[Refined] 312-50 EC-Council practice exam 141-150 (Apr 2021)

2021 Apr 312-50 study guide

Q141. What do you call a system where users need to remember only one username and password, and be authenticated for multiple services? 

A. Simple Sign-on 

B. Unique Sign-on 

C. Single Sign-on 

D. Digital Certificate 

Answer: C

Explanation: Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems. 

Q142. In an attempt to secure his 802.11b wireless network, Bob decides to use strategic antenna positioning. He places the antenna for the access point near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the buildings center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Bob figures that with this and his placement of antennas, his wireless network will be safe from attack. Which of he following statements is true? 

A. Bob’s network will not be safe until he also enables WEP 

B. With the 300-foot limit of a wireless signal, Bob’s network is safe 

C. Bob’s network will be sage but only if he doesn’t switch to 802.11a 

D. Wireless signals can be detected from miles away; Bob’s network is not safe 

Answer: D

Explanation: It’s all depending on the capacity of the antenna that a potential hacker will use in order to gain access to the wireless net. 

Q143. ETHER: Destination address : 0000BA5EBA11 ETHER: Source address : 

00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type : 

0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: 

Service Type = 0 (0x0) IP: Precedence = Routine IP: ...0.... = Normal 

Delay IP: ....0... = Normal Throughput IP: .....0.. = Normal 

Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652 

(0x1DE4) IP: Flags Summary = 2 (0x2) IP: .......0 = Last fragment in 

datagram IP: ......1. = Cannot fragment datagram IP: Fragment Offset = 

 (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP -Transmission Control IP: Checksum = 0xC26D IP: Source Address = 

10.0.0.2 IP: 

Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer 

Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number = 

97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5) 

TCP: 

Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags = 

0x10 : .A.... TCP: ..0..... = No urgent data TCP: ...1.... = 

Acknowledgement field significant TCP: ....0... = No Push function TCP: 

.....0.. = No Reset TCP: ......0. = No Synchronize TCP: .......0 = No 

Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent 

Pointer = 0 (0x0) 

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application? 

A. Create a SYN flood 

B. Create a network tunnel 

C. Create multiple false positives 

D. Create a ping flood 

Answer: B

Explanation: Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted. 

Q144. Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company's firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. 

Why will this not be possible? 

A. Firewalls cannot inspect traffic coming through port 443 

B. Firewalls can only inspect outbound traffic 

C. Firewalls cannot inspect traffic at all, they can only block or allow certain ports 

D. Firewalls cannot inspect traffic coming through port 80 

Answer: C

Q145. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.) 

A. Install DNS logger and track vulnerable packets 

B. Disable DNS timeouts 

C. Install DNS Anti-spoofing 

D. Disable DNS Zone Transfer 

Answer: C

Explanation: Explantion: Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur. 

Q146. Why do you need to capture five to ten million packets in order to crack WEP with AirSnort? 

A. All IVs are vulnerable to attack 

B. Air Snort uses a cache of packets 

C. Air Snort implements the FMS attack and only encrypted packets are counted 

D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers 

Answer: C

Explanation: Since the summer of 2001, WEP cracking has been a trivial but time consuming process. A few tools, AirSnort perhaps the most famous, that implement the Fluhrer-Mantin-Shamir (FMS) attack were released to the security community -- who until then were aware of the problems with WEP but did not have practical penetration testing tools. Although simple to use, these tools require a very large number of packets to be gathered before being able to crack a WEP key. The AirSnort web site estimates the total number of packets at five to ten million, but the number actually required may be higher than you think. 

Q147. Password cracking programs reverse the hashing process to recover passwords.(True/False. 

A. True 

B. False 

Answer: B

Explanation: Password cracking programs do not reverse the hashing process. Hashing is a one-way process. What these programs can do is to encrypt words, phrases, and characters using the same encryption process and compare them to the original password. A hashed match reveals the true password. 

Q148. A digital signature is simply a message that is encrypted with the public key instead of the private key. 

A. True 

B. False 

Answer: B

Explanation: Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. Instead of encrypting information using someone else's public key, you encrypt it with your private key. If the information can be decrypted with your public key, then it must have originated with you. 

Q149. While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan: 

Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ <http://www.insecure.org/nmap/> ) Interesting ports on 172.121.12.222: (The 1592 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 25/tcp open smtp 53/tcp closed domain 80/tcp open http 443/tcp open https Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds 

What should be your next step to identify the OS? 

A. Perform a firewalk with that system as the target IP 

B. Perform a tcp traceroute to the system using port 53 

C. Run an nmap scan with the -v-v option to give a better output 

D. Connect to the active services and review the banner information 

Answer: D

Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application. 

Q150. Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com'. The application displays server error. What is wrong with the web application? 

A. The email is not valid 

B. User input is not sanitized 

C. The web server may be down 

D. The ISP connection is not reliable 

Answer: B

Explanation: All input from web browsers, such as user data from HTML forms and cookies, must be stripped of special characters and HTML tags as described in the following CERT advisories: http://www.cert.org/advisories/CA-1997-25.html http://www.cert.org/advisories/CA-2000-02.html