Topic 2, Footprinting
While footprinting a network, what port/service should you look for to attempt a zone
transfer?
A.
53 UDP
B.
53 TCP
C.
25 UDP
D.
25 TCP
E.
161 UDP
F.
22 TCP
G.
60 TCP
53 TCP
Explanation: IF TCP port 53 is detected, the opportunity to attempt a zone transfer is
there.
Which of the following tools are used for footprinting?(Choose four.)
A.
Sam Spade
B.
NSLookup
C.
Traceroute
D.
Neotrace
E.
Cheops
Sam Spade
NSLookup
Traceroute
Neotrace
Explanation: All of the tools listed are used for footprinting except Cheops.
A very useful resource for passively gathering information about a target company
is:
A.
Host scanning
B.
Whois search
C.
Traceroute
D.
Ping sweep
Whois search
Explanation: A, C & D are "Active" scans, the question says: "Passively"
Which of the following activities will NOT be considered as passive footprinting?
A.
Go through the rubbish to find out any information that might have been discarded.
B.
Search on financial site such as Yahoo Financial to identify assets.
C.
Scan the range of IP address found in the target DNS database.
D.
Perform multiples queries using a search engine.
Scan the range of IP address found in the target DNS database.
Explanation: Passive footprinting is a method in which the attacker never makes contact
with the target systems. Scanning the range of IP addresses found in the target DNS is
considered making contact to the systems behind the IP addresses that is targeted by the
scan.
User which Federal Statutes does FBI investigate for computer crimes involving email
scams and mail fraud?
A.
18 U.S.C 1029 Possession of Access Devices
B.
18 U.S.C 1030 Fraud and related activity in connection with computers
C.
18 U.S.C 1343 Fraud by wire, radio or television
D.
18 U.S.C 1361 Injury to Government Property
E.
18 U.S.C 1362 Government communication systems
F.
18 U.S.C 1831 Economic Espionage Act
G.
18 U.S.C 1832 Trade Secrets Act
18 U.S.C 1030 Fraud and related activity in connection with computers
Explanation: http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030--
000-.html
Network Administrator Patricia is doing an audit of the network. Below are some of
her findings concerning DNS. Which of these would be a cause for alarm?
Select the best answer.
A.
There are two external DNS Servers for Internet domains. Both are AD integrated.
B.
All external DNS is done by an ISP.
C.
Internal AD Integrated DNS servers are using private DNS names that are
D.
unregistered.
E.
Private IP addresses are used on the internal network and are registered with the
internal AD integrated DNS server.
There are two external DNS Servers for Internet domains. Both are AD integrated.
Explanation: Explanations:
A. There are two external DNS Servers for Internet domains. Both are AD integrated. This
is the correct answer. Having an AD integrated DNS external server is a serious cause for
alarm. There is no need for this and it causes vulnerability on the network.
B. All external DNS is done by an ISP.
This is not the correct answer. This would not be a cause for alarm. This would actually
reduce the company's network risk as it is offloaded onto the ISP.
C. Internal AD Integrated DNS servers are using private DNS names that are
unregistered. This is not the correct answer. This would not be a cause for alarm. This
would actually reduce the company's network risk.
D. Private IP addresses are used on the internal network and are registered with the
internal AD integrated DNS server.
This is not the correct answer. This would not be a cause for alarm. This would actually
reduce the company's network risk.
You receive an email with the following message:
Hello Steve,
We are having technical difficulty in restoring user database record after the recent
blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and
change your password.
Question No : 31 - (Topic 2)
ECCouncil 312-50 : Practice Test
Best Solution to Pass Your Exam 21
http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently disabled
locking you out from our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you
have been using their e-mail services for the last 2 years and they have never sent
out an e-mail such as this. You also observe the URL in the message and confirm
your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers.
You immediately enter the following at Windows 2000 command prompt:
Ping 0xde.0xad.0xbe.0xef
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
A.
222.173.190.239
B.
233.34.45.64
C.
54.23.56.55
D.
199.223.23.45
222.173.190.239
Explanation: 0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239
To what does “message repudiation” refer to what concept in the realm of email
security?
A.
Message repudiation means a user can validate which mail server or servers a message
was passed through.
B.
Message repudiation means a user can claim damages for a mail message that
damaged their reputation.
C.
Message repudiation means a recipient can be sure that a message was sent from a
particular person.
D.
Message repudiation means a recipient can be sure that a message was sent from a
certain host.
E.
Message repudiation means a sender can claim they did not actually send a particular
message.
Message repudiation means a sender can claim they did not actually send a particular
message.
Explanation: A quality that prevents a third party from being able to prove that a
communication between two other parties ever took place. This is a desirable quality if you
do not want your communications to be traceable.
Non-repudiation is the opposite quality—a third party can prove that a communication
between two other parties took place. Non-repudiation is desirable if you want to be able to
trace your communications and prove that they occurred. Repudiation – Denial of message
submission or delivery.
Your lab partner is trying to find out more information about a competitors web site.
The site has a .com extension. She has decided to use some online whois tools and
look in one of the regional Internet registrys. Which one would you suggest she
looks in first?
A.
LACNIC
B.
ARIN
C.
APNIC
D.
RIPE
E.
AfriNIC
ARIN
Explanation: Regional registries maintain records from the areas from which they govern.
ARIN is responsible for domains served within North and South America and therefore,
would be a good starting point for a .com domain.
NSLookup is a good tool to use to gain additional information about a target
network. What does the following command accomplish?
nslookup
> server <ipaddress>
> set type =any
> ls -d <target.com>
A.
Enables DNS spoofing
B.
Loads bogus entries into the DNS table
C.
Verifies zone security
D.
Performs a zone transfer
E.
Resets the DNS cache
Performs a zone transfer
Explanation: If DNS has not been properly secured, the command sequence displayed
above will perform a zone transfer.
The FIN flag is set and sent from host A to host B when host A has no more data to
transmit (Closing a TCP connection). This flag releases the connection resources.
However, host A can continue to receive data as long as the SYN sequence number
of transmitted packets from host B are lower than the packet segment containing the
set FIN flag.
A.
True
B.
False
True
Explanation: For sequence number purposes, the SYN is considered to occur before the
first actual data octet of the segment in which it occurs, while the FIN is considered to occur
after the last actual data octet in a segment in which it occurs. So packets receiving out of
order will still be accepted
Why would an attacker want to perform a scan on port 137?
A.
To discover proxy servers on a network
B.
To disrupt the NetBIOS SMB service on the target host
C.
To check for file and print sharing on Windows systems
D.
To discover information about a target host using NBTSTAT
To discover information about a target host using NBTSTAT
Explanation: Microsoft encapsulates netbios information within
TCP/Ip using ports 135-139. It is trivial for an attacker to issue the
following command:
nbtstat -A (your Ip address)
from their windows machine and collect information about your windows
machine (if you are not blocking traffic to port 137 at your borders).
| Page 3 out of 64 Pages |
| Previous |