CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50

Free 312-50 Exam Braindumps (page: 60)

Page 59 of 191
PDF with 765 Questions

You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.
What is the next step you would do?

  1. Re-install the operating system.
  2. Re-run anti-virus software.
  3. Install and run Trojan removal software.
  4. Run utility fport and look for the application executable that listens on port 6666.

Answer(s): D

Explanation:

Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.



In Linux, the three most common commands that hackers usually attempt to Trojan are:

  1. car, xterm, grep
  2. netstat, ps, top
  3. vmware, sed, less
  4. xterm, ps, nc

Answer(s): B

Explanation:

The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999- 9/features/rootkits.html



John wishes to install a new application onto his Windows 2000 server. He wants to ensure that any application he uses has not been Trojaned. What can he do to help ensure this?

  1. Compare the file's MD5 signature with the one published on the distribution media
  2. Obtain the application via SSL
  3. Compare the file's virus signature with the one published on the distribution media
  4. Obtain the application from a CD-ROM disc

Answer(s): A

Explanation:

MD5 was developed by Professor Ronald L. Rivest of MIT. What it does, to quote the executive summary of rfc1321, is:
[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128- bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.

In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.



Exhibit:
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

  1. Port 1890 (Net-Devil Trojan)
  2. Port 1786 (Net-Devil Trojan)
  3. Port 1909 (Net-Devil Trojan)
  4. Port 6667 (Net-Devil Trojan)

Answer(s): D

Explanation:

From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's.






Post your Comments and Discuss EC-Council 312-50 exam with other Community members:

312-50 Exam Discussions & Posts