[Free] Download New Updated (February 2016) ECCouncil 312-50 Practice Tests 371-380

Ensurepass

QUESTION 371

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

 

A.     Locate type=ns

B.     Request type=ns

C.     Set type=ns

D.     Transfer type=ns

 

Correct Answer: C

 

 

QUESTION 372

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

 

A.     SHA1

B.     Diffie-Helman

C.     RSA

D.     AES

 

Correct Answer: A

 

 

QUESTION 373

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

 

A.     Recipient’s private key

B.     Recipient’s public key

C.     Master encryption key

D.     Sender’s public key

 

Correct Answer: B

 

 

 

QUESTION 374

An attacker has been successfully modifying the purchase price of items purchased on the company’s web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

 

A.     By using SQL injection

B.     By changing hidden form values

C.     By using cross site scripting

D.     By utilizing a buffer overflow attack

 

Correct Answer: B

 

 

QUESTION 375

Which of the following items is unique to the N-tier architecture method of designing software applications?

 

A.     Application layers can be separated, allowing each layer to be upgraded independently from other layers.

B.     It is compatible with various databases including Access, Oracle, and SQL.

C.     Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

D.     Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

 

Correct Answer: A

 

 

QUESTION 376

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output:

 

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

Date. Mon, 16 Jan 2011 01:41:33 GMT

Content-Type. text/html

Accept-Ranges: bytes

Last-Modified. Wed, 28 Dec 2010 15:32:21 GMT

ETag. “b0aac0542e25c31:89d”

Content-Length: 7369

 

Which of the following is an example of what the engineer performed?

 

A.     Cross-site scripting

B.     Banner grabbing

C.     SQL injection

D.     Whois database query

 

Correct Answer: B

 

 

QUESTION 377

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

 

A.     Harvesting

B.     Windowing

C.     Hardening

D.     Stealthing

 

Correct Answer: C

 

 

QUESTION 378

While conducting a penetration test, the tester determines that there is a firewall between the tester’s machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?

 

A.     Packet filtering firewall

B.     Application-level firewall

C.     Circuit-level gateway firewall

D.     Stateful multilayer inspection firewall

 

Correct Answer: C

 

 

QUESTION 379

Which type of scan is used on the eye to measure the layer of blood vessels?

 

A.     Facial recognition scan

B.   &nbsp
;
Retinal scan

C.     Iris scan

D.     Signature kinetics scan

 

Correct Answer: B

 

 

QUESTION 380

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input field.

 

IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC”

originalPath=”vbscript:msgbox(“Vulnerable”);>”

 

When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable”. Which web applications vulnerability did the analyst discover?

 

A.     Cross-site request forgery

B.     Command injection

C.     Cross-site scripting

D.     SQL injection

 

Correct Answer: C

 

Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in 312-50 Practice Tests (February 2016) and tagged , , , , , , , . Bookmark the permalink.