EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 211:

  An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol is the most likely able to handle this requirement?

  A. TACACS+
  B. DIAMETER
  C. Kerberos
  D. RADIUS
  D. RADIUS

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/RADIUS

  Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS is a client/

  server protocol that runs in the application layer, and can use either TCP or UDP. Network access servers, which control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. RADIUS

  is often the back-end of choice for 802.1X authentication. A RADIUS server is usually a background process running on UNIX or Microsoft Windows.

  Authentication and authorization

  The user or machine sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials. The credentials are passed to the NAS device via the link-layer protocol--for example, Pointto-Point Protocol (PPP) in the case of many dialup or DSL providers or posted in an HTTPS secure web form. In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via

  the RADIUS protocol. This request includes access credentials, typically in the form of username and password or security certificate provided by the user. Additionally, the request may contain other information which the NAS knows about

  the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the NAS. The RADIUS server checks that the information is correct using authentication schemes such as PAP,

  CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status, and specific network service access privileges.

  Historically, RADIUS servers checked the user's information against a locally stored flat-file database. Modern RADIUS servers can do this or can refer to external sources--commonly SQL, Kerberos, LDAP, or Active Directory servers--to

  verify the user's credentials.

  

  Shape

  Description automatically generated with medium confidence

  The RADIUS server then returns one of three responses to the NAS:

  1) Access-Reject,

  2) Access-Challenge,

  3) Access-Accept.

  Access-Reject

  The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account.

  Access-Challenge

  Requests additional information from the user such as a secondary password, PIN, token, or card. Access-Challenge is also used in more complex authentication dialogs where a secure tunnel is established between the user machine and

  the Radius Server in a way that the access credentials are hidden from the NAS.

  Access-Accept

  The user is granted access. Once the user is authenticated, the RADIUS server will often check that the user is authorized to use the network service requested. A given user may be allowed to use a company's wireless network, but not its VPN service, for example. Again, this information may be stored locally on the RADIUS server or may be looked up in an external source such as LDAP or Active Directory.

• Question 212:

  What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

  A. 110
  B. 135
  C. 139
  D. 161
  E. 445
  F. 1024
  B. 135
  C. 139
  E. 445

• Question 213:

  What is the main security service a cryptographic hash provides?

  A. Integrity and ease of computation
  B. Message authentication and collision resistance
  C. Integrity and collision resistance
  D. Integrity and computational in-feasibility
  D. Integrity and computational in-feasibility

• Question 214:

  Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

  A. A biometric system that bases authentication decisions on behavioral attributes.
  B. A biometric system that bases authentication decisions on physical attributes.
  C. An authentication system that creates one-time passwords that are encrypted with secret keys.
  D. An authentication system that uses passphrases that are converted into virtual passwords.
  C. An authentication system that creates one-time passwords that are encrypted with secret keys.

• Question 215:

  Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

  A. Zero trust network
  B. Transport Layer Security (TLS)
  C. Secure Socket Layer (SSL)
  D. Web of trust (WOT)
  D. Web of trust (WOT)

• Question 216:

  Your company suspects a potential security breach and has hired you as a Certified Ethical Hacker to investigate. You discover evidence of footprinting through search engines and advanced Google hacking techniques. The attacker utilized Google search operators to extract sensitive information. You further notice queries that indicate the use of the Google Hacking Database (GHDB) with an emphasis on VPN footprinting. Which of the following Google advanced search operators would be the LEAST useful in providing the attacker with sensitive VPN-related information?

