EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 121:

  What is the role of test automation in security testing?

  A. It is an option but it tends to be very expensive.
  B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
  C. Test automation is not usable in security due to the complexity of the tests.
  D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
  D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

• Question 122:

  As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?

  A. Use symmetric encryption with the AES algorithm.
  B. Use the Diffie-Hellman protocol for key exchange and encryption.
  C. Apply asymmetric encryption with RSA and use the public key for encryption.
  D. Apply asymmetric encryption with RSA and use the private key for signing.
  D. Apply asymmetric encryption with RSA and use the private key for signing.

  ---

  Explanation/Reference:

  To ensure both confidentiality and non-repudiation for secure email communication, you need to use a combination of symmetric and asymmetric cryptography. Symmetric encryption is a method of encrypting and decrypting data using the same secret key, which is faster and more efficient than asymmetric encryption. Asymmetric encryption is a method of encrypting and decrypting data using a pair of keys: a public key and a private key, which are mathematically related but not identical. Asymmetric encryption can provide authentication, integrity, and non-repudiation, as well as key distribution. The cryptographic technique that would best serve the purpose is to apply asymmetric encryption with RSA and use the private key for signing. RSA is a widely used algorithm for asymmetric encryption, which is based on the difficulty of factoring large numbers. RSA can be used to encrypt data, as well as to generate digital signatures, which are a way of proving the identity and authenticity of the sender and the integrity of the message. The steps to implement this technique are as follows1: Generate a pair of keys for each user: a public key and a private key. The public key can be shared with anyone, while the private key must be kept secret and protected by the user. When a user wants to send an email to another user, they first encrypt the email content with a symmetric key, such as AES, which is a strong and efficient algorithm for symmetric encryption. The symmetric key is then encrypted with the recipient's public key, using RSA. The encrypted email and the encrypted symmetric key are then sent to the recipient. The sender also generates a digital signature for the email, using their private key and a hash function, such as SHA-256, which is a secure and widely used algorithm for generating hashes. A hash function is a mathematical function that takes any input and produces a fixed-length output, called a hash or a digest, that uniquely represents the input. A digital signature is a hash of the email that is encrypted with the sender's private key, using RSA. The digital signature is then attached to the email and sent to the recipient. When the recipient receives the email, they first decrypt the symmetric key with their private key, using RSA. They then use the symmetric key to decrypt the email content, using AES. They also verify the digital signature by decrypting it with the sender's public key, using RSA, and comparing the resulting hash with the hash of the email, using the same hash function. If the hashes match, it means that the email is authentic and has not been tampered with. Using this technique, the email communication is secure because: The confidentiality of the email content is ensured by the symmetric encryption with AES, which is hard to break without knowing the symmetric key. The symmetric key is also protected by the asymmetric encryption with RSA, which is hard to break without knowing the recipient's private key. The non-repudiation of the email is ensured by the digital signature with RSA, which is hard to forge without knowing the sender's private key. The digital signature also provides authentication and integrity of the email, as it proves that the email was sent by the sender and has not been altered in transit. References: How to Encrypt Email (Gmail, Outlook, iOS, Yahoo, Android, AOL)

• Question 123:

  In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

  A. Using Photon to retrieve archived URLs of the target website from archive.org
  B. Using the Netcraft tool to gather website information
  C. Examining HTML source code and cookies
  D. User-directed spidering with tools like Burp Suite and WebScarab
  D. User-directed spidering with tools like Burp Suite and WebScarab

  ---

  Explanation/Reference:

  User-directed spidering is a technique that allows the hacker to manually browse the target website and use a proxy or spider tool to capture and analyze the traffic. This way, the hacker can discover hidden or dynamic content that standard web spiders may miss due to a specific file in the root directory, such as robots.txt, that instructs them not to crawl certain pages or directories. User-directed spidering can also help the hacker to bypass authentication or authorization mechanisms, as well as identify vulnerabilities or sensitive information in the target website. User-directed spidering can be performed with tools like Burp Suite and WebScarab, which are web application security testing tools that can intercept, modify, and replay HTTP requests and responses, as well as perform various attacks and scans on the target website. The other options are not likely to achieve the same results as user-directed spidering. Using Photon to retrieve archived URLs of the target website from archive.org may provide some historical information about the website, but it may not reflect the current state or content of the website. Using the Netcraft tool to gather website information may provide some general information about the website, such as its IP address, domain name, server software, or hosting provider, but it may not reveal the specific files or web pages on the website. Examining HTML source code and cookies may provide some clues about the website's structure, functionality, or user preferences, but it may not expose the hidden or dynamic content that user-directed spidering can discover. References: User Directed Spidering with Burp Web Spidering - What Are Web Crawlers and How to Control Them Web Security: Recon Mapping the Application for Penetrating Web Applications -- 1

• Question 124:

  Which of the following protocols can be used to secure an LDAP service against anonymous queries?

