Question # 1
Rebecca is a security analyst and knows of a local root exploit that has the ability to
enable local users to use available exploits to gain root privileges. This vulnerability
exploits a condition in the Linux kernel within the execve() system call. There is no
known workaround that exists for this vulnerability. What is the correct action to be
taken by Rebecca in this situation as a recommendation to management?
|
| A. Rebecca should make a recommendation to disable the () system call
| | B. Rebecca should make a recommendation to upgrade the Linux kernel promptly
| | C. Rebecca should make a recommendation to set all child-process to sleep within the
execve()
| | D. Rebecca should make a recommendation to hire more system administrators to monitor
all child processes to ensure that each child process can't elevate privilege
|
B.
Rebecca should make a recommendation to upgrade the Linux kernel promptly
Question # 2
What is Cygwin?
|
| A. Cygwin is a free C++ compiler that runs on Windows
| | B. Cygwin is a free Unix subsystem that runs on top of Windows
| | C. Cygwin is a free Windows subsystem that runs on top of Linux
| | D. Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment |
B.
Cygwin is a free Unix subsystem that runs on top of Windows
Explanation: Cygwin is a Linux-like environment for Windows. It consists of two parts:
A DLL (cygwin1.dll) which acts as a Linux API emulation layer providing substantial Linux
API functionality.
A collection of tools which provide Linux look and feel.
The Cygwin DLL works with all non-beta, non "release candidate", ix86 32 bit versions of
Windows since Windows 95, with the exception of Windows CE.
Question # 3
John is discussing security with Jane. Jane had mentioned to John earlier that she
suspects an LKM has been installed on her server. She believes this is the reason
that the server has been acting erratically lately. LKM stands for Loadable Kernel
Module.
What does this mean in the context of Linux Security? |
| A. Loadable Kernel Modules are a mechanism for adding functionality to a file system
without requiring a kernel recompilation.
| | B. Loadable Kernel Modules are a mechanism for adding functionality to an operatingsystem
kernel after it has been recompiled and the system rebooted.
| | C. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system
kernel without requiring a kernel recompilation.
| | D. Loadable Kernel Modules are a mechanism for adding functionality to an operatingsystem
kernel without requiring a kernel recompilation.
|
D.
Loadable Kernel Modules are a mechanism for adding functionality to an operatingsystem
kernel without requiring a kernel recompilation.
Explanation: Loadable Kernel Modules, or LKM, are object files that contain code to
extend the running kernel, or so-called base kernel, without the need of a kernel
recompilation. Operating systems other than Linux, such as BSD systems, also provide
support for LKM's. However, the Linux kernel generally makes far greater and more
versatile use of LKM's than other systems. LKM's are typically used to add support for new
hardware, filesystems or for adding system calls. When the functionality provided by an
LKM is no longer required, it can be unloaded, freeing memory.
Question # 4
Joe the Hacker breaks into company’s Linux system and plants a wiretap program in
order to sniff passwords and user accounts off the wire. The wiretap program is
embedded as a Trojan horse in one of the network utilities. Joe is worried that
network administrator might detect the wiretap program by querying the interfaces
to see if they are running in promiscuous mode.
Running “ifconfig –a” will produce the following:
# ifconfig –a
1o0: flags=848<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
inet 127.0.0.1 netmask ff000000hme0:
flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST> mtu
1500
inet 192.0.2.99 netmask ffffff00 broadcast 134.5.2.255 ether
8:0:20:9c:a2:35
What can Joe do to hide the wiretap program from being detected by ifconfig
command? |
| A. Block output to the console whenever the user runs ifconfig command by running screen
capture utiliyu
| | B. Run the wiretap program in stealth mode from being detected by the ifconfig command.
| | C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous
information being displayed on the console.
| | D. You cannot disable Promiscuous mode detection on Linux systems.
|
C.
Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous
information being displayed on the console.
Explanation: The normal way to hide these rogue programs running on systems is the use
crafted commands like ifconfig and ls.
Question # 5
Bob is a Junior Administrator at ABC Company. On One of Linux machine he
entered the following firewall rules:
iptables –t filter –A INPUT -p tcp -dport 23 –j DROP
Why he entered the above line? |
| A. To accept the Telnet connection
| | B. To deny the Telnet connection
| | C. The accept all connection except telnet connection
| | D. None of Above
|
B.
