Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 351-360

September 22, 2017

EnsurePass
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 351 – (Topic 11)

Barney is looking for a Windows NT/2000/XP command-line tool that can be used to assign display or modify ACLs (Access Control Lists) to files or folders and that could also be used within batch files. Which of the following tools could be used for this purpose?

  1. PERM.EXE

  2. CACLS.EXE

  3. CLACS.EXE

  4. NTPERM.EXE

Answer: B

Explanation: Cacls.exe (Change Access Control Lists) is an executable in Microsoft Windows to change Access Control List (ACL) permissions on a directory, its subcontents, or files. An access control list is a list of permissions for a file or directory that controls who can access it.

Question No: 352 – (Topic 11)

Dan is conducting a penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?

  1. Dan cannot spoof his IP address over TCP network

  2. The server will send replies back to the spoofed IP address

  3. Dan can establish an interactive session only if he uses a NAT

  4. The scenario is incorrect as Dan can spoof his IP and get responses

Answer: B

Explanation: Spoofing your IP address is only effective when there is no need to establish a two way connection as all traffic meant to go to the attacker will end up at the place of the spoofed address.

Question No: 353 – (Topic 11)

You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?

  1. Administrator

  2. IUSR_COMPUTERNAME

  3. LOCAL_SYSTEM

  4. Whatever account IIS was installed with

Answer: C

Explanation: If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM.

Question No: 354 – (Topic 11)

What are the three phases involved in security testing?

  1. Reconnaissance, Conduct, Report

  2. Reconnaissance, Scanning, Conclusion

  3. Preparation, Conduct, Conclusion

  4. Preparation, Conduct, Billing

Answer: C Explanation:

Preparation phase – A formal contract is executed containing non-disclosure of the client#39;s data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test.

Conduct phase – In this phase the penetration test is executed, with the tester looking for potential vulnerabilities.

Conclusion phase – The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.

Question No: 355 – (Topic 11)

You work as security technician at ABC.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?

  1. Use mget to download all pages locally for further inspection.

  2. Use wget to download all pages locally for further inspection.

  3. Use get* to download all pages locally for further inspection.

  4. Use get() to download all pages locally for further inspection.

Answer: B Explanation:

Wget is a utility used for mirroring websites, get* doesn’t work, as for the actual FTP command to work there needs to be a space between get and * (ie. get *), get(); is just bogus, that’s a C function that’s written 100% wrong. mget is a command used from “within” ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the -R option (ie. wget -R www.ABC.com) it could mirror a site, all expect protected portions of course.

Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off.

Topic 12, Web Application Vulnerabilities

Question No: 356 – (Topic 12)

The GET method should never be used when sensitive data such as credit is being sent to a CGI program. This is because any GET command will appear in the URL and will be logged by any servers. For example, let’s say that you’ve entered your credit card information into a form that uses the GET method. The URL may appear like this:

https://www.xsecurity-bank.com/creditcard.asp?cardnumber=454543433532234

The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information.

How would you protect from this type of attack?

  1. Replace the GET with POST method when sending data

  2. Never include sensitive information in a script

  3. Use HTTOS SSLV3 to send the data instead of plain HTTPS

  4. Encrypt the data before you send using GET method

Answer: A

Explanation: If the method is quot;getquot;, the user agent takes the value of action, appends a ? to it, then appends the form data set, encoded using the application/x-www-form- urlencoded content type. The user agent then traverses the link to this URI. If the method is quot;postquot; -, the user agent conducts an HTTP post transaction using the value of the action attribute and a message created according to the content type specified by the enctype attribute.

Question No: 357 – (Topic 12)

Say that quot;abigcompany.comquot; had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been

there for many months. Is there some way to 4go back and see the code for that error?

Select the best answer.

  1. archive.org

  2. There is no way to get the changed webpage unless you contact someone at the company

  3. Usenet

  4. Javascript would not be in their html so a service like usenet or archive wouldn#39;t help you

Answer: A

Explanation: Explanations:

Archive.org is a website that periodically archives internet content. They have archives of websites over many years. It could be used to go back and look at the javascript as javascript would be in the HTML code.

Question No: 358 – (Topic 12)

You have just received an assignment for an assessment at a company site. Company#39;s management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ?

  1. Black box testing

  2. Black hat testing

  3. Gray box testing

  4. Gray hat testing

  5. White box testing

  6. White hat testing

Answer: C

Explanation: Internal Testing is also referred to as Gray-box testing.

Question No: 359 – (Topic 12)

Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of company, he went through a few scanners that are currently available. Here are the scanners that he uses:

->Axent’s NetRecon (http://www.axent.com)

->SARA, by Advanced Research Organization (http://www-arc.com/sara)

->VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)

However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.

What would be the best method to accurately identify the services running on a victim host?

  1. Using Cheops-ng to identify the devices of company.

  2. Using the manual method of telnet to each of the open ports of company.

  3. Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for company.

  4. Using the default port and OS to make a best guess of what services are running on each port for company.

Answer: B

Explanation: By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.

Question No: 360 – (Topic 12)

Bryan notices the error on the web page and asks Liza to enter liza#39; or #39;1#39;=#39;1 in the email field. They are greeted with a message quot;Your login information has been mailed to johndoe@gmail.comquot;. What do you think has occurred?

  1. The web application picked up a record at random

  2. The web application returned the first record it found

  3. The server error has caused the application to malfunction

  4. The web application emailed the administrator about the error

Answer: B

Explanation: The web application sends a query to an SQL database and by giving it the criteria 1=1, which always will be true, it will return the first value it finds.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE