EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 301:

  John the Ripper is a technical assessment tool used to test the weakness of which of the following?

  A. Passwords
  B. File permissions
  C. Firewall rulesets
  D. Usernames
  A. Passwords

• Question 302:

  You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

  A. IDS log
  B. Event logs on domain controller
  C. Internet Firewall/Proxy log.
  D. Event logs on the PC
  C. Internet Firewall/Proxy log.

• Question 303:

  Which of the following tools are used for enumeration? (Choose three.)

  A. SolarWinds
  B. USER2SID
  C. Cheops
  D. SID2USER
  E. DumpSec
  B. USER2SID
  D. SID2USER
  E. DumpSec

• Question 304:

  Within the context of Computer Security, which of the following statements describes Social Engineering best?

  A. Social Engineering is the act of publicly disclosing information
  B. Social Engineering is the means put in place by human resource to perform time accounting
  C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
  D. Social Engineering is a training program within sociology studies
  C. Social Engineering is the act of getting needed information from a person rather than breaking into a system

• Question 305:

  Under what conditions does a secondary name server request a zone transfer from a primary name server?

  A. When a primary SOA is higher that a secondary SOA
  B. When a secondary SOA is higher that a primary SOA
  C. When a primary name server has had its service restarted
  D. When a secondary name server has had its service restarted
  E. When the TTL falls to zero
  A. When a primary SOA is higher that a secondary SOA

• Question 306:

  Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its

  owner, expiry date, and creation date.

  With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

  A. VPN footprinting
  B. Email footprinting
  C. VoIP footprinting
  D. Whois footprinting
  B. Email footprinting

• Question 307:

  A cyber attacker has initiated a series of activities against a high-profile organization following the Cyber Kill Chain Methodology. The attacker is presently in the "Delivery" stage. As an Ethical Hacker, you are trying to anticipate the

  adversary's next move.

  What is the most probable subsequent action from the attacker based on the Cyber Kill Chain Methodology?

  A. The attacker will attempt to escalate privileges to gain complete control of the compromised system.
  B. The attacker will exploit the malicious payload delivered to the target organization and establish a foothold.
  C. The attacker will initiate an active connection to the target system to gather more data.
  D. The attacker will start reconnaissance to gather as much information as possible about the target.
  B. The attacker will exploit the malicious payload delivered to the target organization and establish a foothold.

  ---

  Explanation/Reference:

  The most probable subsequent action from the attacker based on the Cyber Kill Chain Methodology is to exploit the malicious payload delivered to the target organization and establish a foothold. This option works as follows: The Cyber Kill Chain Methodology is a framework that describes the stages of a cyberattack from the perspective of the attacker. It helps defenders to understand the attacker's objectives, tactics, and techniques, and to design effective countermeasures. The Cyber Kill Chain Methodology consists of seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. The delivery stage is the third stage in the Cyber Kill Chain Methodology, and it involves sending or transmitting the weaponized payload to the target system. The delivery stage can use various methods, such as email attachments, web links, removable media, or network protocols. The delivery stage aims to reach the target system and bypass any security controls, such as firewalls, antivirus, or email filters. The exploitation stage is the fourth stage in the Cyber Kill Chain Methodology, and it involves executing the malicious payload on the target system. The exploitation stage can use various techniques, such as buffer overflows, code injection, or privilege escalation. The exploitation stage aims to exploit a vulnerability or a weakness in the target system and gain access to its resources, such as files, processes, or memory. The installation stage is the fifth stage in the Cyber Kill Chain Methodology, and it involves installing a backdoor or a malware on the target system. The installation stage can use various tools, such as rootkits, trojans, or ransomware. The installation stage aims to establish a foothold on the target system and maintain persistence, which means to survive

  reboots, updates, or scans. Therefore, the most probable subsequent action from the attacker based on the Cyber Kill Chain Methodology is to exploit the malicious payload delivered to the target organization and establish a foothold,

  because:

  This action follows the logical sequence of the Cyber Kill Chain Methodology, as it is the next stage after the delivery stage. This action is consistent with the attacker's goal, as it allows the attacker to gain access and control over the target

  system and prepare for further actions. This action is feasible, as the attacker has already delivered the malicious payload to the target system and may have bypassed some security controls. The other options are not as probable as option

  B for the following reasons:

