EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 191:

  Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine

  whether they are successful.

  What type of SQL injection is Elliot most likely performing?

  A. Error-based SQL injection
  B. Blind SQL injection
  C. Union-based SQL injection
  D. NoSQL injection
  B. Blind SQL injection

• Question 192:

  Which type of security feature stops vehicles from crashing through the doors of a building?

  A. Bollards
  B. Receptionist
  C. Mantrap
  D. Turnstile
  A. Bollards

• Question 193:

  Email scams and mail fraud are regulated by which of the following?

  A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers
  B. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices
  C. 18 U.S.C. par. 1362 Communication Lines, Stations, or Systems
  D. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication
  A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

• Question 194:

  During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?

  A. Hping3 -110.0.0.25 --ICMP
  B. Nmap -sS -Pn -n -vw --packet-trace -p- --script discovery -T4
  C. Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood
  D. Hping3-210.0.0.25-p 80
  C. Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood

  ---

  Explanation/Reference:

  The command C. Hping3 -S 192.168.1.1 -a 192.168.1.254 -p 22 -flood is the correct one to spoof IP addresses for anonymity during probing. This command sends SYN packets (-S) to the target IP 192.168.1.1 with a spoofed source IP (-a)

  192.168.1.254 on port 22 (-p) and floods the target with packets (-flood). This way, the CEH can hide his real IP address and avoid detection by the target's firewall or IDS12. The other commands are incorrect for the following reasons:

  A. Hping3 -110.0.0.25 --ICMP: This command sends ICMP packets (-ICMP) to the target IP 10.0.0.25, but does not spoof the source IP. Therefore, the CEH's real IP address will be exposed to the target. B. Nmap -sS -Pn -n -vw --packettrace -p- --script discovery -T4: This command performs a stealthy SYN scan (-sS) on all ports (-p-) of the target without pinging it (-Pn) or resolving DNS names (-n). It also enables verbose output (-v), packet tracing (-packet-trace), and

  discovery scripts (-script discovery) with an aggressive timing (-T4). However, this command does not spoof the source IP, and in fact, reveals more information about the scan to the target by using packet tracing and discovery scripts. D.

  Hping3-210.0.0.25-p 80: This command sends TCP packets (default) to the target IP 10.0.0.25 on port 80 (-p), but does not spoof the source IP. Therefore, the CEH's real IP address will be exposed to the target.

  References:

  1: Master hping3 and Enhance Your Network Strength | GoLinuxCloud

  2: Spoofing Packets with Hping3 - YouTube

• Question 195:

  John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?

  A. Use his own public key to encrypt the message.
  B. Use Marie's public key to encrypt the message.
  C. Use his own private key to encrypt the message.
  D. Use Marie's private key to encrypt the message.
  B. Use Marie's public key to encrypt the message.

  ---

  Explanation/Reference:

  When a user encrypts plaintext with PGP, PGP first compresses the plaintext. The session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key

  https://en.wikipedia.org/wiki/Pretty_Good_Privacy Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a username or an email address.

  https://en.wikipedia.org/wiki/Public-key_cryptography Public key encryption uses two different keys. One key is used to encrypt the information and the other is used to decrypt the information. Sometimes this is referred to as asymmetric encryption because two keys are required to make the system and/or process work securely. One key is known as the public key and should be shared by the owner with anyone who will be securely communicating with the key owner. However, the owner's secret key is not to be shared and considered a private key. If the private key is shared with unauthorized recipients, the encryption mechanisms protecting the information must be considered compromised.

• Question 196:

  Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team?

  A. Leave it as it Is and contact the incident response te3m right away
  B. Block the connection to the suspicious IP Address from the firewall
  C. Disconnect the email server from the network
  D. Migrate the connection to the backup email server
  C. Disconnect the email server from the network

• Question 197:

  Your network infrastructure is under a SYN flood attack. The attacker has crafted an automated botnet to simultaneously send `s' SYN packets per second to the server. You have put measures in place to manage `f' SYN packets per second, and the system is designed to deal with this number without any performance issues. If `s' exceeds `f', the network infrastructure begins to show signs of overload. The system's response time increases exponentially (2^k), where `k' represents each additional SYN packet above the `f' limit. Now, considering `s=500' and different `f' values, in which scenario is the server most likely to experience overload and significantly increased response times?

