EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 261:

  In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN

  number and other personal details. Ignorant users usually fall prey to this scam.

  Which of the following statement is incorrect related to this attack?

  A. Do not reply to email messages or popup ads asking for personal or financial information

  B. Do not trust telephone numbers in e-mails or popup ads

  C. Review credit card and bank account statements regularly

  D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

  E. Do not send credit card numbers, and personal or financial information via e-mail

  Correct Answer: D

• Question 262:

  Dorian is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?

  A. Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key.

  B. Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key.

  C. Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

  D. Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

  Correct Answer: C

  https://blog.mailfence.com/how-do-digital-signatures-work/

  https://en.wikipedia.org/wiki/Digital_signature A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. It's the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide evidence of origin, identity, and status of electronic documents, transactions, or digital messages. Signers can also use them to acknowledge informed consent. Digital signatures are based on public-key cryptography, also known as asymmetric cryptography. Two keys are generated using a public key algorithm, such as RSA (Rivest- Shamir-Adleman), creating a mathematically linked pair of keys, one private and one public. Digital signatures work through public-key cryptography's two mutually authenticating cryptographic keys. The individual who creates the digital signature uses a private key to encrypt signature-related data, while the only way to decrypt that data is with the signer's public key.

• Question 263:

  Which of the following tools can be used for passive OS fingerprinting?

  A. nmap

  B. tcpdump

  C. tracert

  D. ping

  Correct Answer: B

• Question 264:

  Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

  A. Take over the session

  B. Reverse sequence prediction

  C. Guess the sequence numbers

  D. Take one of the parties offline

  Correct Answer: C

• Question 265:

  Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?

  A. Tethered jailbreaking

  B. Semi-tethered jailbreaking

  C. Untethered jailbreaking

  D. Semi-Untethered jailbreaking

  Correct Answer: C

  An untethered jailbreak is one that allows a telephone to finish a boot cycle when being pwned with none interruption to jailbreak-oriented practicality. Untethered jailbreaks area unit the foremost sought-after of all, however they're additionally the foremost difficult to attain due to the powerful exploits and organic process talent they need. associate unbound jailbreak is sent over a physical USB cable association to a laptop or directly on the device itself by approach of associate application-based exploit, like a web site in campaign. Upon running associate unbound jailbreak, you'll be able to flip your pwned telephone off and on once more while not running the jailbreak tool once more. all of your jailbreak tweaks and apps would then continue in operation with none user intervention necessary. It's been an extended time since IOS has gotten the unbound jailbreak treatment. the foremost recent example was the computer-based Pangu break, that supported most handsets that ran IOS nine.1. We've additionally witnessed associate unbound jailbreak within the kind of JailbreakMe, that allowed users to pwn their handsets directly from the mobile campaign applications programme while not a laptop.

• Question 266:

  When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

  A. Identifying operating systems, services, protocols and devices

  B. Modifying and replaying captured network traffic

  C. Collecting unencrypted information about usernames and passwords

  D. Capturing a network traffic for further analysis

  Correct Answer: B

• Question 267:

  Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting countermeasures to secure

  the accounts on the web server.

  Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

  A. Enable unused default user accounts created during the installation of an OS

  B. Enable all non-interactive accounts that should exist but do not require interactive login

  C. Limit the administrator or toot-level access to the minimum number of users

  D. Retain all unused modules and application extensions

  Correct Answer: C

• Question 268:

  The collection of potentially actionable, overt, and publicly available information is known as

  A. Open-source intelligence

  B. Real intelligence

  C. Social intelligence

  D. Human intelligence

  Correct Answer: A

• Question 269:

  The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

  A. Multi-cast mode

  B. Promiscuous mode

  C. WEM

  D. Port forwarding

  Correct Answer: B

• Question 270:

  Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

  A. tcptrace

  B. Nessus

  C. OpenVAS

  D. tcptraceroute

  Correct Answer: A