  A. The attacker will attempt to escalate privileges to gain complete control of the compromised system: This option is possible, but not the most probable, because it is not the next stage in the Cyber Kill Chain Methodology, but rather a technique that can be used in the exploitation stage or the installation stage. Privilege escalation is a method of increasing the level of access or permissions on a system, such as from a normal user to an administrator. Privilege escalation can help the attacker to gain complete control of the compromised system, but it is not a mandatory step, as the attacker may already have sufficient privileges or may use other techniques to achieve the same goal12. C. The attacker will initiate an active connection to the target system to gather more data: This option is possible, but not the most probable, because it is not the next stage in the Cyber Kill Chain Methodology, but rather a technique that can be used in the command and control stage or the actions on objectives stage. An active connection is a communication channel that allows the attacker to send commands or receive data from the target system, such as a remote shell or a botnet. An active connection can help the attacker to gather more data from the target system, but it is not a necessary step, as the attacker may already have enough data or may use other techniques to obtain more data12. D. The attacker will start reconnaissance to gather as much information as possible about the target: This option is not probable, because it is not the next stage in the Cyber Kill Chain Methodology, but rather the first stage. Reconnaissance is the process of collecting information about the target, such as its IP address, domain name, network structure, services, vulnerabilities, or employees. Reconnaissance is usually done before the delivery stage, as it helps the attacker to identify the target and plan the attack. Reconnaissance can be done again after the delivery stage, but it is not the most likely action, as the attacker may already have enough information or may focus on other actions12. References:

  1: The Cyber Kill Chain: The Seven Steps of a Cyberattack - EC-Council

  2: Cyber Kill Chain?| Lockheed Martin

• Question 308:

  A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10

  the intrusion.

  This Is likely a failure in which of the following security processes?

  A. vendor risk management
  B. Security awareness training
  C. Secure deployment lifecycle
  D. Patch management
  D. Patch management

  ---

  Explanation/Reference:

  Patch management is that the method that helps acquire, test and install multiple patches (code changes) on existing applications and software tools on a pc, enabling systems to remain updated on existing patches and determining that

  patches are the suitable ones.

  Managing patches so becomes simple and simple.

  Patch Management is usually done by software system firms as a part of their internal efforts to mend problems with the various versions of software system programs and also to assist analyze existing software system programs and

  discover any potential lack of security features or different upgrades.

  Software patches help fix those problems that exist and are detected solely once the software's initial unharness. Patches mostly concern security while there are some patches that concern the particular practicality of programs as well.

• Question 309:

  Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She discovered a malicious program spread through the instant messenger application used by her team. The attacker had obtained access to one of her teammate's messenger accounts and started sending files across the contact list. Which best describes the attack scenario and what measure could have prevented it?

  A. Instant Messenger Applications; verifying the sender's identity before opening any files.
  B. Insecure Patch Management; updating application software regularly.
  C. Rogue/Decoy Applications; ensuring software is labeled as TRUSTED.
  D. Portable Hardware Media/Removable Devices; disabling Autorun functionality.
  A. Instant Messenger Applications; verifying the sender's identity before opening any files.

  ---

  Explanation/Reference:

  The attack scenario is best described as Instant Messenger Applications, and the measure that could have prevented it is verifying the sender's identity before opening any files. Instant Messenger Applications are communication tools that allow users to exchange text, voice, video, and file messages in real time. However, they can also be used as attack vectors for spreading malware, such as viruses, worms, or Trojans, by exploiting the trust and familiarity between the users. In this scenario, the attacker compromised one of the team member's messenger account and used it to send malicious files to the other team members, who may have opened them without suspicion, thus infecting their systems. This type of attack is also known as an instant messaging worm. To prevent this type of attack, the users should verify the sender's identity before opening any files sent through instant messenger applications. This can be done by checking the sender's profile, asking for confirmation, or using a secure channel. Additionally, the users should also follow other security tips, such as using strong passwords, updating the application software, scanning the files with antivirus software, and reporting any suspicious activity. References:

  1: Instant Messaging Worm - Techopedia

  2: Cybersecurity's Silent Foe: A Comprehensive Guide to Computer Worms | Silent Quadrant

  3: Instant Messenger Hacks: 10 Security Tips to Protect Yourself - MUO

  4: Increased phishing attacks on instant messaging platforms: how to prevent them | Think Digital Partners

• Question 310:

  Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of injection attack Calvin's web application is susceptible to?

  A. Server-side template injection
  B. Server-side JS injection
  C. CRLF injection
  D. Server-side includes injection
  D. Server-side includes injection