EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 221:

  After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the problem is the service running on port 369. Which service is this and how can you tackle the problem?

  A. The service is LDAP. and you must change it to 636. which is LDPAPS.
  B. The service is NTP. and you have to change It from UDP to TCP in order to encrypt it
  C. The findings do not require immediate actions and are only suggestions.
  D. The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.
  A. The service is LDAP. and you must change it to 636. which is LDPAPS.

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It's often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications. The LDAP protocol can deal in quite a bit of sensitive data: Active Directory usernames, login attempts, failed-login notifications, and more. If attackers get ahold of that data in flight, they might be able to compromise data like legitimate AD credentials and use it to poke around your network in search of valuable assets. Encrypting LDAP traffic in flight across the network can help prevent credential theft and other malicious activity, but it's not a failsafe--and if traffic is encrypted, your own team might miss the signs of an attempted attack in progress. While LDAP encryption isn't standard, there is a nonstandard version of LDAP called Secure LDAP, also known as "LDAPS" or "LDAP over SSL" (SSL, or Secure Socket Layer, being the now-deprecated ancestor of Transport Layer Security). LDAPS uses its own distinct network port to connect clients and servers. The default port for LDAP is port 389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.

• Question 222:

  What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?

  A. PCI-DSS
  B. FISMA
  C. SOX
  D. ISO/I EC 27001:2013
  C. SOX

• Question 223:

  John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities for further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

  A. Proxy scanner
  B. Agent-based scanner
  C. Network-based scanner
  D. Cluster scanner
  C. Network-based scanner

  ---

  Explanation/Reference:

  Network-based scanner

  A network-based vulnerability scanner, in simplistic terms, is the process of identifying loopholes on a computer's network or IT assets, which hackers and threat actors can exploit. By implementing this process, one can successfully identify

  their organization's current risk(s). This is not where the buck stops; one can also verify the effectiveness of your system's security measures while improving internal and external defenses. Through this review, an organization is well

  equipped to take an extensive inventory of all systems, including operating systems, installed software, security patches, hardware, firewalls, anti- virus software, and much more.

  Agent-based scanner

  Agent-based scanners make use of software scanners on each and every device; the results of the scans are reported back to the central server. Such scanners are well equipped to find and report out on a range of vulnerabilities. NOTE:

  This option is not suitable for us, since for it to work, you need to install a special agent on each computer before you start collecting data from them.

• Question 224:

  Why containers are less secure that virtual machines?

  A. Host OS on containers has a larger surface attack.
  B. Containers may full fill disk space of the host.
  C. A compromise container may cause a CPU starvation of the host.
  D. Containers are attached to the same virtual network.
  A. Host OS on containers has a larger surface attack.

• Question 225:

  You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n^2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)^2) to crack RSA encryption. Given 'n=4000' and variable 'AES key size', which scenario is likely to provide the best balance of security and performance?

  A. Data encryption with 3DES using a 168-bit key: Offers high security but slower performance due to 3DES's inherent inefficiencies.
  B. Data encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility issues due to Blowfish's less widespread use.
  C. Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two.
  D. Data encryption with AES-256: Provides high security with better performance than 3DES, but not as fast as other AES key sizes.
  C. Data encryption with AES-128: Provides moderate security and fast encryption, offering a balance between the two.

  ---

  Explanation/Reference:

  Data encryption with AES-128 is likely to provide the best balance of security and performance in this scenario. This option works as follows: AES-128 is a symmetric encryption algorithm that uses a 128-bit key to encrypt and decrypt data. AES-128 is one of the most widely used and trusted encryption algorithms, and it is considered secure against classical and quantum attacks, as long as the key is not compromised. AES-128 has a time complexity of O(n), which means that the encryption and decryption time is proportional to the size of the data. AES-128 is also fast and efficient, as it can process 16 bytes of data in each round, and it requires only 10 rounds to complete the encryption or decryption12. RSA-4000 is an asymmetric encryption algorithm that uses a 4000-bit key pair to encrypt and decrypt data. RSA-4000 is used for key exchange, which means that it is used to securely share the AES-128 key between the sender and the receiver. RSA-4000 has a time complexity of O(n*2), which means that the key generation, encryption, and decryption time is proportional to the square of the size of the key. RSA-4000 is also slow and resource-intensive, as it involves large number arithmetic and modular exponentiation operations. RSA-4000 is considered secure against classical attacks, but it is vulnerable to quantum attacks, especially if the attacker has access to a quantum computer with sufficient resources to run Shor's algorithm, which can factor large numbers in polynomial time34. The attacker's quantum algorithm has a time complexity of O((log n) *2), which means that the cracking time is proportional to the square of the logarithm of the size of the key. This implies that the attacker can crack RSA-4000 much faster than a classical computer, as the logarithm function grows much slower than the linear or quadratic function. For example, if a classical computer takes 10^12 years to crack RSA-4000, a quantum computer with the attacker's algorithm could do it in about 10^4 years, which is still a long time, but not impossible5. Therefore, data encryption with AES-128 is likely to provide the best balance of security and performance in this scenario, because: AES-128 is secure and fast, and it can encrypt large amounts of data efficiently. RSA-4000 is slow and vulnerable, but it is only used for key exchange, which involves a small amount of data and a one-time operation. The attacker's quantum algorithm is powerful, but it is not practical, as it requires a quantum computer with a large number of qubits and a long coherence time, which are not available yet. The other options are not as balanced as option C for the following reasons:

  A. Data encryption with 3DES using a 168-bit key: This option offers high security but slower performance due to 3DES's inherent inefficiencies. 3DES is a symmetric encryption algorithm that uses a 168-bit key to encrypt and decrypt data. 3DES is a variant of DES, which is an older and weaker encryption algorithm that uses a 56-bit key. 3DES applies DES three times with different keys to increase the security, but this also increases the complexity and reduces the speed. 3DES has a time complexity of O(n), but it is much slower than AES, as it can process only 8 bytes of data in each round, and it requires 48 rounds to complete the encryption or decryption. 3DES is considered secure against classical and quantum attacks, but it is not recommended for new applications, as it is outdated and inefficient.