To deny the Telnet connection
Explanation:
-t, -table
This option specifies the packet matching table which the command should operate on. If
the kernel is configured with automatic module loading, an attempt will be made to load the
appropriate module for that table if it is not already there.
The tables are as follows: filter This is the default table, and contains the built-in chains
INPUT (for packets coming into the box itself), FORWARD (for packets being routed
through the box), and OUTPUT (for locally-generated packets). nat This table is consulted
when a packet which is creates a new connection is encountered. It consists of three builtins:
PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering
locally-generated packets before routing), and POSTROUTING (for altering packets as
they are about to go out). mangle This table is used for specialized packet alteration. It has
two built-in chains: PREROUTING (for altering incoming packets before routing) and
OUTPUT (for altering locally-generated packets before routing).
-A, -append
Append one or more rules to the end of the selected chain. When the source and/or
destination names resolve to more than one address, a rule will be added for each possible
address combination.
-p, -protocol [!] protocol
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp,
udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a
different one. Also a protocol name from /etc/protocols is allowed. A "!" argument before
the protocol inverts the test. The number zero is equivalent to all. Protocol all will match
with all protocols and is taken as default when this option is omitted. All may not be used in combination with the check command.
-destination-port [!] [port[:port]]
Destination port or port range specification. The flag -dport is an alias for this option.
-j, -jump target
This specifies the target of the rule; ie. what to do if the packet matches it. The target can
be a user-defined chain (not the one this rule is in), one of the special builtin targets which
decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If
this option is omitted in a rule, then matching the rule will have no effect on the packet's
fate, but the counters on the rule will be incremented.
Question # 6
What is the expected result of the following exploit?
|
| A. Opens up a telnet listener that requires no username or password.
| | B. Create a FTP server with write permissions enabled.
| | C. Creates a share called “sasfile” on the target system.
| | D. Creates an account with a user name of Anonymous and a password of
noone@nowhere.com.
|
A.
Opens up a telnet listener that requires no username or password.
Explanation:
The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) -
- $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP,
username, and FTP password. $host is set to argument variable 0 (which means the string
typed directly after the command). Essentially what happens is it connects to an FTP
server and downloads nc.exe (the TCP/IP swiss-army knife - netcat) and uses nc to open
a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP),
cmd.exe when spawned requires NO username or password and has the permissions of
the username it is being executed as (probably guest in this instance, although it could be
administrator). The #'s in the script means the text following is a comment, notice the last
line in particular, if the # was removed the script would spawn a connection to itself, the
host system it was running on.
Question # 7
You have just installed a new Linux file server at your office. This server is going to
be used by several individuals in the organization, and unauthorized personnel must
not be able to modify any data.
What kind of program can you use to track changes to files on the server?
|
| A. Network Based IDS (NIDS)
| | B. Personal Firewall
| | C. System Integrity Verifier (SIV)
| | D. Linux IP Chains |
C.
System Integrity Verifier (SIV)
Explanation: System Integrity Verifiers like Tripwire aids system administrators and users
in monitoring a designated set of files for any changes. Used with system files on a regular
(e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files,
so damage control measures can be taken in a timely manner.
Question # 8
Clive is conducting a pen-test and has just port scanned a system on the network.
He has identified the operating system as Linux and been able to elicit responses
from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as
running SMTP service and port 53 as running DNS service. The client confirms these
findings and attests to the current availability of the services. When he tries to telnet
to port 23 or 25, he gets a blank screen in response. On typing other commands, he
sees only blank spaces or underscores symbols on the screen. What are you most
likely to infer from this?
|
| A. The services are protected by TCP wrappers
| | B. There is a honeypot running on the scanned machine
| | C. An attacker has replaced the services with trojaned ones | | D. This indicates that the telnet and SMTP server have crashed |
A.
The services are protected by TCP wrappers
Explanation: Explanation: TCP Wrapper is a host-based network ACL system, used to
filter network access to Internet protocol services run on (Unix-like) operating systems such
as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query
replies, to be used as tokens on which to filter for access control purposes.
Question # 9
Rebecca has noted multiple entries in her logs about users attempting to connect on
ports that are either not opened or ports that are not for public usage. How can she
restrict this type of abuse by limiting access to only specific IP addresses that are
trusted by using one of the built-in Linux Operating System tools?
|
| A. Ensure all files have at least a 755 or more restrictive permissions.
| | B. Configure rules using ipchains.
| | C. Configure and enable portsentry on his server.
| | D. Install an intrusion detection system on her computer such as Snort. |
B.
Configure rules using ipchains.
Explanation: ipchains is a free software based firewall for Linux. It is a rewrite of Linux's
previous IPv4 firewalling code, ipfwadm. In Linux 2.2, ipchains is required to administer the
IP packet filters. ipchains was written because the older IPv4 firewall code used in Linux 2.0 did not work with IP fragments and didn't allow for specification of protocols other than
TCP, UDP, and ICMP.
Question # 10
Peter is a Linux network admin. As a knowledgeable security consultant, he turns to
you to look for help on a firewall. He wants to use Linux as his firewall and use the
latest freely available version that is offered. What do you recommend?
Select the best answer.
|
| A. Ipchains
| | B. Iptables
| | C. Checkpoint FW for Linux
| | D. Ipfwadm |
Explanation: Explanations:
Ipchains was improved over ipfwadm with its chaining mechanism so that it can have
multiple rulesets. However, it isn't the latest version of a free Linux firewall. Iptables
replaced ipchains and is the latest of the free Linux firewall tools. Any Checkpoint firewall is
not going to meet Jason's desire to have a free firewall. Ipfwadm is used to build Linux
firewall rules prior to 2.2.0. It is a outdated version.
Get 765 Certified Ethical Hacker questions Access in less then $0.12 per day.
ECCouncil Bundle 1:
1 Month PDF Access For All ECCouncil Exams with Updates
$100
$400
Buy Bundle 1
ECCouncil Bundle 2:
3 Months PDF Access For All ECCouncil Exams with Updates
$200
$800
Buy Bundle 2
ECCouncil Bundle 3:
6 Months PDF Access For All ECCouncil Exams with Updates
$300
$1200
Buy Bundle 3
ECCouncil Bundle 4:
12 Months PDF Access For All ECCouncil Exams with Updates
$400
$1600
Buy Bundle 4
Disclaimer: Fair Usage Policy - Daily 5 Downloads
Certified Ethical Hacker Exam Dumps
Exam Code: 312-50
Exam Name: Certified Ethical Hacker
- 90 Days Free Updates
- ECCouncil Experts Verified Answers
- Printable PDF File Format
- 312-50 Exam Passing Assurance
Get 100% Real 312-50 Exam Dumps With Verified Answers As Seen in the Real Exam. Certified Ethical Hacker Exam Questions are Updated Frequently and Reviewed by Industry TOP Experts for Passing CEH Certified Ethical Hacker Exams Exam Quickly and Hassle Free.
ECCouncil 312-50 Test Dumps
Struggling with Certified Ethical Hacker preparation? Get the edge you need! Our carefully created 312-50 test dumps give you the confidence to pass the exam. We offer:
1. Up-to-date CEH Certified Ethical Hacker Exams practice questions: Stay current with the latest exam content.
2. PDF and test engine formats: Choose the study tools that work best for you.
3. Realistic ECCouncil 312-50 practice exam: Simulate the real exam experience and boost your readiness.
Pass your CEH Certified Ethical Hacker Exams exam with ease. Try our study materials today!
Official Certified Ethical Hacker exam info is available on Eccouncil website at https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/
Prepare your CEH Certified Ethical Hacker Exams exam with confidence!We provide top-quality 312-50 exam dumps materials that are:
1. Accurate and up-to-date: Reflect the latest ECCouncil exam changes and ensure you are studying the right content.
2. Comprehensive Cover all exam topics so you do not need to rely on multiple sources.
3. Convenient formats: Choose between PDF files and online Certified Ethical Hacker practice questions for easy studying on any device.
Do not waste time on unreliable 312-50 practice test. Choose our proven CEH Certified Ethical Hacker Exams study materials and pass with flying colors. Try Dumps4free Certified Ethical Hacker 2024 material today!
-
Assurance
Certified Ethical Hacker practice exam has been updated to reflect the most recent questions from the ECCouncil 312-50 Exam.
-
Demo
Try before you buy! Get a free demo of our CEH Certified Ethical Hacker Exams exam dumps and see the quality for yourself. Need help? Chat with our support team.
-
Validity
Our ECCouncil 312-50 PDF contains expert-verified questions and answers, ensuring you're studying the most accurate and relevant material.
-
Success
Achieve 312-50 success! Our Certified Ethical Hacker exam questions give you the preparation edge.
If you have any question then contact our customer support at live chat or email us at support@dumps4free.com.
|
