New Exam JN0-304 202 MB5-858 70-663 683 000-201 202 103 203 032 Exam dumps

January 15, 2010

EC-Council 312-50 exam demo for share

Filed under: EC-COUNCIL Cert News — Tags: , , — admin @ 5:23 am

EC-Council 312-50 exam demo for share

Exam:EC-Council 312-50
Title:Ethical Hacking and Countermeasures (CEHv6)

Exam 312-50 Summary

EC-Council 312-50 certification is designed to provide the foundation needed by every IT Security Professional. EC-Council curriculum provides broad range of skills and knowledge needed to build and manage an organization’s networking and security operations and to effectively utilize various resources to achieve operation excellence.

The EC-Council Certified Ethical Hacker has emerged as one of today’s most sought-after certifications.
This is the only official review guide to the test, covering all CEH exam objectives, from ethics and testing to securing wired and wireless networks.
Written industry expert Kimberly Graves, this concise, focused guide is ideal for people who have taken CEH classes and need a last-minute review.
The CD-ROM features two bonus exams, 150 flashcard questions, a searchable glossary of key terms, and hacking tools used in the EC-Council’s CEH training.
By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide to system security provides the tools necessary for approaching computers with the skill and understanding of an outside hacker. A useful tool for those involved in securing networks from outside tampering, this guide to CEH 312-50 certification provides a vendor-neutral perspective for security officers, auditors, security professionals, site admistrators, and others concerned with the integrity of network infrastructures. Complete coverage of footprinting, trojans and backdoors, sniffers, viruses and worms, and hacking Novell and Linux exposes common vulnerabilities and reveals the tools and methods used by security professionals when implementing countermeasures.

If you are reading this courseware, it is quite possible that you realize the importance of information systems security.

However, we would like to put forth our motive behind compiling a resource such as this one, and what you can gain from this course.

You might find yourself asking, why choose this course, when there are several out there. The truth is that there cannot be any single courseware that can address all the issues in a detailed manner. Moreover, the rate at which exploits/tools/methods are being discovered by the security community makes it difficult for anybody to cover it at one go. This doesn’t mean that this course is inadequate in any way.

We have tried to cover all major domains in such a manner that the reader will be able to appreciate the way security has evolved over time; as well as gain insight into the fundamental workings relevant to each domain. It is a blend of academic and practical wisdom, supplemented with tools that the reader can readily access and obtain a hands-on experience. The emphasis is on gaining the know-how, and this explains the leaning towards free and accessible tools. You will read about some of the most widespread attacks seen; the popular tools used by attackers and how attacks have been carried out from ordinary resources.

You may also want to know “After this course, what?” This courseware is a resource material. Any penetration tester can tell you that there is no one straight methodology or sequence of steps that you can follow while auditing a client site. There is no ONE template that will meet all your needs. Your testing strategy will vary with client, basic information enumeration, firewall penetration or other domains, you will find something in this courseware that you can definitely use.

Finally, this is not the end! This courseware is to be considered as a ‘work-in-progress’, because we will be adding value to this courseware over time. You may find some aspects detailed, while others may find it brief. The yardstick that we have used in this respect is simple – “does the content help explain the point at hand?” This doesn’t mean that we would not love to hear from you regarding your viewpoints and suggestions. Do send us your feedback so that we can make this course a more useful one.