  B. Data encryption with Blowfish using a 448-bit key: This option offers high security but potential compatibility issues due to Blowfish's less widespread use. Blowfish is a symmetric encryption algorithm that uses a variable key size, up to 448 bits, to encrypt and decrypt data. Blowfish is fast and secure, and it has a time complexity of O(n), as it can process 8 bytes of data in each round, and it requires 16 rounds to complete the encryption or decryption. Blowfish is considered secure against classical and quantum attacks, but it is not as popular or standardized as AES, and it may have compatibility issues with some applications or platforms89. D. Data encryption with AES-256: This option provides high security with better performance than 3DES, but not as fast as other AES key sizes. AES-256 is a symmetric encryption algorithm that uses a 256-bit key to encrypt and decrypt data. AES-256 is a variant of AES, which is the most widely used and trusted encryption algorithm. AES-256 has a time complexity of O(n), and it can process 16 bytes of data in each round, but it requires 14 rounds to complete the encryption or decryption, which is more than AES-128 or AES-192. AES-256 is considered secure against classical and quantum attacks, but it is not as fast as other AES key sizes, and it may not be necessary for most applications, as AES- 128 or AES-192 are already secure enough. References:

  1: Advanced Encryption Standard - Wikipedia

  2: AES Encryption: What It Is and How It Works | Kaspersky

  3: RSA (cryptosystem) - Wikipedia

  4: RSA Encryption: What It Is and How It Works | Kaspersky

  5: Shor's algorithm - Wikipedia

  6: Triple DES - Wikipedia

  7: 3DES Encryption: What It Is and How It Works | Kaspersky

  8: Blowfish (cipher) - Wikipedia

  9: Blowfish Encryption: What It Is and How It Works | Kaspersky

• Question 226:

  Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every

  incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.

  What is the technique employed by Eric to secure cloud resources?

  A. Serverless computing
  B. Demilitarized zone
  C. Container technology
  D. Zero trust network
  D. Zero trust network

• Question 227:

  Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. What protocol is this port using and how can he secure that traffic?

  A. it is not necessary to perform any actions, as SNMP is not carrying important information.
  B. SNMP and he should change it to SNMP V3
  C. RPC and the best practice is to disable RPC completely
  D. SNMP and he should change it to SNMP v2, which is encrypted
  B. SNMP and he should change it to SNMP V3

  ---

  Explanation/Reference:

  We have various articles already in our documentation for setting up SNMPv2 trap handling in Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and complicated to set up the first time you go through the process, but when you understand what is going on, everything should make more sense. SNMP has gone through several revisions to improve performance and security (version 1, 2c and 3). By default, it is a UDP port based protocol where communication is based on a `fire and forget' methodology in which network packets are sent to another device, but there is no check for receipt of that packet (versus TCP port when a network packet must be acknowledged by the other end of the communication link). There are two modes of operation with SNMP ?get requests (or polling) where one device requests information from an SNMP enabled device on a regular basis (normally using UDP port 161), and traps where the SNMP enabled device sends a message to another device when an event occurs (normally using UDP port 162). The latter includes instances such as someone logging on, the device powering up or down, or a wide variety of other problems that would need this type of investigation. This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our documentation. SNMP trapsSince SNMP is primarily a UDP port based system, traps may be `lost' when sending between devices; the sending device does not wait to see if the receiver got the trap. This means if the configuration on the sending device is wrong (using the wrong receiver IP address or port) or the receiver isn't listening for traps or rejecting them out of hand due to misconfiguration, the sender will never know. The SNMP v2c specification introduced the idea of splitting traps into two types; the original `hope it gets there' trap and the newer `INFORM' traps. Upon receipt of an INFORM, the receiver must send an acknowledgement back. If the sender doesn't get the acknowledgement back, then it knows there is an existing problem and can log it for sysadmins to find when they interrogate the device.

• Question 228:

  Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a

  manual SYN request.

  Which of the following techniques is employed by Dayn to detect honeypots?

  A. Detecting honeypots running on VMware
  B. Detecting the presence of Honeyd honeypots
  C. Detecting the presence of Snort_inline honeypots
  D. Detecting the presence of Sebek-based honeypots
  C. Detecting the presence of Snort_inline honeypots

• Question 229:

  Jim's company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim's company keeps the backup tapes in a safe in the office. Jim's company is audited each year, and the results from this year's audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

  A. Encrypt the backup tapes and transport them in a lock box.
  B. Degauss the backup tapes and transport them in a lock box.
  C. Hash the backup tapes and transport them in a lock box.
  D. Encrypt the backup tapes and use a courier to transport them.
  A. Encrypt the backup tapes and transport them in a lock box.

• Question 230:

  A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

  A. Attempts by attackers to access the user and password information stored in the company's SQL database.
  B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
  C. Attempts by attackers to access password stored on the user's computer without the user's knowledge.
  D. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
  B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.