EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 371:

  Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

  A. Gobbler

  B. KDerpNSpoof

  C. BetterCAP

  D. Wireshark

  Correct Answer: C

• Question 372:

  An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site. Which file does the attacker need to modify?

  A. Boot.ini

  B. Sudoers

  C. Networks

  D. Hosts

  Correct Answer: D

• Question 373:

  You have successfully logged on a Linux system. You want to now cover your trade. Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

  A. user.log

  B. auth.fesg

  C. wtmp

  D. btmp

  Correct Answer: C

• Question 374:

  Given below are different steps involved in the vulnerability-management life cycle.

  1) Remediation 2) Identify assets and create a baseline 3) Verification 4) Monitor 5) Vulnerability scan 6) Risk assessment

  Identify the correct sequence of steps involved in vulnerability management.

  A. 2-->5-->6-->1-->3-->4

  B. 2-->1-->5-->6-->4-->3

  C. 2-->4-->5-->3-->6--> 1

  D. 1-->2-->3-->4-->5-->6

  Correct Answer: A

• Question 375:

  Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

  A. A biometric system that bases authentication decisions on behavioral attributes.

  B. A biometric system that bases authentication decisions on physical attributes.

  C. An authentication system that creates one-time passwords that are encrypted with secret keys.

  D. An authentication system that uses passphrases that are converted into virtual passwords.

  Correct Answer: C

• Question 376:

  Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

  A. Honeypots

  B. Firewalls

  C. Network-based intrusion detection system (NIDS)

  D. Host-based intrusion detection system (HIDS)

  Correct Answer: C

• Question 377:

  An attacker scans a host with the below command. Which three flags are set?

  # nmap -sX host.domain.com

  A. This is SYN scan. SYN flag is set.

  B. This is Xmas scan. URG, PUSH and FIN are set.

  C. This is ACK scan. ACK flag is set.

  D. This is Xmas scan. SYN and ACK flags are set.

  Correct Answer: B

• Question 378:

  Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

  A. tcpsplice

  B. Burp

  C. Hydra

  D. Whisker

  Correct Answer: D

  Many IDS reassemble communication streams; hence, if a packet is not received within a reasonable period, many IDS stop reassembling and handling that stream. If the application under attack keeps a session active for a longer time than that spent by the IDS on reassembling it, the IDS will stop. As a result, any session after the IDS stops reassembling the sessions will be susceptible to malicious data theft by attackers. The IDS will not log any attack attempt after a successful splicing attack. Attackers can use tools such as Nessus for session splicing attacks.? Did you know that the EC-Council exam shows how well you know their official book? So, there is no "Whisker" in it. In the chapter "Evading IDS" -> "Session Splicing", the recommended tool for performing a session-splicing attack is Nessus. Where Wisker came from is not entirely clear, but I will assume the author of the question found it while copying Wikipedia. https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques One basic technique is to split the attack payload into multiple small packets so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session splicing'. By itself, small packets will not evade any IDS that reassembles packet streams. However, small packets can be further modified in order to complicate reassembly and detection. One evasion technique is to pause between sending parts of the attack, hoping that the IDS will time out before the target computer does. A second evasion technique is to send the packets out of order, confusing simple packet re-assemblers but not the target computer. NOTE: Yes, I found scraps of information about the tool that existed in 2012, but I can not give you unverified information. According to the official tutorials, the correct answer is Nessus, but if you know anything about Wisker, please write in the QA section. Maybe this question will be updated soon, but I'm not sure about that.

• Question 379:

  While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

  A. -sA

  B. -sX

  C. -sT

  D. -sF

  Correct Answer: A

• Question 380:

  John the Ripper is a technical assessment tool used to test the weakness of which of the following?

  A. Passwords

  B. File permissions

  C. Firewall rulesets

  D. Usernames

  Correct Answer: A