EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 271:

  In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

  A. Chop chop attack
  B. KRACK
  C. Evil twin
  D. Wardriving
  B. KRACK

  ---

  Explanation/Reference:

  In this attack KRACK is an acronym for Key Reinstallation Attack. KRACK may be a severe replay attack on Wi-Fi Protected Access protocol (WPA2), which secures your Wi-Fi connection. Hackers use KRACK to take advantage of a vulnerability in WPA2. When in close range of a possible victim, attackers can access and skim encrypted data using KRACK. How KRACK WorksYour Wi-Fi client uses a four-way handshake when attempting to attach to a protected network. The handshake confirms that both the client -- your smartphone, laptop, et cetera -- and therefore the access point share the right credentials, usually a password for the network. This establishes the Pairwise passkey (PMK), which allows for encoding .Overall, this handshake procedure allows for quick logins and connections and sets up a replacement encryption key with each connection. this is often what keeps data secure on Wi-Fi connections, and every one protected Wi-Fi connections use the four-way handshake for security. This protocol is that the reason users are encouraged to use private or credential-protected Wi-Fi instead of public connections.KRACK affects the third step of the handshake, allowing the attacker to control and replay the WPA2 encryption key to trick it into installing a key already in use. When the key's reinstalled, other parameters related to it -- the incremental transmit packet number called the nonce and therefore the replay counter -- are set to their original values.Rather than move to the fourth step within the four-way handshake, nonce resets still replay transmissions of the third step. This sets up the encryption protocol for attack, and counting on how the attackers replay the third- step transmissions, they will take down Wi-Fi security. Why KRACK may be a ThreatThink of all the devices you employ that believe Wi-Fi. it isn't almost laptops and smartphones; numerous smart devices now structure the web of Things (IoT). due to the vulnerability in WPA2, everything connected to Wi-Fi is in danger of being hacked or hijacked.Attackers using KRACK can gain access to usernames and passwords also as data stored on devices. Hackers can read emails and consider photos of transmitted data then use that information to blackmail users or sell it on the Dark Web.Theft of stored data requires more steps, like an HTTP content injection to load malware into the system. Hackers could conceivably take hold of any device used thereon Wi-Fi connection. Because the attacks require hackers to be on the brink of the target, these internet security threats could also cause physical security threats.On the opposite hand, the necessity to be in close proximity is that the only excellent news associated with KRACK, as meaning a widespread attack would be extremely difficult.Victims are specifically targeted. However, there are concerns that a experienced attacker could develop the talents to use HTTP content injection to load malware onto websites to make a more widespread affect. Everyone is in danger from KRACK vulnerability. Patches are available for Windows and iOS devices, but a released patch for Android devices is currently in question (November 2017). There are issues with the discharge , and lots of question if all versions and devices are covered.The real problem is with routers and IoT devices. These devices aren't updated as regularly as computer operating systems, and for several devices, security flaws got to be addressed on the manufacturing side. New devices should address KRACK, but the devices you have already got in your home probably aren't protected. The best protection against KRACK is to make sure any device connected to Wi-Fi is patched and updated with the newest firmware. that has checking together with your router's manufacturer periodically to ascertain if patches are available. The safest connection option may be a private VPN, especially when publicly spaces. If you would like a VPN for private use, avoid free options, as they need their own security problems and there'll even be issues with HTTPs. Use a paid service offered by a trusted vendor like Kaspersky. Also, more modern networks use WPA3 for better security.Avoid using public Wi-Fi, albeit it's password protection. That password is out there to almost anyone, which reduces the safety level considerably.All the widespread implications of KRACK and therefore the WPA2 vulnerability aren't yet clear. what's certain is that everybody who uses Wi-Fi is in danger and wishes to require precautions to guard their data and devices.

• Question 272:

  Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this

  feature supplies data to other applications so that users can instantly receive real-time Information.

  Which of the following techniques is employed by Susan?

  A. web shells
  B. Webhooks
  C. REST API
  D. SOAP API
  B. Webhooks

  ---

  Explanation/Reference:

  Webhooks are one of a few ways internet applications will communicate with one another.