TABLE OF CONTENT:
Module 01 – Introduction to Ethical Hacking
Module 02 – Footprinting
Module 03 – Scanning
Module 04 – Enumeration
Module 05 – System Hacking
Module 06 – Trojans and Backdoors
Module 07 – Sniffers
Module 08 – Denial of Service
Module 09 – Social Engineering
Module 10 – Session Hijacking
Module 11 – Hacking Web Servers
Module 12 – Web Application Vulnerabilities
Module 13 – Web Based Password Cracking Techniques
Module 14 – SQL Injection
Module 15 – Hacking Wireless Networks
Module 16 – Viruses
Module 17 – Novell Hacking
Module 18 – Linux Hacking
Module 19 – Evading IDS, Firewalls and Honeypots
Module 20 – Buffer Overflows
Module 21 – Cryptography

EC-Council  312-50 exam demo for share

1. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

A. The ethical hacker does not use the same techniques or skills as a cracker.

B. The ethical hacker does it strictly for financial motives unlike a cracker.

C. The ethical hacker has authorization from the owner of the target.

D. The ethical hacker is just a cracker who is getting paid.

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find

the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for

the  work  he  does, a ethical  hacker  has  the  owners  authorization  and  will get paid  even if he  does not

succeed to penetrate the target.

2. What does the term “Ethical Hacking” mean?

A. Someone who is hacking for ethical reasons.

B. Someone who is using his/her skills for ethical reasons.

C. Someone who is using his/her skills for defensive purposes.

D. Someone who is using his/her skills for offensive purposes.

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer against malicious persons

by using the same techniques and skills.

3. Who is an Ethical Hacker?

A. A person whohacksfor ethical reasons

B. A person whohacksfor an ethical cause

C. A person whohacksfor defensive purposes

D. A person whohacksfor offensive purposes

Answer: C

Explanation:  The  Ethical  hacker  is  a  security  professional  who  applies  his  hacking  skills  for  defensive

purposes.

4. What is “Hacktivism”?

A. Hacking for a cause

B. Hacking ruthlessly

C. An association which groups activists

D. None of the above

Answer: A

Explanation: The term was coined by author/critic Jason Logan Bill Sack in an article about media artist Shu

Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged

effects similar to regular activism or civil disobedience.

5. Where should a security tester be looking for information that could be used by an attacker against an

organization? (Select all that apply)

A. CHAT rooms

B. WHOIS database

C. News groups

D. Web sites

E. Search engines

F. Organization’s own web site

Answer: ABCDEF

Explanation: A Security tester should search for information everywhere that he/she can access. You never

know where you find that small piece of information that could penetrate a strong defense.

6. What are the two basic types of attacks?(Choose two.

A. DoS

B. Passive

C. Sniffing

D. Active

E. Cracking

Answer: BD

Explanation: Passive and active attacks are the two basic types of attacks.

7. You are footprinting Acme.com to gather competitive intelligence. You visit the acme.com websire for

contact information and telephone number numbers but do not find it listed there. You know that they had

the entire staff directory listed on their website 12 months ago but now it is not there. How would it be

possible for you to retrieve information from the website that is outdated?

A. Visit google search engine and view the cached copy.

B. Visit Archive.org site to retrieve the Internet archive of the acme website.

C. Crawl the entire website and store them into your computer.

D. Visit the company’s partners and customers website for this information.

Answer: B

Explanation: The Internet Archive (IA) is a non-profit organization dedicated to maintaining an archive of

Web and multimedia resources. Located at the Presidio in San Francisco, California, this archive includes

“snapshots of the World Wide Web” (archived copies of pages, taken at various points in time), software,

movies, books, and audio recordings (including recordings of live concerts from bands that allow it). This

site is found at www.archive.org.

8. User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail

fraud?

A. 18 U.S.C 1029 Possession of Access Devices

B. 18 U.S.C 1030 Fraud and related activity in connection with computers

C. 18 U.S.C 1343 Fraud by wire, radio or television

D. 18 U.S.C 1361 Injury to Government Property

E. 18 U.S.C 1362 Government communication systems

F. 18 U.S.C 1831 Economic Espionage Act

G. 18 U.S.C 1832 Trade Secrets Act

Answer: B

Explanation:http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030—-000-.html

9. Which of the following activities will NOT be considered as passive footprinting?

A. Go through the rubbish to find out any information that might have been discarded.

B. Search on financial site such as Yahoo Financial to identify assets.

C. Scan the range of IP address found in the target DNS database.

D. Perform multiples queries using a search engine.

Answer: C

Explanation:Passive  footprinting  is  a method  in  which  the  attacker  never  makes  contact with  the  target

systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the

systems behind the IP addresses that is targeted by the scan.

