EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 101:

  Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

  A. Diversion theft
  B. Baiting
  C. Honey trap
  D. Piggybacking
  C. Honey trap

  ---

  Explanation/Reference:

  The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.

  Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious file downloads. It infects the system and allows the attacker to take control. For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.

• Question 102:

  Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?

  A. Platform as a service
  B. Software as a service
  C. Functions as a
  D. service Infrastructure as a service
  C. Functions as a

• Question 103:

  Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

  A. Cloud hopper attack
  B. Cloud cryptojacking
  C. Cloudborne attack
  D. Man-in-the-cloud (MITC) attack
  A. Cloud hopper attack

  ---

  Explanation/Reference:

  Operation Cloud Hopper was an in depth attack and theft of data in 2017 directed at MSP within the uk (U.K.), us (U.S.), Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa , India, Thailand, South Korea and Australia. The group used MSP as intermediaries to accumulate assets and trade secrets from MSP client engineering, MSP industrial manufacturing, retail, energy, pharmaceuticals, telecommunications, and government agencies.Operation Cloud Hopper used over 70 variants of backdoors, malware and trojans. These were delivered through spear-phishing emails. The attacks scheduled tasks or leveraged services/utilities to continue Microsoft Windows systems albeit the pc system was rebooted. It installed malware and hacking tools to access systems and steal data.

• Question 104:

  Why should the security analyst disable/remove unnecessary ISAPI filters?

  A. To defend against social engineering attacks
  B. To defend against webserver attacks
  C. To defend against jailbreaking
  D. To defend against wireless attacks
  B. To defend against webserver attacks

• Question 105:

  To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1

  using https.

  Which of the following firewall rules meets this requirement?

  A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
  B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
  C. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
  D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit
  A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit

• Question 106:

  A malicious user has acquired a Ticket Granting Service from the domain controller using a valid user's Ticket Granting Ticket in a Kerberoasting attack. He exhorted the TGS tickets from memory for offline cracking. But the attacker was stopped before he could complete his attack. The system administrator needs to investigate and remediate the potential breach. What should be the immediate step the system administrator takes?

  A. Perform a system reboot to clear the memory
  B. Delete the compromised user's account
  C. Change the NTLM password hash used to encrypt the ST
  D. Invalidate the TGS the attacker acquired
  D. Invalidate the TGS the attacker acquired

  ---

  Explanation/Reference:

  A Kerberoasting attack is a technique that exploits the Kerberos authentication protocol to obtain the password hash of a service account that has a Service Principal Name (SPN). An attacker can request a service ticket (TGS) for the SPN using a valid user's ticket (TGT) and then attempt to crack the password hash offline. To prevent the attacker from using the TGS to access the service, the system administrator should invalidate the TGS as soon as possible. This can be done by changing the password of the service account, which will generate a new password hash and render the old TGS useless. Alternatively, the system administrator can use tools like Mimikatz to purge the TGS from the memory of the domain controller or the client system. Performing a system reboot, deleting the compromised user's account, or changing the NTLM password hash used to encrypt the ST are not effective ways to invalidate the TGS, as they do not affect the encryption of the TGS or the validity of the TGT. References: EC-Council CEHv12 Courseware Module 11: Hacking Webservers, page 11-24 What is a Kerberoasting Attack? ?CrowdStrike How to Perform Kerberoasting Attacks: The Ultimate Guide - StationX

• Question 107:

  As a part of an ethical hacking exercise, an attacker is probing a target network that is suspected to employ various honeypot systems for security. The attacker needs to detect and bypass these honeypots without alerting the target. The attacker decides to utilize a suite of techniques. Which of the following techniques would NOT assist in detecting a honeypot?

  A. Probing system services and observing the three-way handshake
  B. Using honeypot detection tools like Send-Safe Honeypot Hunter
  C. Implementing a brute force attack to verify system vulnerability
  D. Analyzing the MAC address to detect instances running on VMware
  C. Implementing a brute force attack to verify system vulnerability

  ---

  Explanation/Reference:

  A brute force attack is a method of trying different combinations of passwords or keys to gain access to a system or service. It is not a reliable way of detecting a honeypot, as it may trigger an alert or response from the target. Moreover, a brute force attack does not provide any information about the system's characteristics or behavior that could indicate a honeypot. A honeypot is a decoy system that is designed to attract and trap attackers, while providing security teams with valuable intelligence and insights. Therefore, an ethical hacker needs to use more subtle and stealthy techniques to detect and avoid honeypots. The other options are valid techniques for detecting a honeypot. Probing system services and observing the three-way handshake can reveal anomalies or inconsistencies in the system's responses, such as abnormal banners, ports, or protocols. Using honeypot detection tools like Send-Safe Honeypot Hunter can scan the target network and identify potential honeypots based on various criteria, such as IP address, domain name, or open ports. Analyzing the MAC address can detect instances running on VMware, which is a common platform for deploying honeypots. A honeypot running on VMware will have a MAC address that starts with 00:0C:29, 00:50:56, or 00:05:69. References: What is a Honeypot? Types, Benefits, Risks and Best Practices Using Honeypots for Network Intrusion Detection Detecting Honeypot Access With Varonis

• Question 108:

  You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax

  below, it is not going through.

  invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

  What seems to be wrong?

  A. The nmap syntax is wrong.
  B. This is a common behavior for a corrupted nmap application.
  C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
  D. OS Scan requires root privileges.
  D. OS Scan requires root privileges.

• Question 109:

  User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

  A. Application
  B. Transport
  C. Session
  D. Presentation
  D. Presentation

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Presentation_layer

  In the seven-layer OSI model of computer networking, the presentation layer is layer 6 and serves as the data translator for the network. It is sometimes called the syntax layer. The presentation layer is responsible for the formatting and delivery of information to the application layer for further processing or display. Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages. Decryption is also handled at the presentation layer. For example, when logging on to bank account sites the presentation layer will decrypt the data as it is received.

• Question 110:

  What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

  A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
  B. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
  C. Symmetric encryption allows the server to securely transmit the session keys out-of- band.
  D. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
  D. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.