Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 461-470

September 22, 2017

EnsurePass
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 461 – (Topic 19)

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this?

  1. Block TCP at the firewall

  2. Block UDP at the firewall

  3. Block ICMP at the firewall

  4. There is no way to completely block tracerouting into this area

Answer: D

Explanation: If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have.

Question No: 462 – (Topic 19)

What do you conclude from the nmap results below?

Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/)

(The 1592 ports scanned but not shown below are in state: closed) PortStateService

21/tcpopenftp 25/tcpopensmtp 80/tcpopenhttp 443/tcpopenhttps

Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed – 1 IP address (1 host up) scanned in 91.66 seconds

  1. The system is a Windows Domain Controller.

  2. The system is not firewalled.

  3. The system is not running Linux or Solaris.

  4. The system is not properly patched.

Answer: B

Explanation: There is no reports of any ports being filtered.

Question No: 463 – (Topic 19)

Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

  1. Eric network has been penetrated by a firewall breach

  2. The attacker is using the ICMP protocol to have a covert channel

  3. Eric has a Wingate package providing FTP redirection on his network

  4. Somebody is using SOCKS on the network to communicate through the firewall

Answer: D Explanation: Port Description:

SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port – good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to.mil domain hosts.

Question No: 464 – (Topic 19)

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address : 00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type : 0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP:

Service Type = 0 (0x0) IP: Precedence = Routine IP: …0…. = Normal Delay IP: ….0… = Normal Throughput IP: …..0.. = Normal

Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652 (0x1DE4) IP: Flags Summary = 2 (0x2) IP: …….0 = Last fragment in datagram IP: ……1. = Cannot fragment datagram IP: Fragment Offset = 0

(0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP – Transmission Control IP: Checksum = 0xC26D IP: Source Address =

10.0.0.2 IP:

Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number =

97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5) TCP:

Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags = 0x10 : .A…. TCP: ..0….. = No urgent data TCP: …1…. =

Acknowledgement field significant TCP: ….0… = No Push function TCP:

…..0.. = No Reset TCP: ……0. = No Synchronize TCP: …….0 = No

Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent Pointer = 0 (0x0)

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

  1. Create a SYN flood

  2. Create a network tunnel

  3. Create multiple false positives

  4. Create a ping flood

Answer: B

Explanation: Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.

Question No: 465 – (Topic 19)

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.

How can you achieve this?

  1. Block ICMP at the firewall.

  2. Block UDP at the firewall.

  3. Both A and B.

  4. There is no way to completely block doing a trace route into this area.

Answer: D

Explanation: When you run a traceroute to a target network address, you send a UDP packet with one time to live (TTL) to the target address. The first router this packet hits decreases the TTL to 0 and rejects the packet. Now the TTL for the packet is expired. The router sends back an ICMP message type 11 (Exceeded) code 0 (TTL-Exceeded) packet to your system with a source address. Your system displays the round-trip time for that first hop and sends out the next UDP packet with a TTL of 2.This process continues until you receive an ICMP message type 3 (Unreachable) code 3 (Port-Unreachable) from the destination system. Traceroute is completed when your machine receives a Port- Unreachable message.If you receive a message with three asterisks [* * *] during the traceroute, a router in the path doesn#39;t return ICMP messages. Traceroute will continue to send UDP packets until the destination is reached or the maximum number of hops is exceeded.

Question No: 466 – (Topic 19)

What is the purpose of firewalking?

  1. It#39;s a technique used to discover Wireless network on foot

  2. It#39;s a technique used to map routers on a network link

  3. It#39;s a technique used to discover interface in promiscuous mode

  4. It#39;s a technique used to discover what rules are configured on a gateway

Answer: D

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information

can pass through a given gateway.

Question No: 467 – (Topic 19)

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi- million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

  1. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.

  2. Send your attack traffic and look for it to be dropped by the IDS.

  3. Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.

  4. The sniffing interface cannot be detected.

Answer: D

Explanation: When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected.

Question No: 468 – (Topic 19)

If you come across a sheepdip machaine at your client site, what would you infer?

  1. A sheepdip computer is used only for virus checking.

  2. A sheepdip computer is another name for honeypop.

  3. A sheepdip coordinates several honeypots.

  4. A sheepdip computer defers a denial of service attack.

Answer: A

Explanation: Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

Question No: 469 – (Topic 19)

Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program. However, he is aware that not all inbound ports on the firewall are in the open state.

From the list given below, identify the port that is most likely to be open and allowed to reach the server that Carl has just compromised.

A. 53

B. 110

  1. 25

  2. 69

Answer: A

Explanation: Port 53 is used by DNS and is almost always open, the problem is often that the port is opened for the hole world and not only for outside DNS servers.

Question No: 470 – (Topic 19)

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.

Which of the following strategies can be used to defeat detection by a network- based IDS application? (Choose the best answer)

  1. Create a network tunnel.

  2. Create a multiple false positives.

  3. Create a SYN flood.

  4. Create a ping flood.

Answer: A

Explanation: Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE