A. Creating backdoors using SQL injection B. A Enumerating the databases in the DBMS for the URL C. Retrieving SQL statements being executed on the database D. Searching database statements at the IP address given
A. Creating backdoors using SQL injection
Question 152:
How can rainbow tables be defeated?
A. Use of non-dictionary words B. All uppercase character passwords C. Password salting D. Lockout accounts under brute force password cracking attempts
C. Password salting
Explanation/Reference:
https://en.wikipedia.org/wiki/Salt_(cryptography)
A salt is random data that is used as an additional input to a one-way function that hashes data, a password, or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards were developed to protect a user's password against being read from the system. A salt is one of those methods.
A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the output hash value (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised. Salts defend against a pre-computed hash attack, e.g. rainbow tables. Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.
Question 153:
Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?
A. Presentation tier B. Application Layer C. Logic tier D. Data tier
C. Logic tier
Question 154:
Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?
A. Pretexting B. Pharming C. Wardriving D. Skimming
B. Pharming
Explanation/Reference:
A pharming attacker tries to send a web site's traffic to a faux website controlled by the offender, typically for the aim of collection sensitive data from victims or putting in malware on their machines. Attacker tend to specialize in making lookalike ecommerce and digital banking websites to reap credentials and payment card data. Though they share similar goals, pharming uses a special technique from phishing. "Pharming attacker are targeted on manipulating a system, instead of tricking people into reaching to a dangerous web site," explains David Emm, principal security man of science at Kaspersky. "When either a phishing or pharming attacker is completed by a criminal, they need a similar driving issue to induce victims onto a corrupt location, however the mechanisms during which this is often undertaken are completely different."
Question 155:
Why is a penetration test considered to be more thorough than vulnerability scan?
A. Vulnerability scans only do host discovery and port scanning by default. B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation. C. It is not ?a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement. D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
Question 156:
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?
A. The switches will drop into hub mode if the ARP cache is successfully flooded. B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks. C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch. D. The switches will route all traffic to the broadcast address created collisions.
A. The switches will drop into hub mode if the ARP cache is successfully flooded.
Question 157:
When discussing passwords, what is considered a brute force attack?
A. You attempt every single possibility until you exhaust all possible combinations or discover the password B. You threaten to use the rubber hose on someone unless they reveal their password C. You load a dictionary of words into your cracking program D. You create hashes of a large number of words and compare it with the encrypted passwords E. You wait until the password expires
A. You attempt every single possibility until you exhaust all possible combinations or discover the password
Question 158:
Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?
A. ophcrack B. Hootsuite C. VisualRoute D. HULK
B. Hootsuite
Explanation/Reference:
Hootsuite may be a social media management platform that covers virtually each side of a social media manager's role.
With only one platform users area unit ready to do the easy stuff like reverend cool content and schedule posts on social media in all the high to managing team members and measure ROI. There area unit many totally different plans to
decide on from, from one user set up up to a bespoken enterprise account that's appropriate for much larger organizations.
Question 159:
Which of these is capable of searching for and locating rogue access points?
A. HIDS B. WISS C. WIPS D. NIDS
C. WIPS
Explanation/Reference:
A Wireless Intrusion Prevention System (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).
Question 160:
Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?
A. Scanning B. Footprinting C. Enumeration D. System Hacking
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-50V12 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.