312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 841-850

By on November 27, 2013
EnsurepassQUESTION 841 What type of attack changes its signature and/or payload to avoid detection by antivirus programs?   A. Polymorphic B. Rootkit C. Boot sector D. File infecting   Answer: A  In computer terminology,polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses,shellcodes and computer worms to hide their presence.     QUESTION 842 You may be able to identify Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 831-840

By on
EnsurepassQUESTION 831 Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the pEchoq command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain. What is the probable cause of Billos problem?   A. The system is a Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 821-830

By on
EnsurepassQUESTION 821 Which one of the following attacks will pass through a network layer intrusion detection system undetected?   A. A teardrop attack B. A SYN flood attack C. A DNS spoofing attack D. A test.cgi attack   Answer: D  Because a network-based IDS reviews packets and headers,it can also detect denial of service (DoS) attacks Not A or B: The following sections discuss some of the possible DoS attacks available. Smurf Fraggle SYN Flood Teardrop DNS DoS Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 811-820

By on
EnsurepassQUESTION 811 Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management?   A. Rebecca should make a recommendation to disable Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 801-810

By on
EnsurepassQUESTION 801 Joe the Hacker breaks into XYZos Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode. What can Joe do to hide the wiretap program from being detected by ifconfig command?   A. Block Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 791-800

By on
EnsurepassQUESTION 791 You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this? A. The Morris worm B. The PIF virus C. Trinoo D. Nimda E. Code Red F. Ping of Death   Answer: D  The Nimda worm modifies all web content files it finds. As a result,any user browsing web content on the system,whether via the file system or via a web server,may download a copy of the worm. Some browsers may automatically Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 781-790

By on
EnsurepassQUESTION 781 Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?   A. Use any ARP requests found in the capture B. Derek can use a session replay on the packets captured Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 771-780

By on
EnsurepassQUESTION 771 802.11b is considered a ____________ protocol.   A. Connectionless B. Secure C. Unsecure D. Token ring based E. Unreliable   Answer: C  802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker.     QUESTION 772 While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 761-770

By on
EnsurepassQUESTION 761 Look at the following SQL query. SELECT * FROM product WHERE PCategory='computers' or 1=1--' What will it return? Select the best answer.   A. All computers and all 1's B. All computers C. All computers and everything else D. Everything except computers   Answer: C  The 1=1 tells the SQL database to return everything,a simplified statement would be SELECT * FROM product WHERE 1=1 (which will always be true for all columns). Thus,this query Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 751-760

By on
EnsurepassQUESTION 751 _________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.   A. Mandatory Access Control B. Authorized Access Control C. Role-based Access Control D. Discretionary Access Control   Answer: A  In computer security,mandatory access control Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 741-750

By on
EnsurepassQUESTION 741 Clive has been hired to perform a Black-Box test by one of his clients. How much information will Clive obtain from the client before commencing his test?   A. IP Range,OS,and patches installed. B. Only the IP address range. C. Nothing but corporate name. D. All that is available from the client site.   Answer: C  Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 731-740

By on
EnsurepassQUESTION 731 This kind of attack will let you assume a users identity at a dynamically generated web page or site:   A. SQL Injection B. Cross Site Scripting C. Session Hijacking D. Zone Transfer   Answer: B  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 721-730

By on
EnsurepassQUESTION 721 You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?   A. Administrator B. IUSR_COMPUTERNAME C. LOCAL_SYSTEM D. Whatever account IIS was installed Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 711-720

By on
EnsurepassQUESTION 711 Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack? Select the best answer.   A. He should disable unicast on all routers B. Disable multicast on the router C. Turn off fragmentation on his router D. Make sure all anti-virus protection is updated on all systems E. Make sure his router won't take a directed broadcast   Answer: E  Explanations: Unicasts are Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 701-710

By on
EnsurepassQUESTION 701 What do you call a system where users need to remember only one username and password, and be authenticated for multiple services?   A. Simple Sign-on B. Unique Sign-on C. Single Sign-on D. Digital Certificate   Answer: C  Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.     QUESTION 702 Clive has been monitoring Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 691-700

By on
EnsurepassQUESTION 691 Exhibit: You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?   A. ip = 10.0.0.22 B. ip.src == 10.0.0.22 C. ip.equals 10.0.0.22 D. ip.address = 10.0.0.22   Answer: B  ip.src tells the filter to only show packets with 10.0.0.22 as the source.     QUESTION 692 Tess King, the evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 681-690

By on
EnsurepassQUESTION 681 Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing. Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)   A. Ethernet Zapping B. MAC Flooding C. Sniffing Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 671-680

