EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 341:

  You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

  A. You should check your ARP table and see if there is one IP address with two different MAC addresses.

  B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.

  C. You should use netstat to check for any suspicious connections with another IP address within the LAN.

  D. You cannot identify such an attack and must use a VPN to protect your traffic.

  Correct Answer: A

• Question 342:

  Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a

  manual SYN request.

  Which of the following techniques is employed by Dayn to detect honeypots?

  A. Detecting honeypots running on VMware

  B. Detecting the presence of Honeyd honeypots

  C. Detecting the presence of Snort_inline honeypots

  D. Detecting the presence of Sebek-based honeypots

  Correct Answer: C

• Question 343:

  John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses,

  departmental details, and server names to launch further attacks on the target organization.

  What is the tool employed by John to gather information from the IDAP service?

  A. jxplorer

  B. Zabasearch

  C. EarthExplorer

  D. Ike-scan

  Correct Answer: A

  JXplorer could be a cross platform LDAP browser and editor. it's a standards compliant general purpose LDAP client which will be used to search, scan and edit any commonplace LDAP directory, or any directory service with an LDAP or DSML interface. It is extremely flexible and can be extended and custom in a very number of the way. JXplorer is written in java, and also the source code and source code build system ar obtainable via svn or as a packaged build for users who wish to experiment or any develop the program. JX is is available in 2 versions; the free open source version under an OSI Apache two style licence, or within the JXWorkBench Enterprise bundle with inbuilt reporting, administrative and security tools. JX has been through a number of different versions since its creation in 1999; the foremost recent stable release is version 3.3.1, the August 2013 release. JXplorer could be a absolutely useful LDAP consumer with advanced security integration and support for the harder and obscure elements of the LDAP protocol. it's been tested on Windows, Solaris, linux and OSX, packages are obtainable for HPUX, AIX, BSD and it should run on any java supporting OS.

• Question 344:

  Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource

  requirement, data locality, software/hardware/policy restrictions, and internal workload interventions.

  Which of the following master components is explained in the above scenario?

  A. Kube-controller-manager

  B. Kube-scheduler

  C. Kube-apiserver

  D. Etcd cluster

  Correct Answer: B

• Question 345:

  Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?

  A. FISMA

  B. HITECH

  C. PCI-DSS

  D. Sarbanes-OxleyAct

  Correct Answer: C

• Question 346:

  David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

  A. verification

  B. Risk assessment

  C. Vulnerability scan

  D. Remediation

  Correct Answer: D

• Question 347:

  Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!" From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

  No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

  

  After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

  A. ARP spoofing

  B. SQL injection

  C. DNS poisoning

  D. Routing table injection

  Correct Answer: C

• Question 348:

  Which of the following program infects the system boot sector and the executable files at the same time?

  A. Polymorphic virus

  B. Stealth virus

  C. Multipartite Virus

  D. Macro virus

  Correct Answer: C

• Question 349:

  A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

  A. Botnet Trojan

  B. Banking Trojans

  C. Turtle Trojans

  D. Ransomware Trojans

  Correct Answer: A

• Question 350:

  What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability?

  A. SYN Flood

  B. SSH

  C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

  D. Manipulate format strings in text fields

  Correct Answer: C