Friday, 23 February 2018

EcCouncil 312-50v8 Question Answer

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?

A. Attacker generates TCP SYN packets with random destination addresses towards a victim host
B. Attacker floods TCP SYN packets with random source addresses towards a victim host
C. Attacker generates TCP ACK packets with random source addresses towards a victim host
D. Attacker generates TCP RST packets with random source addresses towards a victim host

Answer: B

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.
What would Yancey be considered?

A. Yancey would be considered a Suicide Hacker
B. Since he does not care about going to jail, he would be considered a Black Hat
C. Because Yancey works for the company currently; he would be a White Hat
D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Answer: A

Friday, 22 December 2017

EcCouncil 312-50v8 Question Answer

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.
B. He can send an IP packet with the SYN bit and the source address of his computer.
C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.
D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Answer: D

Within the context of Computer Security, which of the following statements describes Social Engineering best?

A. Social Engineering is the act of publicly disclosing information
B. Social Engineering is the means put in place by human resource to perform time accounting
C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
D. Social Engineering is a training program within sociology studies

Answer: C

Wednesday, 8 November 2017

EcCouncil 312-50v8 Question Answer

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

A. Implementing server-side PKI certificates for all connections
B. Mandating only client-side PKI certificates for all connections
C. Requiring client and server PKI certificates for all connections
D. Requiring strong authentication for all DNS queries

Answer: C

Which command line switch would be used in NMAP to perform operating system detection?

A. -OS
B. -sO
C. -sP
D. -O

Answer: D

Wednesday, 13 September 2017

EcCouncil 312-50v8 Question Answer

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

A. Spoofing an IP address
B. Tunneling scan over SSH
C. Tunneling over high port numbers
D. Scanning using fragmented IP packets

Answer: B

A circuit level gateway works at which of the following layers of the OSI Model?

A. Layer 5 - Application
B. Layer 4 TCP
C. Layer 3 Internet protocol
D. Layer 2 Data link

Answer: B

Sunday, 7 May 2017

Red Education Signs Security Training Deal With Symantec, EC-Council

IT education firm Red Education has signed agreements with Symantec and EC-Council with a third vendor expected to be announced this week.
Alliances are part of Red Education's journey to become an Authorized Training Partner with companies throughout the APAC region.
The partnership with Symantec will give access to Red Education to the entire Symantec course portfolio for its suite of enterprise solutions.
"Cyber security is a top priority for all businesses, government agencies and cloud providers, and the Asia-Pacific region is experiencing staggeringly high levels of attacks in all regions," said Rob Howard, managing director of Red Education.
Howard says the company will offer Symantec's full training, which complements current training schemes with the likes of Blue Coat.
Commenting on the partnership, Symantec Education Services senior director Sarah Grace said that Red Education was chosen for its expertise in cyber security training.
The company has also partnered with EC-Council, the International Council of Electronic Commerce Consultants.
Red Education will offer a range of EC-Council classes in a public schedule, as well as closed classes for clients.
"We see tremendous synergy in this partnership as Red Education has a wealth of experience in providing basic cybersecurity technology training to Asia Pacific cyber security communities," said Sean Lim, EC-Council's chief operating officer.
A partnership with a third company is expected to be announced this week.
"Red Education is ready to empower the human element to manage these systems to minimize the ever-present risks," Howard concludes.

Thursday, 1 September 2016

Pass4sure 312-50v8 Question Answer

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? 

A. white box
B. grey box
C. red box
D. black box

Answer: D

Which of the following is a detective control? 

A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan

Answer: C

Wednesday, 13 July 2016

Stay On The Good Side With This Ethical Hacker Bonus Bundle [DEALS]


Although originally referring to a more innocent though mostly defiant pursuits, "hacking" has taken a negative character, especially in mainstream media. Now associated more with unauthorized intrusions into servers, websites, and computers, hacking is mostly regarded as an activity that only criminals and miscreants take part of. Hacking, however, can also be used for good, to highlight weaknesses and holes in security system. This is what is commonly called as ethical, or "white hat", hacking, and this Ethical Hacker Bonus Bundle will teach you how exactly to become one.

There has been a frightening rise in the number of incidents surrounding compromised services, defaced websites, and stolen personal data. Hackers are, naturally, blamed for such criminal activities. But in order to harden a computer network or system, one has to know the weakest links and unintended backdoors. And who better to know that than hackers themselves.

Enter the ethical hacker, a rare breed of the computer elite who do enjoy breaking down virtual doors or snooping around digital fences but who also believe in preserving privacy and security for the common good. It also happens to be a fast-growing lucrative source of income, especially considering recent events. Now you can start your journey into becoming one of those white hat hackers with this course. Learn about they types of security layers and how to peel them like onions, or how to lure unsuspecting users into a malware-laden trap.

Hopefully, of course, this knowledge will be used in order to improve the state of security over the Internet as well as on mobile devices. Collecting 9 courses containing dozens of hours of video content and hundreds of lectures, the Ethical Hacker Bonus Bundle is yours for a lifetime for only $49.