Name two software tools used for OS guessing? (Choose two.)


A.     Nmap

B.     Snadboy

C.     Queso

D.     UserInfo

E.      NetBus


Correct Answer: AC




Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crime investigations throughout the United States?


A.     NDCA

B.     NICP

C.     CIRP

D.     NPC

E.      CIA


Correct Answer: D




While reviewing the result of scanning run against a target network you come across the following:


Which among the following can be used to get this output?


A.     A Bo2k system query.

B.     nmap protocol scan.

C.     < /font>A sniffer.

D.     An SNMP walk.


Correct Answer: D




You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?


A.     The zombie you are using is not truly idle.

B.     A stateful inspection firewall is resetting your queries.

C.     Hping2 cannot be used for idle scanning.

D.     These ports are actually open on the target system.


Correct Answer: A




While performi
ng ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you you’re your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?


A.     Scan more slowly.

B.     Do not scan the broadcast IP.

C.     Spoof the source IP address.

D.     Only scan the Windows systems.


Correct Answer: B




Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?


A.     It is a network fault and the originating machine is in a network loop.

B.     It is a worm that is malfunctioning or hardcoded to scan on port 500.

C.     The attacker is trying to detect machines on the network which have SSL enabled.

D.     The attacker is trying to determine the type of VPN implementation and checking for IPSec.


Correct Answer: D




A distributed port scan operates by:


A.     Blocking access to the scanning clients by the targeted host.

B.     Using denial-of-service software against a range of TCP ports.

C.     Blocking access to the targeted host by each of the distributed scanning clients.

D.     Having multiple computers each scan a small number of ports, then correlating the results.


Correct Answer: D




An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.


A.     2

B.     256

C.     512

D.     Over 10,000


Correct Answer: C




A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?


A.     The packets were sent by a worm spoofing the IP addresses of 47 infected sites.

B.     ICMP ID and Seq numbers were most likely set by a tool and not by the operating system.

C.     All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number.

D.     13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0.


Correct Answer: B




Which of the following commands runs snort in packet logger mode?


A.     ./snort -dev -h ./log

B.     ./snort -dev -I ./log

C.     ./snort -dev -o ./log

D.     ./snort -dev -p ./log


Correct Answer: B


Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.