Latest ECCouncil 312-50v8 Real Exam Download 831-840

QUESTION 831
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the pEchoq command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain.
What is the probable cause of Billos problem?
A. The system is a honeypot.
B. There is a problem with the shell and he needs to run the attack again.
C. You cannot use a buffer overflow to deface a web page.
D. The HTML file has permissions of ready only.
Answer: D  The question states that Bill had been able to spawn an interactive shell.By this statement we can tell that the buffer overflow and its corresponding code was enough to spawn a shell. Any shell should make it possible to change the webpage.So we either donot have sufficient privilege to change the webpage (answer D) or itos a honeypot (answer A). We think the preferred answer is D
QUESTION 832
Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.
Which of the choices below indicate the other features offered by Snort?
A. IDS,Packet Logger,Sniffer
B. IDS,Firewall,Sniffer
C. IDS,Sniffer,Proxy
D. IDS,Sniffer,content inspector
Answer: 
Snort is a free software network intrusion detection and prevention system capable of performing packet logging & real-time traffic analysis,on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire
QUESTION 833
When referring to the Domain Name Service, what is denoted by a nzoneo?
A. It is the first domain that belongs to a company.
B. It is a collection of resource records.
C. It is the first resource record type in the SOA.
D. It is a collection of domains.
Answer: 
A reasonable definition of a zone would be a portion of the DNS namespace where responsibility has been delegated.
QUESTION 834
Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies.
What do you think is the main reason behind the significant increase in hacking attempts over the past years?
A. It is getting more challenging and harder to hack for non technical people.
B. There is a phenomenal increase in processing power.
C. New TCP/IP stack features are constantly being added.
D. The ease with which hacker tools are available on the Internet.
Answer: 
Today you donot need to be a good hacker in order to break in to various systems,all you need is the knowledge to use search engines on the internet.
QUESTION 835
You are doing IP spoofing while you scan your target. You find that the target has port 23 open. Anyway you are unable to connect. Why?
A. A firewall is blocking port 23
B. You cannot spoof + TCP
C. You need an automated telnet tool
D. The OS does not reply to telnet even if port 23 is open
Answer: 
The question is not telling you what state the port is being reported by the scanning utility,if the program used to conduct this is nmap,nmap will show you one of three states Ƀ popenq,pclosedq,or pfilteredq a port can be in an popenq state yet filtered,usually by a stateful packet inspection filter (ie. Netfilter for linux,ipfilter for bsd). C and D to make any sense forthis question,their bogus,and B,pYou cannot spoof + TCPq,well you can spoof + TCP,so we strike that out.
QUESTION 836
While examining a log report you find out that an intrusion has been attempted by a machine whose IP address is displayed as 0xde.0xad.0xbe.0xef. It looks to you like a hexadecimal number. You perform a ping 0xde.0xad.0xbe.0xef. Which of the following IP addresses will respond to the ping and hence will likely be responsible for the intrusion?
A. 192.10.25.9
B. 10.0.3.4
C. 203.20.4.5
D. 222.273.290.239
Answer: 
Convert the hex number to binary and then to decimal.
QUESTION 837
All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?
A. They are all Windows based webserver
B. They are all Unix based webserver
C. The company is not using IDS
D. The company is not using a stateful firewall
Answer: 
If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.
QUESTION 838
What is a sheepdip?
A. It is another name for Honeynet
B. It is a machine used to coordinate honeynets
C. It is the process of checking physical media for virus before they are used in a computer
D. None of the above
Answer: 
Also known as a footbath,a sheepdip is the process of checking physical media,such as floppy disks or CD-ROMs,for viruses before they are used in a computer. Typically,a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers,meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.
QUESTION 839
If you come across a sheepdip machine at your clientos site, what should you do?
A. A sheepdip computer is used only for virus-checking.
B. A sheepdip computer is another name for a honeypot
C. A sheepdip coordinates several honeypots.
D. A sheepdip computers defers a denial of service attack.
Answer: 
Also known as a footbath,a sheepdip is the process of checking physical media,such as floppy disks or CD-ROMs,for viruses before they are used in a computer. Typically,a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers,meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.
QUESTION 840
If you come across a sheepdip machaine at your client site, what would you infer?
A. A sheepdip computer is used only for virus checking.
B. A sheepdip computer is another name for honeypop.
C. A sheepdip coordinates several honeypots.
D. A sheepdip computer defers a denial of service attack.
Answer: 
Also known as a footbath,a sheepdip is the process of checking physical media,such as floppy disks or CD-ROMs,for viruses before they are used in a computer. Typically,a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers,meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s