10. Which  one  of  the  following  is  defined  as  the  process  of  distributing  incorrect  Internet  Protocol  (IP)

addresses/names with the intent of diverting traffic?

A. Network aliasing

B. Domain Name Server (DNS) poisoning

C. Reverse Address Resolution Protocol (ARP)

D. Port scanning

Answer: B

Explanation:This reference is close to the one listed DNS poisoning is the correct answer. This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning.

www.test4pass.com

EC-Council 312-49 exam study guide

Filed under: EC-COUNCIL Cert News — Tags: , , — admin @ 5:21 am

EC-Council 312-49 exam study guide

Exam 312-49: Computer Hacking Forensic Investigator (CHFI)
Associated Certification:  Computer Hacking Forensic Investigator v3
Number of Questions: 50 multiple choice questions
Passing Score: 70%
Test Duration: 2 Hours

Topic Areas and Objectives for the EC-Council 312-49 exam include:
• Computer Forensics in Today’s World
• Law and Computer Forensics
• Computer Investigation Process
• Computer Forensic Lab
• Understanding File Systems and Hard Disks
• Understanding Digital Media Devices
• Windows, Linux and Macintosh Boot Processes
• Windows and Linux  Forensics
• Data Acquisition and Duplication
• Network Forensics and Investigating Logs
• Investigating Network Traffic
• Investigating Web Attacks
• Investigating DoS Attacks
• Investigating Internet Crimes

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud.

CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. Securing and analyzing electronic evidence is a central theme in an ever- increasing number of conflict situations and criminal cases.

312-49 exam is a EC-Council certification. With the complete collection of exam questions, Test4pass has assembled to take you through exam questions to your 312-49 Exam preparation. In the 312-49 exam resources, you will cover every field and category in EC-COUNCIL Certification helping to ready you for your successful EC-Council 312-49 Certification.

EC-Council 312-49 exam demo

1. As a CHFI professional, which of the following is the most important to your professional reputation?

A. Your Certifications

B. The correct, successful management of each and every case

C. The free that you charge

D. The friendship of local law enforcement officers

Answer: B

2. In conducting a computer abuse investigation you become aware that the suspect of the investigation is

using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide

you assistance with your investigation.

What assistance can the ISP provide?

A. The ISP can investigate anyone using their service and can provide you with assistance

B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of

their customers and therefore cannot assist you without a warrant

C. The ISP can’t conduct any type of investigations on anyone and therefore can’t assist you

D. ISP’s never maintain log files so they would be of no use to your investigation

Answer: B

3. You  are assisting in  the  investigation  of a  possible Web Server  Hack. The  company who  called you

stated that customers reported to them that whenever they entered the web address of the company in their

browser, what they received was a porno graphic web site. The company checked the web server and

nothing  appears  wrong.  When  you  type  in  the  IP  address  of  the  web  site  in  your  browser  everything

appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers,

resulting in those servers directing users to the wrong web site?

A. ARP Poisoning

B. DNS Poisoning

C. HTTP redirect attack

D. IP Spoofing

Answer: B

4. You are working as an independent computer forensics investigator and receive a call from a systems

administrator for a local school system requesting your assistance. One of the students at the local high

school is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab.

When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made

a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine that

drive for evidence of the suspected images. You inform him that a simple backup copy will not provide

deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence

found is complete and admissible in future proceedings?

A. Bit-stream Copy

B. Robust Copy

C. Full backup Copy

D. Incremental Backup Copy

Answer: A

5. Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While

conducting the search, officers observe an item of evidence for an unrelated crime that was not included in

the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the

term used to describe how this evidence is admissible?

