312-50v10 | Breathing EC-Council 312-50v10 pdf

Question No: 9

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A. PPP

B. IPSEC

C. PEM

D. SET

Answer: B

Question No: 10

Which of the following is a low-tech way of gaining unauthorized access to systems?

A. Scanning

B. Sniffing

C. Social Engineering

D. Enumeration

Answer: C

Question No: 11

You perform a scan of your companyu2021s network and discover that TCP port 123 is open. What services by default run on TCP port 123?

A. Telnet

B. POP3

C. Network Time Protocol

D. DNS

Answer: C

Question No: 12

Which regulation defines security and privacy controls for Federal information systems and organizations?

A. HIPAA

B. EU Safe Harbor

C. PCI-DSS

D. NIST-800-53

Answer: D

Question No: 13

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

A. nmap u2013A - Pn

B. nmap u2013sP u2013p-65535-T5

C. nmap u2013sT u2013O u2013T0

D. nmap u2013A --host-timeout 99-T1

Answer: C

Question No: 14

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best nmap command you will use?

A. nmap -T4 -q 10.10.0.0/24

B. nmap -T4 -F 10.10.0.0/24

C. nmap -T4 -r 10.10.1.0/24

D. nmap -T4 -O 10.10.0.0/24

Answer: B

Question No: 15

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.

Which type of virus detection method did Chandler use in this context?

A. Heuristic Analysis

B. Code Emulation

C. Integrity checking

D. Scanning

Answer: B

Question No: 16

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

A. SQL injection attack

B. Cross-Site Scripting (XSS)

C. LDAP Injection attack

D. Cross-Site Request Forgery (CSRF)

Answer: B

Question No: 17

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

A. AH permiscuous

B. ESP confidential

C. AH Tunnel mode

D. ESP transport mode

Answer: D

Question No: 18

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any useru2021s password or activate disabled Windows accounts?

A. John the Ripper

B. SET

C. CHNTPW

D. Cain & Abel

Answer: C