EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 281:

  Take a look at the following attack on a Web Server using obstructed URL:

  

  How would you protect from these attacks?

  A. Configure the Web Server to deny requests involving "hex encoded" characters

  B. Create rules in IDS to alert on strange Unicode requests

  C. Use SSL authentication on Web Servers

  D. Enable Active Scripts Detection at the firewall and routers

  Correct Answer: B

• Question 282:

  You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

  A. 210.1.55.200

  B. 10.1.4.254

  C. 10..1.5.200

  D. 10.1.4.156

  Correct Answer: C

  https://en.wikipedia.org/wiki/Subnetwork As we can see, we have an IP address of 10.1.4.0 with a subnet mask of /23. According to the question, we need to determine which IP address will be included in the range of the last 100 IP

  addresses.

  The available addresses for hosts start with 10.1.4.1 and end with 10.1.5.254. Now you can clearly see that the last 100 addresses include the address 10.1.5.200.

• Question 283:

  An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.

  < iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none"" > < /iframe >

  What is this type of attack (that can use either HTTP GET or HTTP POST) called?

  A. Browser Hacking

  B. Cross-Site Scripting

  C. SQL Injection

  D. Cross-Site Request Forgery

  Correct Answer: D

  https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. This is done by making a logged in user in the victim platform access an attacker controlled website and from there execute malicious JS code, send forms or retrieve "images" to the victims account.

  In order to be able to abuse a CSRF vulnerability you first need to find a relevant action to abuse (change password or email, make the victim follow you on a social network, give you more privileges...). The session must rely only on cookies or HTTP Basic Authentication header, any other header can't be used to handle the session. An finally, there shouldn't be unpredictable parameters on the request.

  Several counter-measures could be in place to avoid this vulnerability. Common defenses:

  -

  SameSite cookies: If the session cookie is using this flag, you may not be able to send the cookie from arbitrary web sites.

  -

  Cross-origin resource sharing: Depending on which kind of HTTP request you need to perform to abuse the relevant action, you may take int account the CORS policy of the victim site. Note that the CORS policy won't affect if you just want to send a GET request or a POST request from a form and you don't need to read the response.

  -Ask for the password user to authorise the action.

  -Resolve a captcha

  - Read the Referrer or Origin headers. If a regex is used it could be bypassed form example with: http://mal.net?orig=http://example.com (ends with the url) http://example.com.mal.net (starts with the url)

  -Modify the name of the parameters of the Post or Get request

  - Use a CSRF token in each session. This token has to be send inside the request to confirm the action. This token could be protected with CORS.

  

• Question 284:

  

  Identify the correct terminology that defines the above statement.

  A. Vulnerability Scanning

  B. Penetration Testing

  C. Security Policy Implementation

  D. Designing Network Security

  Correct Answer: B

• Question 285:

  John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

  A. loTSeeker

  B. loT Inspector

  C. ATandT loT Platform

  D. Azure loT Central

  Correct Answer: A

• Question 286:

  What is the algorithm used by LM for Windows2000 SAM?

  A. MD4

  B. DES

  C. SHA

  D. SSL

  Correct Answer: B

• Question 287:

  What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

  A. Session hijacking

  B. Firewalking

  C. Man-in-the middle attack

  D. Network sniffing

  Correct Answer: B

• Question 288:

  The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

  A. network Sniffer

  B. Vulnerability Scanner

  C. Intrusion prevention Server

  D. Security incident and event Monitoring

  Correct Answer: D

• Question 289:

  James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

  A. WebSploit Framework

  B. Browser Exploitation Framework

  C. OSINT framework

  D. SpeedPhish Framework

  Correct Answer: C

• Question 290:

  Under what conditions does a secondary name server request a zone transfer from a primary name server?

  A. When a primary SOA is higher that a secondary SOA

  B. When a secondary SOA is higher that a primary SOA

  C. When a primary name server has had its service restarted

  D. When a secondary name server has had its service restarted

  E. When the TTL falls to zero

  Correct Answer: A