A. Plain view doctrine

B. Corpus delicti

C. Locard Exchange Principle

D. Ex Parte Order

Answer: A

6. Microsoft Outlook maintains email messages in a proprietary format in what type of file?

A. .email

B. .mail

C. .pst

D. .doc

Answer: C

7. The efforts to obtain information before a trail by demanding documents, depositions, questioned and

answers  written  under  oath,  written  requests  for  admissions  of  fact  and  examination  of  the  scene  is  a

description of what legal term?

A. Detection

B. Hearsay

C. Spoliation

D. Discovery

Answer: D

8.  The  rule  of  thumb  when  shutting  down  a  system  is  to  pull  the  power  plug.  However,  it  has  certain

drawbacks. Which of the following would that be?

A. Any data not yet flushed to the system will be lost

B. All running processes will be lost

C. The /tmp directory will be flushed

D. Power interruption will corrupt the pagefile

Answer: AB

9. You are a computer forensics investigator working with local police department and you are called to

assist in an investigation of threatening emails. The complainant has printer out 27 email messages from

the suspect and gives the printouts to you. You inform her that you will need to examine her computer

because you need access to the ________ in order to track the emails back to the suspect.

A. Routing Table

B. Firewall log

C. Configuration files

D. Email Header

Answer: D

10. Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access

rights or others features that they may need in order to accomplish their objectives. One simple method for

loading an application at startup is to add an entry (Key) to the following Registry Hive:

A. HKEY_LOCAL_MACHINE\hardware\windows\start

B. HKEY_LOCAL_USERS\Software|Microsoft\old\Version\Load

C. HKEY_CURRENT_USER\Microsoft\Default

D. HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Run

Answer: D

www.test4pass.com

January 14, 2010

New 312-50 Exam questions answers

Filed under: EC-COUNCIL Cert News — Tags: , — admin @ 3:45 am

Test4pass.com is your source for the ECCOUNCIL 312-50 exam. With our 312-50 Exam Resources, you can be rest assured that you will be fully prepared to take on your 312-50 Exam.

Our Exams are written and formatted by Top senior IT Professionals working in today’s prospering companies and data centers. All of our practice exams including the 312-50 exam will prepare you for success.

Test4pass 312-50 braindumps Demo
1. While reviewing the results of a scan run against a target network you come across the following:
What was used to obtain this output?
A. An SNMP Walk
B. Hping2 diagnosis
C. A Bo2K System query
D. Nmap protocol/port scan
Answer: A
Explanation: The snmpwalk command is designed to perform a sequence of chained GETNEXT requests automatically, rather than having to issue the necessary snmpgetnext requests by hand. The command takes a single OID, and will display a list of all the results which lie within the subtree rooted on this OID.

2. 
Which of the following nmap command in Linux procedures the above output?
A. sudo nmap -sP 192.168.0.1/24
B. root nmap -sA 192.168.0.1/24
C. run nmap -TX 192.168.0.1/24
D. launch nmap -PP 192.168.0.1/24
Answer: A
Explanation: This is an output from a ping scan. The option -sP will give you a ping scan of the 192.168.0.1/24 network.

3. SNMP is a protocol used to query hosts, servers and devices about performance or health status data. Hackers have used this protocol for a long time to gather great amount of information about remote hosts. Which of the following features makes this possible?
A. It is susceptible to sniffing
B. It uses TCP as the underlying protocol
C. It is used by ALL devices on the market
D. It uses a community string sent as clear text
Answer: AD
Explanation: SNMP uses UDP, not TCP, and even though many devices uses SNMP not ALL devices use it and it can be disabled on most of the devices that does use it. However SNMP is susceptible to sniffing and the community string (which can be said acts as a password) is sent in clear text.

4. Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that can’t be easily guessed but there remain people who attempt to compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed?
A. The attacker guessed the new name
B. The attacker used the user2sid program
C. The attacker used to sid2user program
D. The attacker used NMAP with the V option
Answer: C
Explanation: User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection.

