[Free] Download New Updated (February 2016) ECCouncil 312-50 Practice Tests 571-580

Ensurepass

QUESTION 571

Name two software tools used for OS guessing? (Choose two.)

 

A.     Nmap

B.     Snadboy

C.     Queso

D.     UserInfo

E.      NetBus

 

Correct Answer: AC

 

 

QUESTION 572

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crime investigations throughout the United States?

 

A.     NDCA

B.     NICP

C.     CIRP

D.     NPC

E.      CIA

 

Correct Answer: D

 

 

QUESTION 573

While reviewing the result of scanning run against a target network you come across the following:

clip_image002

Which among the following can be used to get this output?

 

A.     A Bo2k system query.

B.     nmap protocol scan.

C.     < /font>A sniffer.

D.     An SNMP walk.

 

Correct Answer: D

 

 

QUESTION 574

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

 

A.     The zombie you are using is not truly idle.

B.     A stateful inspection firewall is resetting your queries.

C.     Hping2 cannot be used for idle scanning.

D.     These ports are actually open on the target system.

 

Correct Answer: A

 

 

QUESTION 575

While performi
ng ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you you’re your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

 

A.     Scan more slowly.

B.     Do not scan the broadcast IP.

C.     Spoof the source IP address.

D.     Only scan the Windows systems.

 

Correct Answer: B

 

 

QUESTION 576

Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

 

A.     It is a network fault and the originating machine is in a network loop.

B.     It is a worm that is malfunctioning or hardcoded to scan on port 500.

C.     The attacker is trying to detect machines on the network which have SSL enabled.

D.     The attacker is trying to determine the type of VPN implementation and checking for IPSec.

 

Correct Answer: D

 

 

QUESTION 577

A distributed port scan operates by:

 

A.     Blocking access to the scanning clients by the targeted host.

B.     Using denial-of-service software against a range of TCP ports.

C.     Blocking access to the targeted host by each of the distributed scanning clients.

D.     Having multiple computers each scan a small number of ports, then correlating the results.

 

Correct Answer: D

 

 

QUESTION 578

An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

 

A.     2

B.     256

C.     512

D.     Over 10,000

 

Correct Answer: C

 

 

QUESTION 579

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

 

A.     The packets were sent by a worm spoofing the IP addresses of 47 infected sites.

B.     ICMP ID and Seq numbers were most likely set by a tool and not by the operating system.

C.     All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number.

D.     13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0.

 

Correct Answer: B

 

 

QUESTION 580

Which of the following commands runs snort in packet logger mode?

 

A.     ./snort -dev -h ./log

B.     ./snort -dev -I ./log

C.     ./snort -dev -o ./log

D.     ./snort -dev -p ./log

 

Correct Answer: B

 

Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in 312-50 Practice Tests (February 2016) and tagged , , , , . Bookmark the permalink.