Latest ECCouncil 312-50v8 Real Exam Download 781-790

QUESTION 781
Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?
A. Use any ARP requests found in the capture
B. Derek can use a session replay on the packets captured
C. Derek can use KisMAC as it needs two USB devices to generate traffic
D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic
Answer: 
By forcing the network to answer to a lot of ICMP messages you can gather enough packets to crack the WEP key.
QUESTION 782
Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?
A. All IVs are vulnerable to attack
B. Air Snort uses a cache of packets
C. Air Snort implements the FMS attack and only encrypted packets are counted
D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers
Answer: 
Since the summer of 2001,WEP cracking has been a trivial but time consuming process. A few tools,AirSnort perhaps the most famous,that implement the Fluhrer-Mantin-Shamir (FMS) attack were released to the security community — who until then were aware of the problems with WEP but did not have practical penetration testing tools. Although simple to use,these tools require a very large number of packets to be gathered before being able to crack a WEP key. The AirSnort web site estimates the total number of packets at five to ten million,but the number actually required may be higher than you think.
QUESTION 783
Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP?
Select the best answer.
A. Stands for Wireless Encryption Protocol
B. It makes a WLAN as secure as a LAN
C. Stands for Wired Equivalent Privacy
D. It offers end to end security
Answer: 
Explanations: WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired,this makes access much easier. Also,WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network.
QUESTION 784
Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler?
Select the best answer.
A. GPSDrive
B. GPSMap
C. WinPcap
D. Microsoft Mappoint
Answer: 
Explanations: GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows,it isn’t going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application. PrismStumbler is a Linux application. Thus,these two are not going to work well together.
QUESTION 785
Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?
A. System integrity verification tools
B. Anti-Virus Software
C. A properly configured gateway
D. There is no way of finding out until a new updated signature file is released
Answer: 
Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g.,daily) basis,Tripwire can notify system administrators of corrupted or tampered files,so damage control measures can be taken in a timely manner.
QUESTION 786
What are the main drawbacks for anti-virus software?
A. AV software is difficult to keep up to the current revisions.
B. AV software can detect viruses but can take no action.
C. AV software is signature driven so new exploits are not detected.
D. Itos relatively easy for an attacker to change the anatomy of an attack to bypass AV systems
E. AV software isnot available on all major operating systems platforms.
F. AV software is very machine (hardware) dependent.
Answer: 
Although there are functions like heuristic scanning and sandbox technology,the Antivirus program is still mainly depending of signature databases and can only find already known viruses.
QUESTION 787
What is the best means of prevention against viruses?
A. Assign read only permission to all files on your system.
B. Remove any external devices such as floppy and USB connectors.
C. Install a rootkit detection tool.
D. Install and update anti-virus scanner.
Answer: 
Although virus scanners only can find already known viruses this is still the best defense,together with users that are informed about risks with the internet.
QUESTION 788
Melissa is a virus that attacks Microsoft Windows platforms.
To which category does this virus belong?
A. Polymorphic
B. Boot Sector infector
C. System
D. Macro
Answer: 
The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment.
QUESTION 789
The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.
Which of the following Database Server was targeted by the slammer worm?
A. Oracle
B. MSSQL
C. MySQL
D. Sybase
E. DB2
Answer: 
W32.Slammer is a memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in SQL Server 2000 systems and systems with MSDE 2000 that have not applied the patch released by Microsoft Security Bulletin MS02-039.
QUESTION 790
Which of the following is one of the key features found in a worm but not seen in a virus?
A. The payload is very small,usually below 800 bytes.
B. It is self replicating without need for user intervention.
C. It does not have the ability to propagate on its own.
D. All of them cannot be detected by virus scanners.
Answer: 
A worm is similar to a virus by its design,and is considered to be a sub-class of a virus. Worms spread from computer to computer,but unlike a virus,it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system,which allows it to travel unaided.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s