5. SNMP is a connectionless protocol that uses UDP instead of TCP packets? (True or False)
A. True
B. False
Answer: A

312-50 is a challenging exam, with our ECCOUNCIL 312-50 study guide, you can feel safe with our question and answer explanations that will help you in obtaining your successful completion of your 312-50 exam.

With many online resources for preparing for the 312-50 exam, you will notice when you read the below information that Test4pass.com is your premier source for your 312-50 exam. With our 312-50 practice tests with explanations, no other vendor will be able to compare to Test4pass.com for quality 312-50 study guides.

Our Exam 312-50 Preparation Material provides you everything you will need to take your 312-50 Exam. The 312-50 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, logical and verified explanations for the answers.

test4pass 312-49 exam practice tests

Filed under: EC-COUNCIL Cert News — Tags: , — admin @ 3:34 am

Questions and answers of Test4pass are 100% correct, for they have been proved by IT professional and thousands of our users. Keep these answers and explanations in your mine, you are certain to pass the 312-49 exam without any difficult.

Test4pass is surely a passport to success in EC-COUNCIL exam certification exam testing. If by any chance you failed the exam on your first try, you can get back all purchase fees on the Test4pass Test4pass 312-49 exam by providing the proof of the failed exam. So you can feel assured that you will lose nothing by having a try on Test4pass.

Exam Number/Code : 312-49
Exam Name : Computer Hacking Forensic Investigator
Questions and Answers : 141 Q&As
Update Time: 2009-12-24
Achieving a certification after passing the EC-COUNCIL exam also announces to your peers and employer that you are abreast of current technology trends and familiar with the latest EC-COUNCIL certification software and networking protocols.

Test4pass makes sure you can pass the 312-49 braindumps easier and safe.Because it offer all kind of the 312-49 exam resources.

Exams Audio’s advanced EC-COUNCIL 312-49 Certification Exam Training Tools will help you like they have helped many before you. You can pass this EC-COUNCIL 312-49 Exam with confidence covering all EC-COUNCIL 312-49 Exam Objectives with the help of our EC-COUNCIL 312-49 Brain dumps, EC-COUNCIL 312-49 Brain dumps, EC-COUNCIL 312-49 Sample Questions and EC-COUNCIL 312-49 Free Notes. In comparison to all the other websites providing online EC-COUNCIL 312-49 Training Tools, our EC-COUNCIL 312-49 dumps and EC-COUNCIL 312-49 Training Tools are the best in quality and price.

With the help of Test4pass you cann’t worry about 312-49 exam.

312-49 dumps,312-49 training tests,312-49 study guide,312-49 exam materials,312-49 practice tests,312-49 questions and answers all be offered by Test4pass.

1. What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
A. rootkit
B. key escrow
C. steganography
D. Offset
Answer: C

2. During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:
A. Inculpatory evidence
B. mandatory evidence
C. exculpatory evidence
D. Terrible evidence
Answer: C

3. Corporate investigations are typically easier than public investigations because:
A. the investigator has to get a warrant
B. the users have standard corporate equipment and software
C. the investigator does not have to get a warrant
D. the users can load whatever they want on their machines
Answer: B

4. What binary coding is used most often for e-mail purposes?
A. MIME
B. Uuencode
C. IMAP
D. SMTP
Answer: A

5. If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
A. The system files have been copied by a remote attacker
B. The system administrator has created an incremental backup
C. The system has been compromised using a t0rn rootkit
D. Nothing in particular as these can be operational files
Answer: D

  • Nortel – 922-101
  • Cisco – 646-985
  • EC-COUNCIL – 312-49
  • Apple – 9L0-510
  • EC-COUNCIL – 312-50
  • Apple – 9L0-403
  • APC – DU0-001
  • Symantec – ST0-058

    • Powered by WordPress