EC-COUNCIL CEH v11 312-50V11 Questions & Answers

• Question 31:

  John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?

  A. Use his own public key to encrypt the message.

  B. Use Marie's public key to encrypt the message.

  C. Use his own private key to encrypt the message.

  D. Use Marie's private key to encrypt the message.

  Correct Answer: B

• Question 32:

  Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

  A. Port 53

  B. Port 23

  C. Port 50

  D. Port 80

  Correct Answer: A

  DNS uses Ports 53 which is almost always open on systems, firewalls, and clients to transmit DNS queries. instead of the more familiar Transmission Control Protocol (TCP) these queries use User Datagram Protocol (UDP) due to its low- latency, bandwidth and resource usage compared TCP-equivalent queries. UDP has no error or flow-control capabilities, nor does it have any integrity checking to make sure the info arrived intact.How is internet use (browsing, apps, chat etc) so reliable then? If the UDP DNS query fails (it's a best-effort protocol after all) within the first instance, most systems will retry variety of times and only after multiple failures, potentially switch to TCP before trying again; TCP is additionally used if the DNS query exceeds the restrictions of the UDP datagram size ?typically 512 bytes for DNS but can depend upon system settings.Figure 1 below illustrates the essential process of how DNS operates: the client sends a question string (for example, mail.google[.]com during this case) with a particular type ? typically A for a number address. I've skipped the part whereby intermediate DNS systems may need to establish where `.com' exists, before checking out where `google[.]com' are often found, and so on.

  

  Many worms and scanners are created to seek out and exploit systems running telnet. Given these facts, it's really no surprise that telnet is usually seen on the highest Ten Target Ports list. Several of the vulnerabilities of telnet are fixed. They require only an upgrade to the foremost current version of the telnet Daemon or OS upgrade. As is usually the case, this upgrade has not been performed on variety of devices. this might flow from to the very fact that a lot of systems administrators and users don't fully understand the risks involved using telnet. Unfortunately, the sole solution for a few of telnets vulnerabilities is to completely discontinue its use. the well-liked method of mitigating all of telnets vulnerabilities is replacing it with alternate protocols like ssh. Ssh is capable of providing many of an equivalent functions as telnet and a number of other additional services typical handled by other protocols like FTP and Xwindows. Ssh does still have several drawbacks to beat before it can completely replace telnet. it's typically only supported on newer equipment. It requires processor and memory resources to perform the info encryption and decryption. It also requires greater bandwidth than telnet thanks to the encryption of the info . This paper was written to assist clarify how dangerous the utilization of telnet are often and to supply solutions to alleviate the main known threats so as to enhance the general security of the web Once a reputation is resolved to an IP caching also helps: the resolved name-to-IP is usually cached on the local system (and possibly on intermediate DNS servers) for a period of your time . Subsequent queries for an equivalent name from an equivalent client then don't leave the local system until said cache expires. Of course, once the IP address of the remote service is understood , applications can use that information to enable other TCP- based protocols, like HTTP, to try to to their actual work, for instance ensuring internet cat GIFs are often reliably shared together with your colleagues.So, beat all, a couple of dozen extra UDP DNS queries from an organization's network would be fairly inconspicuous and will leave a malicious payload to beacon bent an adversary; commands could even be received to the requesting application for processing with little difficulty.

• Question 33:

  You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

  While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.

  After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

  What kind of attack does the above scenario depict?

  A. Botnet Attack

  B. Spear Phishing Attack

  C. Advanced Persistent Threats

  D. Rootkit Attack

  Correct Answer: A

• Question 34:

  You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

  A. 210.1.55.200

  B. 10.1.4.254

  C. 10.1.5.200

  D. 10.1.4.156

  Correct Answer: C

• Question 35:

  DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man- in-the-middle attacks?

  A. Spanning tree

  B. Dynamic ARP Inspection (DAI)

  C. Port security

  D. Layer 2 Attack Prevention Protocol (LAPP)

  Correct Answer: B

• Question 36:

  You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?

  A. Online Attack

  B. Dictionary Attack

  C. Brute Force Attack

  D. Hybrid Attack

  Correct Answer: D

• Question 37:

  The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

  A. The CFO can use a hash algorithm in the document once he approved the financial statements

  B. The CFO can use an excel file with a password

  C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

  D. The document can be sent to the accountant using an exclusive USB for that document

  Correct Answer: A

• Question 38:

  Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this

  process, he injects faults into the power supply that can be used for remote execution, also causing the

  skipping of key instructions.

  He also injects faults into the clock network used for delivering a synchronized signal across the chip.

  Which of the following types of fault injection attack is performed by Robert in the above scenario?

  A. Frequency/voltage tampering

  B. Optical, electromagnetic fault injection (EMFI)

  C. Temperature attack

  D. Power/clock/reset glitching

  Correct Answer: B

• Question 39:

  During an Xmas scan what indicates a port is closed?

  A. No return response

  B. RST

  C. ACK

  D. SYN

  Correct Answer: B

• Question 40:

  Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

  A. Diversion theft

  B. Baiting

  C. Honey trap

  D. Piggybacking

  Correct Answer: B