EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 321:

  Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

  A. Wireshark

  B. Maltego

  C. Metasploit

  D. Nessus

  Correct Answer: C

  https://en.wikipedia.org/wiki/Metasploit_Project

  The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system.

  The basic steps for exploiting a system using the Framework include.

  1.

  Optionally checking whether the intended target system is vulnerable to an exploit.

  2.

  Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and macOS systems are included).

  3.

  Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server). Metasploit often recommends a payload that should work.

  4.

  Choosing the encoding technique so that hexadecimal opcodes known as "bad characters" are removed from the payload, these characters will cause the exploit to fail.

  5.

  Executing the exploit.

  This modular approach

  allowing the combination of any exploit with any payload

  is the major advantage of the Framework.

  It facilitates the tasks of attackers, exploit writers and payload writers.

• Question 322:

  You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

  A. All three servers need to be placed internally

  B. A web server facing the Internet, an application server on the internal network, a database server on the internal network

  C. A web server and the database server facing the Internet, an application server on the internal network

  D. All three servers need to face the Internet so that they can communicate between themselves

  Correct Answer: B

• Question 323:

  What does the -oX flag do in an Nmap scan?

  A. Perform an eXpress scan

  B. Output the results in truncated format to the screen

  C. Output the results in XML format to a file

  D. Perform an Xmas scan

  Correct Answer: C

  https://nmap.org/book/man-output.html

  -oX - Requests that XML output be directed to the given filename.

• Question 324:

  Which of the following programs is usually targeted at Microsoft Office products?

  A. Polymorphic virus

  B. Multipart virus

  C. Macro virus

  D. Stealth virus

  Correct Answer: C

  A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. (Wikipedia) NB: The virus Melissa is a well-known macro virus we could find attached to word documents.

• Question 325:

  Which of the following statements about a zone transfer is correct? (Choose three.)

  A. A zone transfer is accomplished with the DNS

  B. A zone transfer is accomplished with the nslookup service

  C. A zone transfer passes all zone information that a DNS server maintains

  D. A zone transfer passes all zone information that a nslookup server maintains

  E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections

  F. Zone transfers cannot occur on the Internet

  Correct Answer: ACE

• Question 326:

  Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfilltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company's application whitelisting?

  A. Phishing malware

  B. Zero-day malware

  C. File-less malware

  D. Logic bomb malware

  Correct Answer: C

  https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-fileless-malware.html

• Question 327:

  When discussing passwords, what is considered a brute force attack?

  A. You attempt every single possibility until you exhaust all possible combinations or discover the password

  B. You threaten to use the rubber hose on someone unless they reveal their password

  C. You load a dictionary of words into your cracking program

  D. You create hashes of a large number of words and compare it with the encrypted passwords

  E. You wait until the password expires

  Correct Answer: A

• Question 328:

  OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

  A. openssl s_client -site www.website.com:443

  B. openssl_client -site www.website.com:443

  C. openssl s_client -connect www.website.com:443

  D. openssl_client -connect www.website.com:443

  Correct Answer: C

• Question 329:

  George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all

  his online activities.

  Which of the following anonymizers helps George hide his activities?

  A. https://www.baidu.com

  B. https://www.guardster.com

  C. https://www.wolframalpha.com

  D. https://karmadecay.com

  Correct Answer: B

• Question 330:

  Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

  A. Overloading Port Address Translation

  B. Dynamic Port Address Translation

  C. Dynamic Network Address Translation

  D. Static Network Address Translation

  Correct Answer: D