EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 201:

  Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect

  field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

  Which of the following design flaws in the authentication mechanism is exploited by Calvin?

  A. Insecure transmission of credentials

  B. Verbose failure messages

  C. User impersonation

  D. Password reset mechanism

  Correct Answer: D

• Question 202:

  Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By

  enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.

  Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

  A. <1B>

  B. <00>

  C. <03>

  D. <20>

  Correct Answer: C

  <03>Windows Messenger administrationCourier administration is an organization based framework notice Windows administration by Microsoft that was remembered for some prior forms of Microsoft Windows. This resigned innovation,

  despite the fact that it has a comparable name, isn't connected in any capacity to the later, Internet-based Microsoft Messenger administration for texting or to Windows Messenger and Windows Live Messenger (earlier named MSN

  Messenger) customer programming.

  The Messenger Service was initially intended for use by framework managers to tell Windows clients about their networks.[1] It has been utilized malevolently to introduce spring up commercials to clients over the Internet (by utilizing mass-

  informing frameworks which sent an ideal message to a predetermined scope of IP addresses). Despite the fact that Windows XP incorporates a firewall, it isn't empowered naturally. Along these lines, numerous clients got such messages.

  Because of this maltreatment, the Messenger Service has been debilitated as a matter of course in Windows XP Service Pack 2.

• Question 203:

  Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

  A. SOA

  B. biometrics

  C. single sign on

  D. PKI

  Correct Answer: D

• Question 204:

  Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

  A. MITM attack

  B. Birthday attack

  C. DDoS attack

  D. Password attack

  Correct Answer: C

• Question 205:

  Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?

  A. UDP scan

  B. TCP Maimon scan

  C. arp ping scan

  D. ACK flag probe scan

  Correct Answer: C

  One of the most common Nmap usage scenarios is scanning an Ethernet LAN. Most LANs, especially those that use the private address range granted by RFC 1918, do not always use the overwhelming majority of IP addresses. When Nmap attempts to send a raw IP packet, such as an ICMP echo request, the OS must determine a destination hardware (ARP) address, such as the target IP, so that the Ethernet frame can be properly addressed. .. This is required to issue a series of ARP requests. This is best illustrated by an example where a ping scan is attempted against an Area Ethernet host. The -send-ip option tells Nmap to send IP-level packets (rather than raw Ethernet), even on area networks. The Wireshark output of the three ARP requests and their timing have been pasted into the session. Raw IP ping scan example for offline targetsThis example took quite a couple of seconds to finish because the (Linux) OS sent three ARP requests at 1 second intervals before abandoning the host. Waiting for a few seconds is excessive, as long as the ARP response usually arrives within a few milliseconds. Reducing this timeout period is not a priority for OS vendors, as the overwhelming majority of packets are sent to the host that actually exists. Nmap, on the other hand, needs to send packets to 16 million IP s given a target like 10.0.0.0/8. Many targets are pinged in parallel, but waiting 2 seconds each is very delayed. There is another problem with raw IP ping scans on the LAN. If the destination host turns out to be unresponsive, as in the previous example, the source host usually adds an incomplete entry for that destination IP to the kernel ARP table. ARP tablespaces are finite and some operating systems become unresponsive when full. If Nmap is used in rawIP mode (-send-ip), Nmap may have to wait a few minutes for the ARP cache entry to expire before continuing host discovery. ARP scans solve both problems by giving Nmap the highest priority. Nmap issues raw ARP requests and handles retransmissions and timeout periods in its sole discretion. The system ARP cache is bypassed. The example shows the difference. This ARP scan takes just over a tenth of the time it takes for an equivalent IP.

  Example b ARP ping scan of offline target

  

  In example b, neither the -PR option nor the -send-eth option has any effect. This is often because ARP has a default scan type on the Area Ethernet network when scanning Ethernet hosts that Nmap discovers. This includes traditional wired Ethernet as 802.11 wireless networks. As mentioned above, ARP scanning is not only more efficient, but also more accurate. Hosts frequently block IP-based ping packets, but usually cannot block ARP requests or responses and communicate over the network.Nmap uses ARP instead of all targets on equivalent targets, even if different ping types (such as -PE and -PS) are specified. LAN.. If you do not need to attempt an ARP scan at all, specify end-ip as shown in Example a "Raw IP Ping Scan for Offline Targets".

  If you give Nmap control to send raw Ethernet frames, Nmap can also adjust the source MAC address. If you have the only PowerBook in your security conference room and a large ARP scan is initiated from an Apple-registered MAC address, your head may turn to you. Use the -spoof-mac option to spoof the MAC address as described in the MAC Address Spoofing section.

• Question 206:

  Which of the following are well known password-cracking programs?

  A. L0phtcrack

  B. NetCat

  C. Jack the Ripper

  D. Netbus

  E. John the Ripper

  Correct Answer: AE

• Question 207:

  An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the

  investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

  What is the most likely cause?

  A. The network devices are not all synchronized.

  B. Proper chain of custody was not observed while collecting the logs.

  C. The attacker altered or erased events from the logs.

  D. The security breach was a false positive.

  Correct Answer: A

  Many network and system administrators don't pay enough attention to system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are many more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident. If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network's security devices do not have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won't be able to illustrate a smooth progression of events as they occurred throughout your network.

• Question 208:

  A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student

  decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

  Which cryptography attack is the student attempting?

  A. Man-in-the-middle attack

  B. Brute-force attack

  C. Dictionary attack

  D. Session hijacking

  Correct Answer: C

• Question 209:

  While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano.

  The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds

  transfer that took place.

  What Web browser-based security vulnerability was exploited to compromise the user?

  A. Clickjacking

  B. Cross-Site Scripting

  C. Cross-Site Request Forgery

  D. Web form input validation

  Correct Answer: C

  Cross Site Request Forgery (XSRF) was committed against the poor individual. Fortunately the user's bank checked with the user prior to sending the funds. If it would be Cross Site Request Forgery than transaction shouldn't be shown from foreign country. Because CSRF sends request from current user session. It seems XSS attack where attacker stolen the cookie and made a transaction using that cookie from foreign country.

• Question 210:

  Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST

  packet is sent in response by the target host, indicating that the port is closed.

  What is the port scanning technique used by Sam to discover open ports?

  A. Xmas scan

  B. IDLE/IPID header scan

  C. TCP Maimon scan

  D. ACK flag probe scan

  Correct Answer: C

  TCP Maimon scan

  This scan technique is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request.

  However, in many BSD systems, the port is open if the packet gets dropped in response to a probe.

  https://nmap.org/book/scan-methods-maimon-scan.html

  How Nmap interprets responses to a Maimon scan probe

  Probe Response Assigned State

  No response received (even after retransmissions) open|filtered TCP RST packet closed

  ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) filtered