  It allows you to send real-time data from one application to another whenever a given event happens.

  For example, let's say you've created an application using the Foursquare API that tracks when people check into your restaurant. You ideally wish to be able to greet customers by name and provide a complimentary drink when they check

  in. What a webhook will is notify you any time someone checks in, therefore you'd be able to run any processes that you simply had in your application once this event is triggered. The data is then sent over the web from the application

  wherever the event originally occurred, to the receiving application that handles the data.

  

  Here's a visual representation of what that looks like:

  A webhook url is provided by the receiving application, and acts as a phone number that the other application will call once an event happens. Only it's more complicated than a phone number, because data about the event is shipped

  

  Here's an example of what a webhook url looks like with the payload it's carrying:

  What are Webhooks? Webhooks are user-defined HTTP callback or push APIs that are raised based on events triggered, such as comment received on a post and pushing code to the registry. A webhook allows an application to update other applications with the latest information. Once invoked, it supplies data to the other applications, which means that users instantly receive real-time information. Webhooks are sometimes called "Reverse APIs" as they provide what is required for API specification, and the developer should create an API to use a webhook. A webhook is an API concept that is also used to send text messages and notifications to mobile numbers or email addresses from an application when a specific event is triggered. For instance, if you search for something in the online store and the required item is out of stock, you click on the "Notify me" bar to get an alert from the application when that item is available for purchase. These notifications from the applications are usually sent through webhooks.

• Question 273:

  How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender's identity?

  A. Hash value
  B. Private key
  C. Digital signature
  D. Digital certificate
  D. Digital certificate

• Question 274:

  You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ

  (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices

  are compromised.

  What kind of attack does the above scenario depict?

  A. Botnet Attack
  B. Spear Phishing Attack
  C. Advanced Persistent Threats
  D. Rootkit Attack
  A. Botnet Attack

• Question 275:

  When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

  A. Data items and vulnerability scanning
  B. Interviewing employees and network engineers
  C. Reviewing the firewalls configuration
  D. Source code review
  A. Data items and vulnerability scanning

• Question 276:

  One of your team members has asked you to analyze the following SOA record.

  What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

  A. 200303028
  B. 3600
  C. 604800
  D. 2400
  E. 60
  F. 4800
  D. 2400

• Question 277:

  A security analyst is preparing to analyze a potentially malicious program believed to have infiltrated an organization's network. To ensure the safety and integrity of the production environment, the analyst decided to use a sheep dip computer for the analysis. Before initiating the analysis, what key step should the analyst take?

  A. Run the potentially malicious program on the sheep dip computer to determine its behavior
  B. Store the potentially malicious program on an external medium, such as a CD-ROM
  C. Connect the sheep dip computer to the organization's internal network
  D. install the potentially malicious program on the sheep dip computer
  B. Store the potentially malicious program on an external medium, such as a CD-ROM

  ---

  Explanation/Reference:

  A sheep dip computer is a dedicated device that is used to test inbound files or physical media for viruses, malware, or other harmful content, before they are allowed to be used with other computers. The term sheep dip comes from a method of preventing the spread of parasites in a flock of sheep by dipping the new animals that farmers are adding to the flock in a trough of pesticide. A sheep dip computer is isolated from the organization's network and has port monitors, file monitors, network monitors, and antivirus software installed. Before initiating the analysis of a potentially malicious program, the analyst should store the program on an external medium, such as a CD-ROM, and then insert it into the sheep dip computer. This way, the analyst can prevent the program from infecting other devices or spreading over the network, and can safely analyze its behavior and characteristics. The other options are not correct steps to take before initiating the analysis. Running the potentially malicious program on the sheep dip computer may cause irreversible damage to the device or compromise its security. Connecting the sheep dip computer to the organization's internal network may expose the network to the risk of infection or attack. Installing the potentially malicious program on the sheep dip computer may not be possible or advisable, as the program may require certain dependencies or permissions that the sheep dip computer does not have or allow. References: Sheep dip (computing) What Does `Sheep Dip' Mean in Cyber Security? Malware Analysis What is a Sheepdip?

• Question 278:

  Which of the following tools can be used for passive OS fingerprinting?

