EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 291:

  Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non- network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

  A. Internal monologue attack

  B. Combinator attack

  C. Rainbow table attack

  D. Dictionary attack

  Correct Answer: A

• Question 292:

  Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix any bugs in the

  application, discover underlying vulnerabilities, and improve defense strategies against attacks.

  What is the technique used by Jacob in the above scenario to improve the security of the mobile application?

  A. Reverse engineering

  B. App sandboxing

  C. Jailbreaking

  D. Social engineering

  Correct Answer: A

• Question 293:

  A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is this hacking process known as?

  A. GPS mapping

  B. Spectrum analysis

  C. Wardriving

  D. Wireless sniffing

  Correct Answer: C

• Question 294:

  env x='(){ :;};echo exploit' bash -c `cat/etc/passwd' What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

  A. Removes the passwd file

  B. Changes all passwords in passwd

  C. Add new user to the passwd file

  D. Display passwd content to prompt

  Correct Answer: D

• Question 295:

  The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28.

  Why he cannot see the servers?

  A. He needs to add the command ""ip address"" just before the IP address

  B. He needs to change the address to 192.168.1.0 with the same mask

  C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are not in that range

  D. The network must be dawn and the nmap command and IP address are ok

  Correct Answer: C

  https://en.wikipedia.org/wiki/Subnetwork

  This is a fairly simple question. You must to understand what a subnet mask is and how it works.

  A subnetwork or subnet is a logical subdivision of an IP network.The practice of dividing a network into two or more networks is called subnetting. Computers that belong to the same subnet are addressed with an identical most-significant bit-

  group in their IP addresses. This results in the logical division of an IP address into two fields: the network number or routing prefix and the rest field or host identifier. The rest field is an identifier for a specific host or network interface. The

  routing prefix may be expressed in Classless Inter-Domain Routing (CIDR) notation written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. For example, 198.51.100.0/24 is the

  prefix of the Internet Protocol version 4 network starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing. Addresses in the range 198.51.100.0 to 198.51.100.255

  belong to this network. The IPv6 address specification 2001:db8::/32 is a large address block with 296 addresses, having a 32-bit routing prefix. For IPv4, a network may also be characterized by its subnet mask or netmask, which is the

  bitmask that when applied by a bitwise AND operation to any IP address in the network, yields the routing prefix. Subnet masks are also expressed in dot-decimal notation like an address. For example, 255.255.255.0 is the subnet mask for

  the prefix 198.51.100.0/24.

  

• Question 296:

  What is the least important information when you analyze a public IP address in a security alert?

  A. DNS

  B. Whois

  C. Geolocation

  D. ARP

  Correct Answer: D

• Question 297:

  While using your bank's online servicing you notice the following string in the URL bar:

  "http: // www. MyPersonalBank.com/account?id=368940911028389andDamount=10980andCamount=21"

  You observe that if you modify the Damount and Camount values and submit the request, that data on the web page reflects the changes.

  Which type of vulnerability is present on this site?

  A. Cookie Tampering

  B. SQL Injection

  C. Web Parameter Tampering

  D. XSS Reflection

  Correct Answer: C

• Question 298:

  Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above information?

  A. search.com

  B. EarthExplorer

  C. Google image search

  D. FCC ID search

  Correct Answer: D

  Footprinting techniques are used to collect basic information about the target IoT and OT platforms to exploit them. Information collected through footprinting techniques ncludes IP address, hostname, ISP, device location, banner of the target IoT device, FCC ID information, certification granted to the device, etc. pg. 5052 ECHv11 manual

  https://en.wikipedia.org/wiki/FCC_mark An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. For legal sale of wireless deices in the US, manufacturers must: ?Have the device evaluated by an independent lab to ensure it conforms to FCC standards ?Provide documentation to the FCC of the lab results ?Provide User Manuals, Documentation, and Photos relating to the device ?Digitally or physically label the device with the unique identifier provided by the FCC (upon approved application) The FCC gets its authourity from Title 47 of the Code of Federal Regulations (47 CFR). FCC IDs are required for all wireless emitting devices sold in the USA. By searching an FCC ID, you can find details on the wireless operating frequency (including strength), photos of the device, user manuals for the device, and SAR reports on the wireless emissions

• Question 299:

  Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can be integrated by Tony into the software program?

  A. TEA

  B. CAST-128

  C. RC5

  D. serpent

  Correct Answer: D

• Question 300:

  As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?

  A. Service Level Agreement

  B. Project Scope

  C. Rules of Engagement

  D. Non-Disclosure Agreement

  Correct Answer: C