EC-COUNCIL 312-50V11 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V11 Online Questions & Answers

• Question 371:

  What did the following commands determine?

  

  A. That the Joe account has a SID of 500
  B. These commands demonstrate that the guest account has NOT been disabled
  C. These commands demonstrate that the guest account has been disabled
  D. That the true administrator is Joe
  E. Issued alone, these commands prove nothing
  D. That the true administrator is Joe

• Question 372:

  You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

  A. Social engineering
  B. Piggybacking
  C. Tailgating
  D. Eavesdropping
  A. Social engineering

• Question 373:

  Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

  A. Nmap
  B. Burp Suite
  C. CxSAST
  D. Wireshark
  B. Burp Suite

• Question 374:

  If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

  A. Birthday
  B. Brute force
  C. Man-in-the-middle
  D. Smurf
  B. Brute force

• Question 375:

  While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

  A. -sA
  B. -sX
  C. -sT
  D. -sF
  A. -sA

• Question 376:

  Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

  A. ophcrack
  B. Hootsuite
  C. VisualRoute
  D. HULK
  B. Hootsuite

• Question 377:

  Vlady works in a fishing company where the majority of the employees have very little understanding of IT let alone IT Security. Several information security issues that Vlady often found includes, employees sharing password, writing his/her password on a post it note and stick it to his/her desk, leaving the computer unlocked, didn't log out from emails or other social media accounts, and etc.

  After discussing with his boss, Vlady decided to make some changes to improve the security environment in his company. The first thing that Vlady wanted to do is to make the employees understand the importance of keeping confidential information, such as password, a secret and they should not share it with other persons.

  Which of the following steps should be the first thing that Vlady should do to make the employees in his company understand to importance of keeping confidential information a secret?

  A. Warning to those who write password on a post it note and put it on his/her desk
  B. Developing a strict information security policy
  C. Information security awareness training
  D. Conducting a one to one discussion with the other employees about the importance of information security
  A. Warning to those who write password on a post it note and put it on his/her desk

• Question 378:

  in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

  A. Chop chop attack
  B. KRACK
  C. Evil twin
  D. Wardriving
  B. KRACK

• Question 379:

  Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

  A. The switches will drop into hub mode if the ARP cache is successfully flooded.
  B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
  C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
  D. The switches will route all traffic to the broadcast address created collisions.
  A. The switches will drop into hub mode if the ARP cache is successfully flooded.

• Question 380:

  There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

  A. WEP
  B. RADIUS
  C. WPA
  D. WPA3
  A. WEP