EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 151:

  Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

  A. Medium

  B. Low

  C. Critical

  D. High

  Correct Answer: C

  Rating CVSS Score None 0.0 Low 0.1 - 3.9 Medium 4.0 - 6.9 High 7.0 - 8.9 Critical 9.0 - 10.0

  https://www.first.org/cvss/v3.0/specification-document

  The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores. Two common uses of CVSS are calculating the severity of vulnerabilities discovered on one's systems and as a factor in prioritization of vulnerability remediation activities. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities. Qualitative Severity Rating Scale For some purposes, it is useful to have a textual representation of the numeric Base, Temporal and Environmental scores.

  

  Table

• Question 152:

  Fingerprinting an Operating System helps a cracker because:

  A. It defines exactly what software you have installed

  B. It opens a security-delayed window based on the port being scanned

  C. It doesn't depend on the patches that have been applied to fix existing security holes

  D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

  Correct Answer: D

• Question 153:

  You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use?

  A. nmap -T4 -q 10.10.0.0/24

  B. nmap -T4 -F 10.10.0.0/24

  C. nmap -T4 -r 10.10.1.0/24

  D. nmap -T4 -O 10.10.0.0/24

  Correct Answer: B

  https://nmap.org/book/man-port-specification.html NOTE: In my opinion, this is an absolutely wrong statement of the question. But you may come across a question with a similar wording on the exam. What does "fast" mean? If we want to

  increase the speed and intensity of the scan we can select the mode using the -T flag (0/1/2/3/4/5). At high -T values, we will sacrifice stealth and gain speed, but we will not limit functionality.

  -F (Fast (limited port) scan)

  Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100. Technically, scanning will be faster, but just because we have

  reduced the number of ports by 10 times, we are just doing 10 times less work, not faster.

• Question 154:

  Which is the first step followed by Vulnerability Scanners for scanning a network?

  A. OS Detection

  B. Firewall detection

  C. TCP/UDP Port scanning

  D. Checking if the remote host is alive

  Correct Answer: D

  Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:

  1.

  Locating nodes: The first step in vulnerability scanning is to locate live hosts in the target network using various scanning techniques.

  2.

  Performing service and OS discovery on them: After detecting the live hosts in the target network, the next step is to enumerate the open ports and services and the operating system on the target systems.

  3.

  Testing those services and OS for known vulnerabilities: Finally, after identifying the open services and the operating system running on the target nodes, they are tested for known vulnerabilities.

• Question 155:

  When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

  A. The amount of time and resources that are necessary to maintain a biometric system

  B. How long it takes to setup individual user accounts

  C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information

  D. The amount of time it takes to convert biometric data into a template on a smart card

  Correct Answer: C

• Question 156:

  Which of the following is not a Bluetooth attack?

  A. Bluedriving

  B. Bluesmacking

  C. Bluejacking

  D. Bluesnarfing

  Correct Answer: A

  https://github.com/verovaleros/bluedriving Bluedriving is a bluetooth wardriving utility. It can capture bluetooth devices, lookup their services, get GPS information and present everything in a nice web page. It can search for and show a lot of information about the device, the GPS address and the historic location of devices on a map. The main motivation of this tool is to research about the targeted surveillance of people by means of its cellular phone or car. With this tool you can capture information about bluetooth devices and show, on a map, the points where you have seen the same device in the past.

• Question 157:

  An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

  A. Make sure that legitimate network routers are configured to run routing protocols with authentication.

  B. Disable all routing protocols and only use static routes

  C. Only using OSPFv3 will mitigate this risk.

  D. Redirection of the traffic cannot happen unless the admin allows it explicitly.

  Correct Answer: A

• Question 158:

  You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

  A. hping2 host.domain.com

  B. hping2 --set-ICMP host.domain.com

  C. hping2 -i host.domain.com

  D. hping2 -1 host.domain.com

  Correct Answer: D

  http://www.carnal0wnage.com/papers/LSO-Hping2-Basics.pdf Most ping programs use ICMP echo requests and wait for echo replies to come back to test connectivity. Hping2 allows us to do the same testing using any IP packet, including ICMP, UDP, and TCP. This can be helpful since nowadays most firewalls or routers block ICMP. Hping2, by default, will use TCP, but, if you still want to send an ICMP scan, you can. We send ICMP scans using the -1 (one) mode. Basically the syntax will be hping2 -1 IPADDRESS [root@localhost hping2-rc3]# hping2 -1 192.168.0.100 HPING 192.168.0.100 (eth0 192.168.0.100): icmp mode set, 28 headers + 0 data bytes len=46 ip=192.168.0.100 ttl=128 id=27118 icmp_seq=0 rtt=14.9 ms len=46 ip=192.168.0.100 ttl=128 id=27119 icmp_seq=1 rtt=0.5 ms len=46 ip=192.168.0.100 ttl=128 id=27120 icmp_seq=2 rtt=0.5 ms len=46 ip=192.168.0.100 ttl=128 id=27121 icmp_seq=3 rtt=1.5 ms len=46 ip=192.168.0.100 ttl=128 id=27122 icmp_seq=4 rtt=0.9 ms -- 192.168.0.100 hping statistic -- 5 packets tramitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0.5/3.7/14.9 ms [root@localhost hping2-rc3]#

• Question 159:

  Which of the following is a component of a risk assessment?

  A. Administrative safeguards

  B. Physical security

  C. DMZ

  D. Logical interface

  Correct Answer: A

• Question 160:

  Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company. What is the API vulnerability revealed in the above scenario?

  A. Code injections

  B. Improper use of CORS

  C. No ABAC validation

  D. Business logic flaws

  Correct Answer: B