Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 421-430

September 22, 2017

EnsurePass
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 421 – (Topic 15)

Bob reads an article about how insecure wireless networks can be. He gets approval from his management to implement a policy of not allowing any wireless devices on the network. What other steps does Bob have to take in order to successfully implement this? (Select 2 answer.)

  1. Train users in the new policy.

  2. Disable all wireless protocols at the firewall.

  3. Disable SNMP on the network so that wireless devices cannot be configured.

  4. Continuously survey the area for wireless devices.

Answer: A,D

Explanation: If someone installs a access point and connect it to the network there is no way to find it unless you are constantly surveying the area for wireless devices. SNMP and firewalls can not prevent the installation of wireless devices on the corporate network.

Question No: 422 – (Topic 15)

Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

  1. There is no mutual authentication between wireless clients and access points

  2. Automated tools like AirSnort are available to discover WEP keys

  3. The standard does not provide for centralized key management

  4. The 24 bit Initialization Vector (IV) field is too small

Answer: C

Explanation: The lack of centralized key management in itself is not a reason that the WEP encryption is vulnerable, it is the people setting the user shared key that makes it unsecure.

Topic 16, Virus and Worms

Question No: 423 – (Topic 16)

Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?

  1. System integrity verification tools

  2. Anti-Virus Software

  3. A properly configured gateway

  4. There is no way of finding out until a new updated signature file is released

Answer: A

Explanation: Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.

Question No: 424 – (Topic 16)

The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.

Which of the following Database Server was targeted by the slammer worm?

  1. Oracle

  2. MSSQL

  3. MySQL

  4. Sybase

  5. DB2

Answer: B

Explanation: W32.Slammer is a memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in SQL Server 2000 systems and systems with MSDE 2000 that have not applied the patch released by Microsoft Security Bulletin MS02-039.

Question No: 425 – (Topic 16)

What are the main drawbacks for anti-virus software?

  1. AV software is difficult to keep up to the current revisions.

  2. AV software can detect viruses but can take no action.

  3. AV software is signature driven so new exploits are not detected.

  4. It’s relatively easy for an attacker to change the anatomy of an attack to bypass AV systems

  5. AV software isn’t available on all major operating systems platforms.

  6. AV software is very machine (hardware) dependent.

Answer: C

Explanation: Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses.

Question No: 426 – (Topic 16)

What is the best means of prevention against viruses?

  1. Assign read only permission to all files on your system.

  2. Remove any external devices such as floppy and USB connectors.

  3. Install a rootkit detection tool.

  4. Install and update anti-virus scanner.

Answer: D

Explanation: Although virus scanners only can find already known viruses this is still the best defense, together with users that are informed about risks with the internet.

Question No: 427 – (Topic 16)

Which of the following is one of the key features found in a worm but not seen in a virus?

  1. The payload is very small, usually below 800 bytes.

  2. It is self replicating without need for user intervention.

  3. It does not have the ability to propagate on its own.

  4. All of them cannot be detected by virus scanners.

Answer: B

Explanation: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided.

Question No: 428 – (Topic 16)

Which are true statements concerning the BugBear and Pretty Park worms? Select the best answers.

  1. Both programs use email to do their work.

  2. Pretty Park propagates via network shares and email

  3. BugBear propagates via network shares and email

  4. Pretty Park tries to connect to an IRC server to send your personal passwords.

  5. Pretty Park can terminate anti-virus applications that might be running to bypass them.

Answer: A,C,D

Explanation: Explanations: Both Pretty Park and BugBear use email to spread. Pretty Park cannot propagate via network shares, only email. BugBear propagates via network shares and email. It also terminates anti-virus applications and acts as a backdoor server for someone to get into the infected machine. Pretty Park tries to connect to an IRC server to send your personal passwords and all sorts of other information it retrieves from your PC.

Pretty Park cannot terminate anti-virus applications. However, BugBear can terminate AV software so that it can bypass them.

Question No: 429 – (Topic 16)

You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this?

GET /scripts/root.exe?/c dir GET /MSADC/root.exe?/c dir

GET /c/winnt/system32/cmd.exe?/c dir GET /d/winnt/system32/cmd.exe?/c dir

GET /scripts/..\../winnt/system32/cmd.exe?/c dir

GET /_vti_bin/..\../..\../..\../winnt/system32/cmd.exe?/c dir GET /_mem_bin/..\../..\../..\../winnt/system32/cmd.exe?/c dir GET

/msadc/..\../..\../..\/..xc1x1c../..xc1x1c../..xc1x1c../winnt/system32/cmd.exe?/c di r

GET /scripts/..xc1x1c../winnt/system32/cmd.exe?/c dir GET /scripts/..xc0/../winnt/system32/cmd.exe?/c dir GET /scripts/..xc0xaf../winnt/system32/cmd.exe?/c dir GET /scripts/..xc1x9c../winnt/system32/cmd.exe?/c dir GET /scripts/..5c../winnt/system32/cmd.exe?/c dir GET /scripts/..5c../winnt/system32/cmd.exe?/c dir GET /scripts/..\../winnt/system32/cmd.exe?/c dir GET /scripts/../../winnt/system32/cmd.exe?/c dir

  1. The Morris worm

  2. The PIF virus

  3. Trinoo

  4. Nimda

  5. Code Red

  6. Ping of Death

Answer: D

Explanation: The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.

Question No: 430 – (Topic 16)

June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

  1. No. June can#39;t use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus

  2. Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus

  3. Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus

  4. No. June can#39;t use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

Answer: D

Explanation: Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE