Download Ec-council.Examsheets.312-50.v2014-02-04.by.Batista

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Transcript
Explanation/Reference:
Explanation:
The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and
users,in this case netstat,ps,and top,for a complete list of commonly trojaned and rootkited software please
reference this URL: http://www.usenix.org/publications/login/1999- 9/features/rootkits.html
QUESTION 672
John wishes to install a new application onto his Windows 2000 server.
He wants to ensure that any application he uses has not been Trojaned.
What can he do to help ensure this?
A.
B.
C.
D.
Compare the file's MD5 signature with the one published on the distribution media
Obtain the application via SSL
Compare the file's virus signature with the one published on the distribution media
Obtain the application from a CD-ROM disc
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: MD5 was developed by Professor Ronald L. Rivest of MIT. What it does,to quote the executive
summary of rfc1321,is:
[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128- bit "fingerprint"
or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages
having the same message digest,or to produce any message having a given prespecified target message
digest. The MD5 algorithm is intended for digital signature applications,where a large file must be "compressed"
in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as
RSA.
In essence,MD5 is a way to verify data integrity,and is much more reliable than checksum and many other
commonly used methods.
QUESTION 673
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan
communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of
the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port
number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number
by decoding the packet?
A.
B.
C.
D.
Port 1890 (Net-Devil Trojan)
Port 1786 (Net-Devil Trojan)
Port 1909 (Net-Devil Trojan)
Port 6667 (Net-Devil Trojan)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: From trace,0x1A0B is 6667,IRC Relay Chat,which is one port used. Other ports are in the 900's.
Document related concepts

Computer and network surveillance wikipedia, lookup

Computer security compromised by hardware failure wikipedia, lookup