Free 312-50 Exam Braindumps (page: 43)

Page 42 of 191

Exhibit:

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

  1. The buffer overflow attack has been neutralized by the IDS
  2. The attacker is creating a directory on the compromised machine
  3. The attacker is attempting a buffer overflow attack and has succeeded
  4. The attacker is attempting an exploit that launches a command-line shell

Answer(s): D

Explanation:

This log entry shows a hacker using a buffer overflow to fill the data buffer and trying to insert the execution of /bin/sh into the executable code part of the thread. It is probably an existing exploit that is used, or a directed attack with a custom built buffer overflow with the “payload” that launches the command shell.



As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?
Select the best answers.

  1. Use the same machines for DNS and other applications
  2. Harden DNS servers
  3. Use split-horizon operation for DNS servers
  4. Restrict Zone transfers
  5. Have subnet diversity between DNS servers

Answer(s): B,C,D,E

Explanation:

A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called split-horizon operation). Zone transfers should only be accepted from authorized DNS servers.
By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down.



Drag the application to match with its correct description.

  1. Exhibit A
  2. Exhibit B

Answer(s): B



What tool can crack Windows SMB passwords simply by listening to network traffic? Select the best answer.

  1. This is not possible
  2. Netbus
  3. NTFSDOS
  4. L0phtcrack

Answer(s): D

Explanation:

This is possible with a SMB packet capture module for L0phtcrack and a known weaknesses in the LM hash algorithm.






Post your Comments and Discuss EC-Council 312-50 exam with other Community members:

312-50 Discussions & Posts