EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 201:

  Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

  A. Port 53
  B. Port 23
  C. Port 50
  D. Port 80
  A. Port 53

  ---

  Explanation/Reference:

  DNS uses Ports 53 which is almost always open on systems, firewalls, and clients to transmit DNS queries. instead of the more familiar Transmission Control Protocol (TCP) these queries use User Datagram Protocol (UDP) due to its low-latency, bandwidth and resource usage compared TCP-equivalent queries. UDP has no error or flow-control capabilities, nor does it have any integrity checking to make sure the info arrived intact.How is internet use (browsing, apps, chat etc) so reliable then? If the UDP DNS query fails (it's a best-effort protocol after all) within the first instance, most systems will retry variety of times and only after multiple failures, potentially switch to TCP before trying again; TCP is additionally used if the DNS query exceeds the restrictions of the UDP datagram size ?typically 512 bytes for DNS but can depend upon system settings.Figure 1 below illustrates the essential process of how DNS operates: the client sends a question string (for example, mail.google[.]com during this case) with a particular type ?typically A for a number address. I've skipped the part whereby intermediate DNS systems may need to establish where `.com' exists, before checking out where `google[.]com' are often found, and so on.

  

  Many worms and scanners are created to seek out and exploit systems running telnet. Given these facts, it's really no surprise that telnet is usually seen on the highest Ten Target Ports list. Several of the vulnerabilities of telnet are fixed. They require only an upgrade to the foremost current version of the telnet Daemon or OS upgrade. As is usually the case, this upgrade has not been performed on variety of devices. this might flow from to the very fact that a lot of systems administrators and users don't fully understand the risks involved using telnet. Unfortunately, the sole solution for a few of telnets vulnerabilities is to completely discontinue its use. the well-liked method of mitigating all of telnets vulnerabilities is replacing it with alternate protocols like ssh. Ssh is capable of providing many of an equivalent functions as telnet and a number of other additional services typical handled by other protocols like FTP and Xwindows. Ssh does still have several drawbacks to beat before it can completely replace telnet. it's typically only supported on newer equipment. It requires processor and memory resources to perform the info encryption and decryption. It also requires greater bandwidth than telnet thanks to the encryption of the info . This paper was written to assist clarify how dangerous the utilization of telnet are often and to supply solutions to alleviate the main known threats so as to enhance the general security of the web Once a reputation is resolved to an IP caching also helps: the resolved name-to-IP is usually cached on the local system (and possibly on intermediate DNS servers) for a period of your time . Subsequent queries for an equivalent name from an equivalent client then don't leave the local system until said cache expires. Of course, once the IP address of the remote service is understood , applications can use that information to enable other TCP- based protocols, like HTTP, to try to to their actual work, for instance ensuring internet cat GIFs are often reliably shared together with your colleagues.So, beat all, a couple of dozen extra UDP DNS queries from an organization's network would be fairly inconspicuous and will leave a malicious payload to beacon bent an adversary; commands could even be received to the requesting application for processing with little difficulty.

• Question 202:

  Which of the following programs is usually targeted at Microsoft Office products?

  A. Polymorphic virus
  B. Multipart virus
  C. Macro virus
  D. Stealth virus
  C. Macro virus

  ---

  Explanation/Reference:

  A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. (Wikipedia) NB: The virus Melissa is a well-known macro virus we could find attached to word documents.

• Question 203:

  Your company, Encryptor Corp, is developing a new application that will handle highly sensitive user information. As a cybersecurity specialist, you want to ensure this data is securely stored. The development team proposes a method where data is hashed and then encrypted before storage. However, you want an added layer of security to verify the integrity of the data upon retrieval. Which of the following cryptographic concepts should you propose to the team?

  A. Implement a block cipher mode of operation.
  B. a digital signature mechanism.
  C. Suggest using salt with hashing.
  D. Switch to elliptic curve cryptography.
  B. a digital signature mechanism.

  ---

  Explanation/Reference:

