[Pinpoint] 312-50 EC-Council free practice test 281-290 (Apr 2017)
Q281. Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?
A. Jimmy can submit user input that executes an operating system command to compromise a target system
B. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than-expected privilege of the database
D. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access
Explanation: SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Q282. Which of the following tools can be used to perform a zone transfer?
D. Sam Spade
Explanation: There are a number of tools that can be used to perform a zone transfer. Some of these include: NSLookup, Host, Dig, and Sam Spade.
Q283. In the following example, which of these is the "exploit"?
Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.
Select the best answer.
A. Microsoft Corporation is the exploit.
B. The security "hole" in the product is the exploit.
C. Windows 2003 Server
D. The exploit is the hacker that would use this vulnerability.
E. The documented method of how to use the vulnerability to gain unprivileged access.
Microsoft is not the exploit, but if Microsoft documents how the vulnerability can be used to gain unprivileged access, they are creating the exploit. If they just say that there is a hole in the product, then it is only a vulnerability. The security "hole" in the product is called the "vulnerability". It is documented in a way that shows how to use the vulnerability to gain unprivileged access, and it then becomes an "exploit". In the example given, Windows 2003 Server is the TOE (Target of Evaluation). A TOE is an IT System, product or component that requires security evaluation or is being identified. The hacker that would use this vulnerability is exploiting it, but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged access is the correct answer.
Q284. What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?
A. Copy the system files from a known good system
B. Perform a trap and trace
C. Delete the files and try to determine the source
D. Reload from a previous backup
E. Reload from known good media
Explanation: If a rootkit is discovered, you will need to reload from known good media. This typically means performing a complete reinstall.
Q285. MX record priority increases as the number increases.(True/False.
Explanation: The highest priority MX record has the lowest number.
Q286. An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news.
This is another great example that some people do not know what URL's are. Real website: Fake website: http://www.zuckerjournals.com
The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com
How would you verify if a website is authentic or not?
A. Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity
B. Navigate to the site by visiting various blogs and forums for authentic links
C. Enable Cache on your browser and lookout for error message warning on the screen
D. Visit the site by clicking on a link from Google search engine
Q287. Because UDP is a connectionless protocol: (Select 2)
A. UDP recvfrom() and write() scanning will yield reliable results
B. It can only be used for Connect scans
C. It can only be used for SYN scans
D. There is no guarantee that the UDP packets will arrive at their destination
E. ICMP port unreachable messages may not be returned successfully
Explanation: Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives).
Q288. In order to attack wireless network, you put up an access point and override the signal of the real access point. And when users send authentication data, you are able to capture it. What kind of attack is this?
A. WEP Attack
B. Drive by hacking
C. Rogue Access Point Attack
D. Unauthorized Access Point Attack
Explanation: A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network management or has been created to allow a cracker to conduct a man-in-the-middle attack.
Q289. Steven is the senior network administrator for Onkton Incorporated, an oil well drilling company in Oklahoma City. Steven and his team of IT technicians are in charge of keeping inventory for the entire company; including computers, software, and oil well equipment. To keep track of everything, Steven has decided to use RFID tags on their entire inventory so they can be scanned with either a wireless scanner or a handheld scanner. These RFID tags hold as much information as possible about the equipment they are attached to. When Steven purchased these tags, he made sure they were as state of the art as possible. One feature he really liked was the ability to disable RFID tags if necessary. This comes in very handy when the company actually sells oil drilling equipment to other companies. All Steven has to do is disable the RFID tag on the sold equipment and it cannot give up any information that was previously stored on it.
What technology allows Steven to disable the RFID tags once they are no longer needed?
A. Newer RFID tags can be disabled by using Terminator Switches built into the chips
B. RFID Kill Switches built into the chips enable Steven to disable them
C. The company's RFID tags can be disabled by Steven using Replaceable ROM technology
D. The technology used to disable an RFIP chip after it is no longer needed, or possibly stolen, is called RSA Blocking
Q290. Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.
Choose the attack type from the choices given below.
A. Database Fingerprinting
B. Database Enumeration
C. SQL Fingerprinting
D. SQL Enumeration
Explanation: He is trying to create a view of the characteristics of the target database, he is taking it’s fingerprints.