CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50

Free 312-50 Exam Braindumps (page: 34)

Page 33 of 191
PDF with 765 Questions

John is a keen administrator, and has followed all of the best practices as he could find on securing his Windows Server. He has renamed the Administrator account to a new name that he is sure cannot be easily guessed. However, there are people who already attempt to compromise his newly renamed administrator account.
How is it possible for a remote attacker to decipher the name of the administrator account if it has been renamed?

  1. The attacker used the user2sid program.
  2. The attacker used the sid2user program.
  3. The attacker used nmap with the –V switch.
  4. The attacker guessed the new name.

Answer(s): B

Explanation:

User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection.



Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to.
But Jess is not picking up hashed from the network. Why?

  1. The network protocol is configured to use SMB Signing.
  2. The physical network wire is on fibre optic cable.
  3. The network protocol is configured to use IPSE
  4. L0phtCrack SMB filtering only works through Switches and not Hubs.

Answer(s): A

Explanation:

To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session.



Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

  1. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
  2. Hire more computer security monitoring personnel to monitor computer systems and networks.
  3. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
  4. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Answer(s): A

Explanation:

Bridging the gap would consist of educating the white hats and the black hats equally so that their knowledge is relatively the same. Using books, articles, the internet, and professional training seminars is a way of completing this goal.



Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:

s-1-5-21-1125394485-807628933-54978560-100Johns
s-1-5-21-1125394485-807628933-54978560-652Rebecca
s-1-5-21-1125394485-807628933-54978560-412Sheela
s-1-5-21-1125394485-807628933-54978560-999Shawn
s-1-5-21-1125394485-807628933-54978560-777Somia
s-1-5-21-1125394485-807628933-54978560-500chang
s-1-5-21-1125394485-807628933-54978560-555Micah

From the above list identify the user account with System Administrator privileges.

  1. John
  2. Rebecca
  3. Sheela
  4. Shawn
  5. Somia
  6. Chang
  7. Micah

Answer(s): F

Explanation:

The SID of the built-in administrator will always follow this example: S-1-5-domain- 500






Post your Comments and Discuss EC-Council 312-50 exam with other Community members:

312-50 Discussions & Posts