  A. intitle: This operator restricts results to only the pages containing the specified term in the title
  B. location: This operator finds information for a specific location
  C. inur: This operator restricts the results to only the pages containing the specified word in the URL
  D. link: This operator searches websites or pages that contain links to the specified website or page
  B. location: This operator finds information for a specific location

  ---

  Explanation/Reference:

  The location: operator is the least useful in providing the attacker with sensitive VPN-related information, because it does not directly relate to VPN configuration, credentials, or vulnerabilities. The location: operator finds information for a specific location, such as a city, country, or region. For example, location:paris would return results related to Paris, France. However, this operator does not help the attacker to identify or access VPN servers or clients, unless they are specifically named or indexed by their location, which is unlikely. The other operators are more useful in providing the attacker with sensitive VPN-related information, because they can help the attacker to find pages or files that contain VPN configuration, credentials, or vulnerabilities. The intitle: operator restricts results to only the pages containing the specified term in the title. For example, intitle:vpn would return pages with VPN in their title, which may include VPN guides, manuals, or tutorials. The inurl: operator restricts the results to only the pages containing the specified word in the URL. For example, inurl:vpn would return pages with VPN in their URL, which may include VPN login portals, configuration files, or directories. The link: operator searches websites or pages that contain links to the specified website or page. For example, link:vpn.com would return pages that link to vpn.com, which may include VPN reviews, comparisons, or recommendations. References: Google Search Operators: The Complete List (44 Advanced Operators) Footprinting through search engines Module 02: Footprinting and Reconnaissance

• Question 217:

  In a large organization, a network security analyst discovered a series of packet captures that seem unusual. The network operates on a switched Ethernet environment. The security team suspects that an attacker might be using a sniffer

  tool.

  Which technique could the attacker be using to successfully carry out this attack, considering the switched nature of the network?

  A. The attacker might be compromising physical security to plug into the network directly
  B. The attacker might be implementing MAC flooding to overwhelm the switch's memory
  C. The attacker is probably using a Trojan horse with in-built sniffing capability
  D. The attacker might be using passive sniffing, as it provides significant stealth advantages
  B. The attacker might be implementing MAC flooding to overwhelm the switch's memory

  ---

  Explanation/Reference:

  A sniffer tool is a software or hardware device that can capture and analyze network traffic. In a switched Ethernet environment, where each port on a switch is connected to a single device, a sniffer tool can only see the traffic that is destined for or originated from the device it is attached to. However, an attacker can use various techniques to overcome this limitation and sniff the traffic of other devices on the same network. One of these techniques is MAC flooding, which exploits the finite memory of the switch's MAC address table. The attacker sends a large number of frames with different source MAC addresses to the switch, which fills up the MAC address table and causes the switch to enter a fail-open mode, where it broadcasts all incoming frames to all ports, regardless of the destination MAC address. This way, the attacker can see all the traffic on the network and capture it with a sniffer tool. The other options are less likely or less effective techniques for sniffing a switched Ethernet network. Compromising physical security to plug into the network directly may allow the attacker to sniff the traffic of the device they are connected to, but not the traffic of other devices on the network. Using a Trojan horse with in-built sniffing capability may allow the attacker to sniff the traffic of the infected device, but not the traffic of other devices on the network, unless the Trojan horse also performs MAC flooding or other techniques to bypass the switch. Using passive sniffing, which involves listening to the network traffic without sending any packets, may provide significant stealth advantages, but it does not help the attacker to see the traffic of other devices on the network, unless the switch is already in fail-open mode or the attacker uses other techniques to induce it. References: Sniffing: A Beginners Guide In 4 Important Points How can I run a packet sniffer on a Router or Switch Detection of Sniffers in an Ethernet Network

• Question 218:

  While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

  A. -sA
  B. -sX
  C. -sT
  D. -sF
  A. -sA

• Question 219:

  An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

  A. Timing-based attack
  B. Side-channel attack
  C. Downgrade security attack
  D. Cache-based attack
  B. Side-channel attack

• Question 220:

  ViruXine.W32 virus hides their presence by changing the underlying executable code.

  This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

  

  Here is a section of the Virus code:

  

  What is this technique called?

  A. Polymorphic Virus
  B. Metamorphic Virus
  C. Dravidic Virus
  D. Stealth Virus
  A. Polymorphic Virus