Latest ECCouncil 312-50v8 Real Exam Download 631-640

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)
A. symmetric algorithms
B. asymmetric algorithms
C. hashing algorithms
D. integrity algorithms
In cryptography,a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications,such as authentication and message integrity. A hash function takes a long string (or ‘message’) of any length as input and produces a fixed length string as output,sometimes termed a message digest or a digital fingerprint.
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?
A. There is a NIDS present on that segment.
B. Kerberos is preventing it.
C. Windows logons cannot be sniffed.
D. L0phtcrack only sniffs logons to web servers.
In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.
What encryption algorithm will you be decrypting?
A. MD4
Answer: B
 The LM hash is computed as follows.
1. The useros password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The pfixed-lengthq password is split into two 7-byte halves.
4. These values are used to create two DES keys,one from each 7-byte half.
5. Each of these keys is used to DES-encrypt the constant ASCII string pKGS!@#$%q,resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value,which is the LM hash.
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.
If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
A. Full Blown
B. Thorough
C. Hybrid
D. BruteDics
A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack.
What is the algorithm used by LM for Windows2000 SAM?
A. MD4
Okay, this is a tricky question. We say B,DES, but it could be A pMD4q depending on what their asking – Windows 2000/XP keeps users passwords not “apparently”,but as hashes,i.e. actually as “check sum” of the passwords. Let’s go into the passwords keeping at large. The most interesting structure of the complex SAM-file building is so called V-block. It’s size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length,and hash used during the authentication of access to the common resources of other computers LanMan Hash,or simply LM Hash,of the same 16-byte length. Algorithms of the formation of these hashes are following:
NT Hash formation:
1. User password is being generated to the Unicode-line.
2. Hash is being generated based on this line using MD4 algorithm.
3. Gained hash in being encoded by the DES algorithm, RID (i.e. user identifier) had been used as a key. It was necessary for gaining variant hashes for users who have equal passwords. You remember that all users have different RIDs (RID of the Administrator’s built in account is 500, RID of the Guest’s built in account is 501, all other users get RIDs equal 1000, 1001, 1002, etc.).
LM Hash formation:
1. User password is being shifted to capitals and added by nulls up to 14-byte length.
2. Gained line is divided on halves 7 bytes each, and each of them is being encoded separately using DES, output is 8-byte hash and total 16-byte hash.
3. Then LM Hash is being additionally encoded the same way as it had been done in the NT Hash formation algorithm step 3.
E-mail scams and mail fraud are regulated by which of the following?
A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
B. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices
C. 18 U.S.C. par. 1362 Communication Lines,Stations,or Systems
D. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication
Which of the following LM hashes represent a password of less than 8 characters? (Select 2)
A. BA810DBA98995F1817306D272A9441BB
B. 44EFCE164AB921CQAAD3B435B51404EE
C. 0182BD0BD4444BF836077A718CCDF409
D. CEC52EB9C8E3455DC2265B23734E0DAC
E. B757BF5C0D87772FAAD3B435B51404EE
F. E52CAC67419A9A224A3B108F3FA6CB6D
Answer: B,E 
Notice the last 8 characters are the same
Which of the following is the primary objective of a rootkit?
A. It opens a port to provide an unauthorized service
B. It creates a buffer overflow
C. It replaces legitimate programs
D. It provides an undocumented opening in a program
Actually the objective of the rootkit is more to hide the fact that a system has been compromised and the normal way to do this is by exchanging,for example,ls to a version that doesnot show the files and process implanted by the attacker.
This kind of password cracking method uses word lists in combination with numbers and special characters:
A. Hybrid
B. Linear
C. Symmetric
D. Brute Force
Answer: A
 A Hybrid (or Hybrid Dictionary) Attack uses a word list that it modifies slightly to find passwords that are almost from a dictionary (like St0pid)
_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.
A. Trojan
B. RootKit
C. DoS tool
D. Scanner
E. Backdoor
Rootkits are tools that can hide processes from the process list,can hide files,registryentries,and intercept keystrokes.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s