  A digital signature mechanism is a cryptographic concept that you should propose to the team to verify the integrity of the data upon retrieval. A digital signature mechanism works as follows: A digital signature is a mathematical scheme that allows the sender of a message to sign the message with their private key, and allows the receiver of the message to verify the signature with the sender's public key. A digital signature provides two security services: authentication and non-repudiation. Authentication means that the receiver can confirm the identity of the sender, and non-repudiation means that the sender cannot deny sending the message. A digital signature mechanism consists of three algorithms: key generation, signing, and verification. Key generation produces a pair of keys: a private key for the sender and a public key for the receiver. Signing takes the message and the private key as inputs, and outputs a signature. Verification takes the message, the signature, and the public key as inputs, and outputs a boolean value indicating whether the signature is valid or not. A digital signature mechanism can be implemented using various cryptographic techniques, such as hash-based signatures, RSA signatures, or elliptic curve signatures. A common method is to use a hash function to compress the message into a fixed-length digest, and then use an asymmetric encryption algorithm to encrypt the digest with the private key. The encrypted digest is the signature, which can be decrypted with the public key and compared with the hash of the message to verify the integrity. A digital signature mechanism can ensure the integrity of the data upon retrieval, because: A digital signature is unique to the message and the sender, and it cannot be forged or altered by anyone else. If the message or the signature is modified in any way, the verification will fail and the receiver will know that the data is corrupted or tampered with. A digital signature is independent of the encryption or hashing of the data, and it can be applied to any type of data, regardless of its format or size. The encryption or hashing of the data can provide confidentiality and efficiency, but they cannot provide integrity or authentication by themselves. A digital signature can complement the encryption or hashing of the data by providing an additional layer of security. The other options are not as suitable as option B for the following reasons:

  A. Implement a block cipher mode of operation: This option is not relevant because it does not address the integrity verification issue, but the encryption issue. A block cipher mode of operation is a method of applying a block cipher, which is

  a symmetric encryption algorithm that operates on fixed-length blocks of data, to a variable-length message. A block cipher mode of operation can provide different security properties, such as confidentiality, integrity, or authenticity,

  depending on the mode. However, a block cipher mode of operation cannot provide a digital signature, which is a form of asymmetric encryption that uses a pair of keys3 . C. Suggest using salt with hashing: This option is not sufficient

  because it does not provide a digital signature, but only a hash value. Salt is a random value that is added to the input of a hash function, which is a one-way function that maps any data to a fixed-length digest. Salt can enhance the security

  of hashing by making it harder to perform brute-force attacks or dictionary attacks, which are methods of finding the input that produces a given hash value. However, salt cannot provide a digital signature, which is a two-way function that

  uses a pair of keys to sign and verify a message .

  D. Switch to elliptic curve cryptography: This option is not specific because it does not specify a digital signature mechanism, but only a type of cryptography. Elliptic curve cryptography is a branch of cryptography that uses mathematical

  curves to generate keys and perform operations. Elliptic curve cryptography can be used to implement various cryptographic techniques, such as encryption, hashing, or digital signatures. However, elliptic curve cryptography is not a digital

  signature mechanism by itself, but rather a tool that can be used to create one .

  References:

  1: Digital signature - Wikipedia

  2: Digital Signature: What It Is and How It Works | Kaspersky

  3: Block cipher mode of operation - Wikipedia

  4: Block Cipher Modes of Operation - an overview | ScienceDirect Topics : Salt (cryptography) - Wikipedia

  5: What is Salt in Cryptography? | Cloudflare

  6: Elliptic-curve cryptography - Wikipedia

  7: Elliptic Curve Cryptography: What It Is and How It Works | Kaspersky

• Question 204:

  DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus

  discovering what software is installed.

  What command is used to determine if the entry is present in DNS cache?

  A. nslookup -fullrecursive update.antivirus.com
  B. dnsnooping -rt update.antivirus.com
  C. nslookup -norecursive update.antivirus.com
  D. dns --snoop update.antivirus.com
  C. nslookup -norecursive update.antivirus.com

• Question 205:

  You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have

  configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the

  same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

  What is Peter Smith talking about?

  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
  B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
  C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

• Question 206:

  Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to "know" to prove yourself that it was Bob who had send a mail?

  A. Authentication
  B. Confidentiality
  C. Integrity
  D. Non-Repudiation
  D. Non-Repudiation

  ---

  Explanation/Reference:

  Non-repudiation is the assurance that someone cannot deny the validity of something. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message.

• Question 207:

  Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

  A. Bluesmacking
  B. Bluebugging
  C. Bluejacking
  D. Bluesnarfing
  D. Bluesnarfing

  ---

  Explanation/Reference:

  Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant).

• Question 208:

  Which type of sniffing technique is generally referred as MiTM attack?

  

  A. Password Sniffing
  B. ARP Poisoning
  C. Mac Flooding
  D. DHCP Sniffing
  B. ARP Poisoning

• Question 209:

  Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL)

  records, etc) for a Domain.

  What do you think Tess King is trying to accomplish? Select the best answer.

  A. A zone harvesting
  B. A zone transfer
  C. A zone update
  D. A zone estimate
  B. A zone transfer

• Question 210:

  Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

  A. Enumeration
  B. Vulnerability analysis
  C. Malware analysis
  D. Scanning networks
  D. Scanning networks