  A. SSO
  B. RADIUS
  C. WPA
  D. NTLM
  D. NTLM

  ---

  Explanation/Reference:

  In a Windows network, nongovernmental organization (New Technology) local area network Manager (NTLM) could be a suite of Microsoft security protocols supposed to produce authentication, integrity, and confidentiality to users.NTLM is that the successor to the authentication protocol in Microsoft local area network Manager (LANMAN), Associate in Nursing older Microsoft product. The NTLM protocol suite is enforced in an exceedingly Security Support supplier, which mixes the local area network Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in an exceedingly single package. whether or not these protocols area unit used or will be used on a system is ruled by cluster Policy settings, that totally different|completely different} versions of Windows have different default settings. NTLM passwords area unit thought-about weak as a result of they will be brute-forced very simply with fashionable hardware. NTLM could be a challenge-response authentication protocol that uses 3 messages to authenticate a consumer in an exceedingly affiliation orientating setting (connectionless is similar), and a fourth extra message if integrity is desired. First, the consumer establishes a network path to the server and sends a NEGOTIATE_MESSAGE advertising its capabilities. Next, the server responds with CHALLENGE_MESSAGE that is employed to determine the identity of the consumer. Finally, the consumer responds to the challenge with Associate in Nursing AUTHENTICATE_MESSAGE. The NTLM protocol uses one or each of 2 hashed word values, each of that are keep on the server (or domain controller), and that through a scarcity of seasoning area unit word equivalent, that means that if you grab the hash price from the server, you'll evidence while not knowing the particular word. the 2 area unit the lm Hash (a DES-based operate applied to the primary fourteen chars of the word born-again to the standard eight bit laptop charset for the language), and also the nt Hash (MD4 of the insufficient endian UTF-16 Unicode password). each hash values area unit sixteen bytes (128 bits) every. The NTLM protocol additionally uses one among 2 a method functions, looking on the NTLM version. National Trust LanMan and NTLM version one use the DES primarily based LanMan a method operate (LMOWF), whereas National TrustLMv2 uses the NT MD4 primarily based a method operate (NTOWF).

• Question 125:

  Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

  A camera captures people walking and identifies the individuals using Steve's approach.

  After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

  A. Although the approach has two phases, it actually implements just one authentication factor
  B. The solution implements the two authentication factors: physical object and physical characteristic
  C. The solution will have a high level of false positives
  D. Biological motion cannot be used to identify people
  B. The solution implements the two authentication factors: physical object and physical characteristic

• Question 126:

  Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

  A. Iris patterns
  B. Voice
  C. Height and Weight
  D. Fingerprints
  C. Height and Weight

• Question 127:

  OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

  A. openssl s_client -site www.website.com:443
  B. openssl_client -site www.website.com:443
  C. openssl s_client -connect www.website.com:443
  D. openssl_client -connect www.website.com:443
  C. openssl s_client -connect www.website.com:443

• Question 128:

  A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting

  for the requests to complete.

  Which attack is being described here?

  A. Desynchronization
  B. Slowloris attack
  C. Session splicing
  D. Phlashing
  B. Slowloris attack

  ---

  Explanation/Reference:

  Developed by Robert "RSnake" Hansen, Slowloris is DDoS attack software that permits one computer to require down an internet server. Due the straightforward yet elegant nature of this attack, it requires minimal bandwidth to implement and affects the target server's web server only, with almost no side effects on other services and ports.Slowloris has proven highly-effective against many popular sorts of web server software, including Apache 1.x and 2.x.Over the years, Slowloris has been credited with variety of high-profile server takedowns. Notably, it had been used extensively by Iranian `hackivists' following the 2009 Iranian presidential election to attack Iranian government internet sites .Slowloris works by opening multiple connections to the targeted web server and keeping them open as long as possible. It does this by continuously sending partial HTTP requests, none of which are ever completed. The attacked servers open more and connections open, expecting each of the attack requests to be completed.Periodically, the Slowloris sends subsequent HTTP headers for every request, but never actually completes the request. Ultimately, the targeted server's maximum concurrent connection pool is filled, and extra (legitimate) connection attempts are denied.By sending partial, as against malformed, packets, Slowloris can easily elapse traditional Intrusion Detection systems.Named after a kind of slow-moving Asian primate, Slowloris really does win the race by moving slowly and steadily. A Slowloris attack must await sockets to be released by legitimate requests before consuming them one by one.For a high-volume internet site , this will take a while . the method are often further slowed if legitimate sessions are reinitiated. But within the end, if the attack is unmitigated, Slowloris--like the tortoise--wins the race.If undetected or unmitigated, Slowloris attacks also can last for long periods of your time . When attacked sockets outing , Slowloris simply reinitiates the connections, continuing to reach the online server until mitigated.Designed for stealth also as efficacy, Slowloris are often modified to send different host headers within the event that a virtual host is targeted, and logs are stored separately for every virtual host.More importantly, within the course of an attack, Slowloris are often set to suppress log file creation. this suggests the attack can catch unmonitored servers off-guard, with none red flags appearing in log file entries.Methods of mitigationImperva's security services are enabled by reverse proxy technology, used for inspection of all incoming requests on their thanks to the clients' servers.Imperva's secured proxy won't forward any partial connection requests--rendering all Slowloris DDoS attack attempts completely and utterly useless.