  A. nmap
  B. tcpdump
  C. tracert
  D. ping
  B. tcpdump

• Question 279:

  During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

  A. Temporal metric represents the inherent qualities of a vulnerability
  B. Base metric represents the inherent qualities of a vulnerability
  C. Environmental metric involves the features that change during the lifetime of the vulnerability
  D. Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation
  B. Base metric represents the inherent qualities of a vulnerability

  ---

  Explanation/Reference:

  The base metric represents the inherent qualities of a vulnerability, according to the Common Vulnerability Scoring System (CVSS). CVSS is a framework that numerically characterizes the severity of software vulnerabilities between the range of 0-10. CVSS consists of three metric groups: Base, Temporal, and Environmental. The base metric group captures the characteristics of a vulnerability that are constant over time and across user environments. The base metric group consists of six sub-metrics: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, and Impact. The impact sub-metric further consists of three sub-metrics: Confidentiality, Integrity, and Availability. The base metric group produces a score ranging from 0 to 10, which reflects the intrinsic and fundamental properties of a vulnerability12. The other options are not correct for the following reasons:

  A. Temporal metric represents the inherent qualities of a vulnerability: This option is incorrect because the temporal metric group captures the characteristics of a vulnerability that change over time due to events external to the vulnerability.

  The temporal metric group consists of three sub-metrics: Exploit Code Maturity, Remediation Level, and Report Confidence. The temporal metric group modifies the base score to reflect the current state of the vulnerability, such as the

  availability of exploit code, the existence of patches or workarounds, and the degree of verification of the vulnerability report12. C. Environmental metric involves the features that change during the lifetime of the vulnerability: This option is

  incorrect because the environmental metric group captures the characteristics of a vulnerability that are relevant and unique to a user's environment. The environmental metric group consists of three sub-metrics:

  Modified Attack Vector, Modified Attack Complexity, and Modified Privileges Required. The environmental metric group also allows the user to assign importance values to the impact sub-metrics: Confidentiality Requirement, Integrity

  Requirement, and Availability Requirement. The environmental metric group modifies the base and temporal scores to reflect the impact of the vulnerability on the user's specific environment, such as the network configuration, the security

  objectives, and the asset value.

  D. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation: This option is incorrect because the temporal metric group does not involve measuring vulnerabilities based on a specific environment

  or implementation, but rather on the factors that change over time due to events external to the vulnerability. The environmental metric group, not the temporal metric group, involves measuring vulnerabilities based on a specific environment

  or implementation, as explained in option C.

  References:

  1: What is CVSS - Common Vulnerability Scoring System - SANS Institute

  2: Common Vulnerability Scoring System - Wikipedia

• Question 280:

  What is the port to block first in case you are suspicious that an loT device has been compromised?

  A. 22
  B. 443
  C. 48101
  D. 80
  C. 48101

  ---

  Explanation/Reference:

  TCP port 48101 uses the Transmission management Protocol. transmission control protocol is one in all the most protocols in TCP/IP networks. transmission control protocol could be a connection-oriented protocol, it needs acknowledgement to line up end- to-end communications. only a association is about up user's knowledge may be sent bi- directionally over the association. Attention! transmission control protocol guarantees delivery of knowledge packets on port 48101 within the same order during which they were sent. bonded communication over transmission control protocol port 48101 is that the main distinction between transmission control protocol and UDP. UDP port 48101 wouldn't have bonded communication as transmission control protocol. UDP on port 48101 provides Associate in Nursing unreliable service and datagrams might arrive duplicated, out of order, or missing unexpectedly. UDP on port 48101 thinks that error checking and correction isn't necessary or performed within the application, avoiding the overhead of such process at the network interface level. UDP (User Datagram Protocol) could be a borderline message-oriented Transport Layer protocol (protocol is documented in IETF RFC 768). Application examples that always use UDP: vocalisation IP (VoIP), streaming media and period multiplayer games. several internet applications use UDP, e.g. the name System (DNS), the Routing info Protocol (RIP), the Dynamic Host Configuration Protocol (DHCP), the straightforward Network Management Protocol (SNMP).