EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 331:

  You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?

  A. John the Ripper
  B. SET
  C. CHNTPW
  D. Cain and Abel
  C. CHNTPW

• Question 332:

  An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

  A. AlienVault OSSIM
  B. Syhunt Hybrid
  C. Saleae Logic Analyzer
  D. Cisco ASA
  B. Syhunt Hybrid

• Question 333:

  Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

  

  What is Eve trying to do?

  A. Eve is trying to connect as a user with Administrator privileges
  B. Eve is trying to enumerate all users with Administrative privileges
  C. Eve is trying to carry out a password crack for user Administrator
  D. Eve is trying to escalate privilege of the null user to that of Administrator
  C. Eve is trying to carry out a password crack for user Administrator

• Question 334:

  Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics:

  1.

  Verifies the success or failure of an attack

  2.

  Monitors system activities

  3.

  Detects attacks that a network-based IDS fails to detect

  4.

  Provides near real-time detection and response

  5.

  Does not require additional hardware

  6.

  Has a lower entry cost

  Which type of IDS is best suited for Tremp's requirements?

  A. Gateway-based IDS
  B. Network-based IDS
  C. Host-based IDS
  D. Open source-based
  C. Host-based IDS

• Question 335:

  Which definition among those given below best describes a covert channel?

  A. A server program using a port that is not well known.
  B. Making use of a protocol in a way it is not intended to be used.
  C. It is the multiplexing taking place on a communication link.
  D. It is one of the weak channels used by WEP which makes it insecure
  B. Making use of a protocol in a way it is not intended to be used.

• Question 336:

  Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?

  A. getsystem
  B. getuid
  C. keylogrecorder
  D. autoroute
  A. getsystem

• Question 337:

  Which of the following is assured by the use of a hash?

  A. Authentication
  B. Confidentiality
  C. Availability
  D. Integrity
  D. Integrity

• Question 338:

  While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability. The application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?

  A. UNION SQL Injection
  B. Blind/inferential SQL Injection
  C. In-band SQL Injection
  D. Error-based SOL Injection
  D. Error-based SOL Injection

  ---

  Explanation/Reference:

  Error-based SQL Injection is a type of in-band SQL Injection attack that relies on error messages thrown by the database server to obtain information about the structure of the database. In some cases, error-based SQL injection alone is

  enough for an attacker to enumerate an entire database.

  The ethical hacker is likely to use this type of SQL Injection attack because the application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. This means that the attacker can

  craft malicious SQL queries that trigger errors and reveal information such as table names, column names, data types, etc. The attacker can then use this information to construct more complex queries that extract data from the database.

  For example, if the application uses the following query to display the username of a user based on the user ID:

  SELECT username FROM users WHERE id = '$id'

  The attacker can inject a single quote at the end of the user ID parameter to cause a syntax error:

  SELECT username FROM users WHERE id = '1'

  The application might display an error message like this:

  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1'' at line 1 This error message reveals that the database server is MySQL and that the user ID

  parameter is enclosed in single quotes. The attacker can then use other techniques such as UNION, subqueries, or conditional statements to manipulate the query and retrieve data from other tables or columns.

  References:

  [CEHv12 Module 05: Sniffing]

  Types of SQL Injection (SQLi) - GeeksforGeeks

  Types of SQL Injection? - Acunetix

• Question 339:

  As part of a college project, you have set up a web server for hosting your team's application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server

  misconfigurations.

  Which of the following actions would best protect your web server from potential misconfiguration- based attacks?

  A. Performing regular server configuration audits
  B. Enabling multi-factor authentication for users
  C. Implementing a firewall to filter traffic
  D. Regularly backing up server data
  A. Performing regular server configuration audits

  ---

  Explanation/Reference:

  The action that would best protect your web server from potential misconfiguration-based attacks is performing regular server configuration audits. A server configuration audit is a process of reviewing and verifying the security settings and parameters of the server, such as user accounts, permissions, services, ports, protocols, files, directories, logs, and patches. A server configuration audit can help you to identify and fix any security misconfigurations that may expose your server to attacks, such as using default credentials, enabling unnecessary services, leaving open ports, or missing security updates. A server configuration audit can also help you to comply with the security standards and best practices for your server, such as the CIS Benchmarks or the OWASP Secure Configuration Guide. The other options are not as effective as option A for the following reasons:

  B. Enabling multi-factor authentication for users: This option is not relevant because it does not address the server misconfiguration issue, but the user authentication issue. Multi-factor authentication is a method of verifying the identity of the users by requiring them to provide two or more pieces of evidence, such as a password, a code, or a biometric factor. Multi-factor authentication can enhance the security of the user accounts and prevent unauthorized access, but it does not prevent the server from being attacked due to misconfigured settings or parameters3.

  C. Implementing a firewall to filter traffic: This option is not sufficient because it does not prevent the server from being misconfigured, but only limits the exposure of the server to the network. A firewall is a device or software that monitors and controls the incoming and outgoing network traffic based on predefined rules. A firewall can protect the server from external attacks by blocking or allowing certain ports, protocols, or IP addresses. However, a firewall cannot protect the server from internal attacks or from attacks that exploit the allowed traffic. Moreover, a firewall itself can be misconfigured and cause security issues4. D. Regularly backing up server data: This option is not preventive but reactive, as it does not protect the server from being attacked, but only helps to recover the data in case of an attack. Backing up server data is a process of creating and storing copies of the data on the server, such as files, databases, or configurations. Backing up server data can help you to restore the data in case of data loss, corruption, or deletion due to an attack. However, backing up server data does not prevent the server from being attacked in the first place, and it does not fix the security misconfigurations that may have caused the attack5. References:

  1: Server Configuration Audit - an overview | ScienceDirect Topics

  2: Secure Configuration Guide - OWASP Foundation

  3: Multi-factor authentication - Wikipedia

  4: Firewall (computing) - Wikipedia

  5: Backup - Wikipedia

• Question 340:

  What is the minimum number of network connections in a multi homed firewall?

  A. 3
  B. 5
  C. 4
  D. 2
  A. 3