By on
EnsurepassQUESTION 671 In Linux, the three most common commands that hackers usually attempt to Trojan are:   A. car,xterm,grep B. netstat,ps,top C. vmware,sed,less D. xterm,ps,nc   Answer: B  The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users,in this case netstat,ps,and top,for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 661-670

By on
EnsurepassQUESTION 661 Which type of attack is port scanning?   A. Web server attack B. Information gathering C. Unauthorized access D. Denial of service attack   Answer: B      QUESTION 662 You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where? Select the best answer.   A. %windir%\\etc\\services B. system32\\drivers\\etc\\services C. %windir%\\system32\\drivers\\etc\\services Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 651-660

By on
EnsurepassQUESTION 651 What is GINA?   A. Gateway Interface Network Application B. GUI Installed Network Application CLASS C. Global Internet National Authority (G-USA) D. Graphical Identification and Authentication DLL   Answer: D  In computing,GINA refers to the graphical identification and authentication library,a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services.     QUESTION 652 Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 641-650

By on
EnsurepassQUESTION 641 What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?   A. Copy the system files from a known good system B. Perform a trap and trace C. Delete the files and try to determine the source D. Reload from a previous backup E. Reload from known good media   Answer: E If a rootkit is discovered,you will need to reload from known good media. This typically means performing a complete reinstall.   Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 631-640

By on
EnsurepassQUESTION 631 Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)   A. symmetric algorithms B. asymmetric algorithms C. hashing algorithms D. integrity algorithms   Answer: C  In cryptography,a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications,such Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 621-630

By on
EnsurepassQUESTION 621 Exhibit: Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?   A. har.txt B. SAM file C. wwwroot D. Repair file   Answer: B  He is actually trying to get the file har.txt but this file contains a copy of the SAM file.     QUESTION 622 Exhibit: The following is an entry captured by a network IDS.You are assigned the task of analyzing this entry. You notice the value Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 611-620

By on
EnsurepassQUESTION 611 Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks! From his Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 601-610

By on
EnsurepassQUESTION 601 Under what conditions does a secondary name server request a zone transfer from a primary name server?   A. When a primary SOA is higher that a secondary SOA B. When a secondary SOA is higher that a primary SOA C. When a primary name server has had its service restarted D. When a secondary name server has had its service restarted E. When the TTL falls to zero   Answer: A  Understanding DNS is critical to meeting the requirements of the CEH. Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 591-600

By on
EnsurepassQUESTION 591 SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts. Which of the following features makes this possible? (Choose two)   A. It used TCP as the underlying protocol. B. It uses community string that is transmitted in clear text. C. It is susceptible to sniffing. D. It is used by all network devices on the market. Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 581-590

By on
EnsurepassQUESTION 581 A distributed port scan operates by:   A. Blocking access to the scanning clients by the targeted host B. Using denial-of-service software against a range of TCP ports C. Blocking access to the targeted host by each of the distributed scanning clients D. Having multiple computers each scan a small number of ports,then correlating the results   Answer: D  Think of dDoS (distributed Denial of Service) where you use a large number of computers to Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 571-580

By on
EnsurepassQUESTION 571 Destination unreachable administratively prohibited messages can inform the hacker to what?   A. That a circuit level proxy has been installed and is filtering traffic B. That his/her scans are being blocked by a honeypot or jail C. That the packets are being malformed by the scanning software D. That a router or other packet-filtering device is blocking traffic E. That the network is functioning normally   Answer: D  Destination unreachable Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 561-570

By on
EnsurepassQUESTION 561 What are the default passwords used by SNMP? (Choose two.)   A. Password B. SA C. Private D. Administrator E. Public F. Blank   Answer: C,E  Besides the fact that it passes information in clear text,SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP.     QUESTION 562 Which of the following ICMP message types are used for destinations unreachables?   A. 0 B. 3 C. 11 D. Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 551-560

By on
EnsurepassQUESTION 551 What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?   A. Blind Port Scanning B. Idle Scanning C. Bounce Scanning D. Stealth Scanning E. UDP Scanning   Answer: B  From NMAP: -sI <zombie host[:probeport]> Idlescan: This advanced scan method allows for a truly blind TCP port scan of the target (meaning no packets are sent to the tar- get from your Read more [...]

Continue Reading

312-50v8 Dumps | ECCouncil

Latest ECCouncil 312-50v8 Real Exam Download 541-550

By on
EnsurepassQUESTION 541 Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?   A. To create a denial of service attack. B. To verify information about the mail administrator and his address. C. To gather information about internal hosts used in email treatment. D. To gather information about procedures that are in place to deal with such messages.   Answer: C  The replay from the Read more [...]

Continue Reading