  A. f=510: The server can handle 510 SYN packets per second, which is greater than what the attacker is sending. The system stays stable, and the response time remains unaffected
  B. f=495: The server can handle 495 SYN packets per second. The response time drastically rises (245 = 32 times the normal), indicating a probable system overload
  C. f=S05: The server can handle 505 SYN packets per second. In this case, the response time increases but not as drastically (245 = 32 times the normal), and the systern might still function, albeit slowly
  D. f=420: The server can handle 490 SYN packets per second. With 's' exceeding `f by 10, the response time shoots up (2410 = 1024 times the usual response time), indicating a system overload
  D. f=420: The server can handle 490 SYN packets per second. With 's' exceeding `f by 10, the response time shoots up (2410 = 1024 times the usual response time), indicating a system overload

  ---

  Explanation/Reference:

  A SYN flood attack is a type of denial-of-service (DoS) attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. This consumes the connection state tables on the server, preventing it from accepting new connections. The attacker has crafted an automated botnet to simultaneously send `s' SYN packets per second to the server. The server can handle `f' SYN packets per second without any performance issues. If `s' exceeds `f', the network infrastructure begins to show signs of overload. The system's response time increases exponentially (24k), where `k' represents each additional SYN packet above the `f' limit. Considering `s=500' and different `f' values, the scenario that is most likely to cause the server to experience overload and significantly increased response times is the one where `f=420'. This is because `s' is greater than `f' by 80 packets per second, which means the server cannot handle the incoming traffic and will eventually run out of resources. The response time shoots up (2480 = 281,474,976,710,656 times the normal response time), indicating a system overload. The other scenarios are less likely or less severe than the one where `f=420'. Option A has `f=510', which is greater than `s', so the system stays stable and the response time remains unaffected. Option B has `f=495', which is less than `s' by 5 packets per second, so the response time drastically rises (245 = 32 times the normal response time), indicating a probable system overload, but not as extreme as option D. Option C has `f=505', which is less than `s' by 5 packets per second, so the response time increases but not as drastically (245 = 32 times the normal response time), and the system might still function, albeit slowly. References: SYN flood DDoS attack | Cloudflare SYN flood - Wikipedia What Is a SYN Flood Attack? | F5 What is a SYN flood attack and how to prevent it? | NETSCOUT

• Question 198:

  Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

  A. HIPPA/PHl
  B. Pll
  C. PCIDSS
  D. ISO 2002
  A. HIPPA/PHl

  ---

  Explanation/Reference:

  PHI stands for Protected Health info. The HIPAA Privacy Rule provides federal protections for private health info held by lined entities and provides patients an array of rights with regard to that info. under HIPAA phi is considered to be any identifiable health info that's used, maintained, stored, or transmitted by a HIPAA-covered entity ?a healthcare provider, health plan or health insurer, or a aid clearinghouse ?or a business associate of a HIPAA-covered entity, in relation to the availability of aid or payment for aid services. It is not only past and current medical info that's considered letter under HIPAA Rules, however also future info concerning medical conditions or physical and mental health related to the provision of care or payment for care. phi is health info in any kind, together with physical records, electronic records, or spoken info. Therefore, letter includes health records, medical histories, lab check results, and medical bills. basically, all health info is considered letter once it includes individual identifiers. Demographic info is additionally thought of phi underneath HIPAA Rules, as square measure several common identifiers like patient names, Social Security numbers, Driver's license numbers, insurance details, and birth dates, once they square measure connected with health info. The eighteen identifiers that create health info letter are: Names Dates, except year phonephone numbers Geographic information FAX numbers Social Security numbers Email addresses case history numbers Account numbers Health arrange beneficiary numbers Certificate/license numbers Vehicle identifiers and serial numbers together with license plates Web URLs Device identifiers and serial numbers net protocol addresses Full face photos and comparable pictures Biometric identifiers (i.e. retinal scan, fingerprints) Any distinctive identifying variety or code One or a lot of of those identifiers turns health info into letter, and phi HIPAA Privacy Rule restrictions can then apply that limit uses and disclosures of the data. HIPAA lined entities and their business associates will ought to guarantee applicable technical, physical, and body safeguards are enforced to make sure the confidentiality, integrity, and availability of phi as stipulated within the HIPAA Security Rule.

• Question 199:

  _______is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

  A. DNSSEC
  B. Resource records
  C. Resource transfer
  D. Zone transfer
  A. DNSSEC

  ---

  Explanation/Reference:

  The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by DNS for use on IP networks. DNSSEC is a set of extensions to DNS provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality. DNSSEC is necessary because the original DNS design did not include security but was designed to be a scalable distributed system. DNSSEC adds security while maintaining backward compatibility.

• Question 200:

  Which of the following program infects the system boot sector and the executable files at the same time?

  A. Polymorphic virus
  B. Stealth virus
  C. Multipartite Virus
  D. Macro virus
  C. Multipartite Virus