.

Remote service brute force attempt

C.

Port scan of 192.168.1.106

D.

Denial of service attack on 192.168.1.106

Question 9

Least privilege is a security concept that requires that a user is

Options:

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

Question 10

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

Options:

A.

Passive

B.

Reflective

C.

Active

D.

Distributive

Question 11

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

Options:

A.

white box

B.

grey box

C.

red box

D.

black box

Question 12

If the final set of security controls does not eliminate all risk in a system, what could be done next?

Options:

A.

Continue to apply controls until there is zero risk.

B.

Ignore any remaining risk.

C.

If the residual risk is low enough, it can be accepted.

D.

Remove current controls since they are not completely effective.

Question 13

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Question 14

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Question 15

Bluetooth uses which digital modulation technique to exchange information between paired devices?

Options:

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Question 16

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Options:

A.

Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Question 17

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Options:

A.

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

B.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

C.

Network firewalls can prevent attacks if they are properly configured.

D.

Network firewalls cannot prevent attacks because they are too complex to configure.

Question 18

In order to show improvement of security over time, what must be developed?

Options:

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

Question 19

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Options:

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Question 20

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Question 21

Which of the following is an application that requires a host application for replication?

Options:

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

Question 22

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Options:

A.

Microsoft Security Baseline Analyzer

B.

Retina

C.

Core Impact

D.

Microsoft Baseline Security Analyzer

Question 23

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

Options:

A.

The consultant will ask for money on the bid because of great work.

B.

The consultant may expose vulnerabilities of other companies.

C.

The company accepting bids will want the same type of format of testing.

D.

The company accepting bids will hire the consultant because of the great work performed.

Question 24

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

Options:

A.

Netsh firewall show config

B.

WMIC firewall show config

C.

Net firewall show config

D.

Ipconfig firewall show config

Question 25

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Options:

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Question 26

Which type of security document is written with specific step-by-step details?

Options:

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Question 27

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

Options:

A.

Sarbanes-Oxley Act (SOX)

B.

Gramm-Leach-Bliley Act (GLBA)

C.

Fair and Accurate Credit Transactions Act (FACTA)

D.

Federal Information Security Management Act (FISMA)

Question 28

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Question 29

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

Options:

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Question 30

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Options:

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Question 31

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Question 32

How do employers protect assets with security policies pertaining to employee surveillance activities?

Options:

A.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Question 33

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Question 34

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Question 35

Which of the statements concerning proxy firewalls is correct?

Options:

A.

Proxy firewalls increase the speed and functionality of a network.

B.

Firewall proxy servers decentralize all activity for an application.

C.

Proxy firewalls block network packets from passing to and from a protected network.

D.

Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

Question 36

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Options:

A.

Detective

B.

Passive

C.

Intuitive

D.

Reactive

Question 37

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Question 38

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Question 39

Which of the following items is unique to the N-tier architecture method of designing software applications?

Options:

A.

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

B.

It is compatible with various databases including Access, Oracle, and SQL.

C.

Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

D.

Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Question 40

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

Options:

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

Question 41

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Options:

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Question 42

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Question 43

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Options:

A.

Teardrop

B.

SYN flood

C.

Smurf attack

D.

Ping of death

Question 44

Which cipher encrypts the plain text digit (bit or byte) one by one?

Options:

A.

Classical cipher

B.

Block cipher

C.

Modern cipher

D.

Stream cipher

Question 45

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

Options:

A.

It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

B.

If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.

C.

Hashing is faster compared to more traditional encryption algorithms.

D.

Passwords stored using hashes are non-reversible, making finding the password much more difficult.

Question 46

Advanced encryption standard is an algorithm used for which of the following?

Options:

A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Question 47

Which of the following is an example of IP spoofing?

Options:

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Question 48

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Options:

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

Question 49

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options:

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Question 50

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options:

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Question 51

Which initial procedure should an ethical hacker perform after being brought into an organization?

Options:

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Question 52

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Question 53

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options:

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Question 54

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

Options:

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Question 55

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Question 56

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Options:

A.

Wireshark

B.

Maltego

C.

Metasploit

D.

Nessus

Question 57

While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noticed that outbound HTTP traffic is being allowed. What type of firewall is being utilized for the outbound traffic?

Options:

A.

Stateful

B.

Application

C.

Circuit

D.

Packet Filtering

Question 58

Which of the following is assured by the use of a hash?

Options:

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Question 59

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Options:

A.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

B.

Attempts by attackers to access the user and password information stored in the company's SQL database.

C.

Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D.

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

Question 60

The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

Options:

A.

$62.5

B.

$250

C.

$125

D.

$65.2

Page: 1 / 77
Total 765 questions