In the context of Trojans, what is the definition of a Wrapper?


A.     An encryption tool to protect the Trojan.

B.     A tool used to bind the Trojan with a legitimate file.

C.     A tool used to calculate bandwidth and CPU cycles wasted by the Trojan.

D.     A tool used to encapsulate packets within a new header and footer.


Correct Answer: B





Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file – emos.sys. Which step would you perform to detect this type of Trojan?




A.     Scan for suspicious startup programs using msconfig.

B.     Scan for suspicious network activities using Wireshark.

C.     Scan for suspicious device drivers in c:windowssystem32drivers.

D.     Scan for suspicious open ports using netstat.


Correct Answer: C




Which type of hacker represents the highest risk to your network?


A.     black hat hackers

B.     grey hat hackers

C.     disgruntled employees

D.     script kiddies


Correct Answer: C







Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company’s network security. No employees for the company, other than the IT director, know about Shayla’s work she will be doing. Shayla’s first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee’s access badge and uses it to gain unauthorized access to the Treks Avionics offices. What type of insider threat would Shayla be considered?


A.     She would be considered an Insider Affiliate.

B.     Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate.

C.     Shayla is an Insider Associate since she has befriended an actual employee.

D.     Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider.


Correct Answer: A




What port number is used by Kerberos protocol?


A.     88

B.     44

C.     487

D.     419


Correct Answer: A




What does FIN in TCP flag define?


A.     Used to abort a TCP connection abruptly.

B.     Used to close a TCP connection.

C.     Used to acknowledge
receipt of a previous packet or transmission.

D.     Used to indicate the beginning of a TCP connection.


Correct Answer: B




Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server. Why do you think this is possible?


A.     It works because encryption is performed at the application layer (single encryption key).

B.     The scenario is invalid as a secure cookie cannot be replayed.

C.     It works because encryption is performed at the network layer (layer 1 encryption).

D.     Any cookie can be replayed irrespective of the session status.


Correct Answer: A




This attack technique is u
sed when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker.


A.     Unique SQL Injection

B.     Blind SQL Injection

C.     Generic SQL Injection

D.     Double SQL Injection


Correct Answer: B




A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service. Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.





Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments. Fraudulent e-mail and
legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail. How do you ensure if the e-mail is authentic and sent from fedex.com?


A.     Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all.

B.     Check the Sender ID against the National Spam Database (NSD).

C.     Fake mail will have spelling/grammatical errors.

D.     Fake mail uses extensive images, animation and flash content.


Correct Answer: A




What file system vulnerability does the following command take advantage of?


type c:anyfile.exe > c:winntsystem32calc.exe:anyfile.exe


A.     HFS

B.     Backdoor access

C.     XFS

D.     ADS


Correct Answer: D


Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.