• Question 129:

  As a cybersecurity professional, you are responsible for securing a high-traffic web application that uses MySQL as its backend database. Recently, there has been a surge of unauthorized login attempts, and you suspect that a seasoned black-hat hacker is behind them. This hacker has shown proficiency in SQL Injection and appears to be using the 'UNION' SQL keyword to trick the login process into returning additional data. However, your application's security measures include filtering special characters in user inputs, a method usually effective against such attacks. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, which strategy is he most likely to employ?

  A. The hacker alters his approach and injects a `DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database.
  B. The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure.
  C. The hacker switches tactics and resorts to a `time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay.
  D. The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.
  D. The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.

  ---

  Explanation/Reference:

  SQL Injection is a type of attack that exploits a vulnerability in a web application that uses a SQL database. The attacker injects malicious SQL code into the user input, such as a login form, that is then executed by the database server. This

  can allow the attacker to access, modify, or delete data, or execute commands on the database server.

  The `UNION' SQL keyword is often used in SQL Injection attacks to combine the results of two or more SELECT statements into a single result set. This can allow the attacker to retrieve additional data from other tables or columns that are

  not intended to be displayed by the application. For example, if the application uses the following query to check the user credentials:

  SELECT * FROM users WHERE username = '$username' AND password = '$password' The attacker can inject a `UNION' statement to append another query, such as:

  ' OR 1 = 1 UNION SELECT * FROM credit_cards -This will result in the following query being executed by the database server:

  SELECT * FROM users WHERE username = '' OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

  The first part of the query will always return true, and the second part of the query will return the data from the credit_cards table. The `? symbol is a comment that will ignore the rest of the query. The attacker can then see the credit card

  information in the application's response.

  However, some web applications implement security measures to prevent SQL Injection attacks, such as filtering special characters in user inputs. Special characters are symbols that have a special meaning in SQL, such as quotes,

  semicolons, dashes, etc. By filtering or escaping these characters, the application can prevent the attacker from injecting malicious SQL code. For example, if the application replaces single quotes with two single quotes, the previous injection

  attempt will fail, as the query will become:

  SELECT * FROM users WHERE username = '''' OR 1 = 1 UNION SELECT * FROM credit_cards --'' AND password = '$password'

  This will result in a syntax error, as the query is not valid SQL. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, the strategy that he is most likely to employ is to bypass the special character

  filter by encoding his malicious input. Encoding is a process of transforming data into a different format, such as hexadecimal, base64, URL, etc. By encoding his input, the hacker can avoid the filter and still inject malicious SQL code. For

  example, if the hacker encodes his input using URL encoding, the previous injection attempt will become:

  %27%20OR%201%20%3D%201%20UNION%20SELECT%20*%20FROM%20credit_card s%20-This will result in the following query being executed by the database server, after the application decodes the input:

  SELECT * FROM users WHERE username = '' OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

  This will succeed in returning the credit card information, as the filter will not detect the special characters in the encoded input. Therefore, the hacker is most likely to employ the strategy of bypassing the special character filter by encoding

  his malicious input, which could potentially enable him to successfully inject damaging SQL queries.

  References:

  SQL Injection | OWASP Foundation

  SQL Injection Union Attacks

  SQL Injection Bypassing WAF

• Question 130:

  Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

  A. Docker client
  B. Docker objects
  C. Docker daemon
  D. Docker registries
  C. Docker daemon

  ---

  Explanation/Reference:

  Docker uses a client-server design. The docker client talks to the docker daemon, that will the work of building, running, and distributing your docker containers. The docker client and daemon will run on the same system, otherwise you will connect a docker consumer to a remote docker daemon. The docker consumer and daemon communicate using a REST API, over OS sockets or a network interface.

  

  The docker daemon (dockerd) listens for docker API requests and manages docker objects like pictures, containers, networks, and volumes. A daemon may communicate with other daemons to manage docker services.