EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 381:

  You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

  A. 210.1.55.200
  B. 10.1.4.254
  C. 10.1.5.200
  D. 10.1.4.156
  C. 10.1.5.200

• Question 382:

  The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive. Which of the following is being described?

  A. Multi-cast mode
  B. Promiscuous mode
  C. WEM
  D. Port forwarding
  B. Promiscuous mode

• Question 383:

  Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used for remote execution, also causing the skipping of key instructions.

  He also injects faults into the clock network used for delivering a synchronized signal across the chip.

  Which of the following types of fault injection attack is performed by Robert in the above scenario?

  A. Frequency/voltage tampering
  B. Optical, electromagnetic fault injection (EMFI)
  C. Temperature attack
  D. Power/clock/reset glitching
  D. Power/clock/reset glitching

  ---

  Explanation/Reference:

  These types of attacks occur when faults or glitches are INJECTED into the Power supply that can be used for remote execution.

• Question 384:

  An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent's management information base (MIB)?

  A. snmp-check (snmp_enum Module) to gather a wide array of information about the target
  B. Nmap, with a script to retrieve all running SNMP processes and associated ports
  C. Oputits, are mainly designed for device management and not SNMP enumeration
  D. SnmpWalk, with a command to change an OID to a different value
  A. snmp-check (snmp_enum Module) to gather a wide array of information about the target

  ---

  Explanation/Reference:

  snmp-check (snmp_enum Module) is the best tool to help the ethical hacker to get the information without directly modifying any parameters within the SNMP agent's MIB. snmp-check is a tool that allows the user to enumerate SNMP devices and extract information from them. It can gather a wide array of information about the target, such as system information, network interfaces, routing tables, ARP cache, installed software, running processes, TCP and UDP services, user accounts, and more. snmp-check can also perform brute force attacks to discover the SNMP community strings, which are the passwords used to access the SNMP agent. snmp-check is available as a standalone tool or as a module (snmp_enum) within the Metasploit framework. The other options are not as effective or suitable as snmp-check for the ethical hacker's task. Nmap is a network scanning and enumeration tool that can perform various types of scans and probes on the target. It can also run scripts to perform specific tasks, such as retrieving SNMP information. However, Nmap may not be able to gather as much information as snmp-check, and it may also trigger alerts or blocks from firewalls or intrusion detection systems. Oputils is a network monitoring and management toolset that can perform various functions, such as device discovery, configuration backup, bandwidth monitoring, IP address management, and more. However, Oputils is mainly designed for device management and not SNMP enumeration, and it may not be able to extract valuable network information from the SNMP agent. SnmpWalk is a tool that allows the user to retrieve the entire MIB tree of an SNMP agent by using SNMP GETNEXT requests. However, SnmpWalk is not suitable for the ethical hacker's task, because it requires the user to change an OID (object identifier) to a different value, which may modify the parameters within the SNMP agent's MIB and affect its functionality or security. References: snmp-check - The SNMP enumerator SNMP Enumeration | Ethical Hacking - GreyCampus SNMP Enumeration - GeeksforGeeks Nmap - the Network Mapper - Free Security Scanner OpUtils - Network Monitoring and Management Toolset SnmpWalk - SNMP MIB Browser

• Question 385:

  An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a

  detailed understanding of the network.

  Which sequence of actions would provide the most comprehensive information about the network's status?

  A. Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting
  B. Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities
  C. Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities
  D. Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3
  B. Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities

  ---

  Explanation/Reference:

  The sequence of actions that would provide the most comprehensive information about the network's status is to use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities. This sequence of actions works as follows: Use Hping3 for an ICMP ping scan on the entire subnet: This action is used to discover the active hosts on the network by sending ICMP echo request packets to each possible IP address on the subnet and waiting for ICMP echo reply packets from the hosts. Hping3 is a command-line tool that can craft and send custom packets, such as TCP, UDP, or ICMP, and analyze the responses. By using Hping3 for an ICMP ping scan, the hacker can quickly and efficiently identify the live hosts on the network, as well as their response times and packet loss rates. Use Nmap for a SYN scan on identified active hosts: This action is used to scan the open ports and services on the active hosts by sending TCP SYN packets to a range of ports and analyzing the TCP responses. Nmap is a popular and powerful tool that can perform various types of network scans, such as port scanning, service detection, OS detection, and vulnerability scanning. By using Nmap for a SYN scan, the hacker can determine the state of the ports on the active hosts, such as open, closed, filtered, or unfiltered, as well as the services and protocols running on them. A SYN scan is also known as a stealth scan, as it does not complete the TCP three-way handshake and thus avoids logging on the target system. Use Metasploit to exploit identified vulnerabilities: This action is used to exploit the vulnerabilities on the active hosts by using pre-built or custom modules that leverage the open ports and services. Metasploit is a framework that contains a collection of tools and modules for penetration testing and exploitation. By using Metasploit, the hacker can launch various attacks on the active hosts, such as remote code execution, privilege escalation, or backdoor installation, and gain access to the target system or data. Metasploit can also be used to perform post- exploitation tasks, such as gathering information, maintaining persistence, or pivoting to other systems . The other options are not as comprehensive as option B for the following reasons:

  A. Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting: This option is not optimal because it does not use the tools in the most efficient and effective way. Nmap can perform a ping sweep, but it is slower and less flexible than Hping3, which can craft and send custom packets. Metasploit can scan for open ports and services, but it is more suitable for exploitation than scanning, and it relies on Nmap for port scanning anyway. Hping3 can perform remote OS fingerprinting, but it is less accurate and reliable than Nmap, which can use various techniques and probes to determine the OS type and version13 . C. Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities: This option is not effective because it does not use the best scanning methods and techniques. Hping3 can perform a UDP scan, but it is slower and less reliable than a TCP scan, as UDP is a connectionless protocol that does not always generate responses. Scanning random ports is also inefficient and incomplete, as it may miss important ports or services. Nmap can perform a version detection scan, but it is more useful to perform a port scan first, as it can narrow down the scope and speed up the scan. Metasploit can exploit detected vulnerabilities, but it is not clear how the hacker can identify the vulnerabilities without performing a vulnerability scan first13 .

  D. Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3: This option is not comprehensive because it does not cover all the aspects and objectives of a network scan. NetScanTools Pro is a graphical tool that can perform various network tasks, such as ping, traceroute, DNS lookup, or port scan, but it is less powerful and versatile than Nmap or Hping3, which can perform more advanced and customized scans. Nmap can perform OS detection and version detection, but it is more useful to perform a port scan first, as it can provide more information and insights into the target system. Performing an SYN flooding with Hping3 is not a network scan, but a denial-of-service attack, which can disrupt the network and alert the target system, and it is not an ethical or legal action for a hired hacker13 . References:

  1: Hping - Wikipedia

  2: Hping3 Examples - NetworkProGuide

  3: Nmap - Wikipedia

  4: Nmap Tutorial: From Discovery to Exploits Part 1: Introduction to Nmap | HackerTarget.com

  5: Metasploit Project - Wikipedia

  6: Metasploit Unleashed - Offensive Security

  7: NetScanTools Pro - Northwest Performance Software, Inc.

• Question 386:

  These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?

  A. Black-Hat Hackers A
  B. Script Kiddies
  C. White-Hat Hackers
  D. Gray-Hat Hacker
  B. Script Kiddies

  ---

  Explanation/Reference:

  Script Kiddies: These hackers have limited or no training and know how to use only basictechniques or tools. Even then they may not understand any or all of what they are doing.

• Question 387:

  You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies would you recommend to them?

  A. Use hash functions to distribute the keys.
  B. implement the Diffie-Hellman protocol for secure key exchange.
  C. Use HTTPS protocol for secure key transfer.
  D. Use digital signatures to encrypt the symmetric keys.
  C. Use HTTPS protocol for secure key transfer.

  ---

  Explanation/Reference:

  Symmetric encryption is a method of encrypting and decrypting data using the same secret key. Symmetric encryption is fast and efficient, but it requires a secure way of managing and distributing the keys to the users who need them. If the

  keys are compromised, the data is no longer secure.

  One of the strategies to securely manage and distribute symmetric keys is to use HTTPS protocol for secure key transfer. HTTPS is a protocol that uses SSL/TLS to encrypt the communication between a client and a server over the Internet.

  HTTPS can protect the symmetric keys from being intercepted or modified by an attacker during the key transfer process. HTTPS can also authenticate the server and the client using certificates, ensuring that the keys are sent to and

  received by the intended parties. To use HTTPS protocol for secure key transfer, the development team needs to implement the following steps1: Generate a symmetric key for each user who wants to store their files on the cloud storage platform. The symmetric key will be used to encrypt and decrypt the user's files. Generate a certificate for the cloud storage server. The certificate will contain the server's public key and other information, such as the server's domain name, the issuer, and the validity period. The certificate will be signed by a trusted certificate authority (CA), which is a third-party entity that verifies the identity and legitimacy of the server. Install the certificate on the cloud storage server and configure the server to use HTTPS protocol for communication. When a user wants to upload or download their files, the user's client (such as a web browser or an app) will initiate a HTTPS connection with the cloud storage server. The client will verify the server's certificate and establish a secure session with the server using SSL/TLS. The client and the server will negotiate a session key, which is a temporary symmetric key that will be used to encrypt the data exchanged during the session. The cloud storage server will send the user's symmetric key to the user's client, encrypted with the session key. The user's client will decrypt the symmetric key with the session key and use it to encrypt or decrypt the user's files. The user's client will store the symmetric key securely on the user's device, such as in a password-protected file or a hardware token. The user's client will also delete the session key after the session is over. Using HTTPS protocol for secure key transfer can ensure that the symmetric keys are protected from eavesdropping, tampering, or spoofing attacks. However, this strategy also has some challenges and limitations, such as: The development team needs to obtain and maintain valid certificates for the cloud storage server from a trusted CA, which might incur costs and administrative overhead. The users need to trust the CA that issued the certificates for the cloud storage server and verify the certificates before accepting them. The users need to protect their symmetric keys from being lost, stolen, or corrupted on their devices. The development team needs to provide a mechanism for key backup, recovery, or revocation in case of such events. The users need to update their symmetric keys periodically to prevent key exhaustion or reuse attacks. The development team needs to provide a mechanism for key rotation or renewal in a secure and efficient manner. References: Key Management - OWASP Cheat Sheet Series Symmetric Cryptography and Key Management: Exhaustion, Rotation, Defence What is Key Management? How does Key Management work? | Encryption Consulting

• Question 388:

  An IT security team is conducting an internal review of security protocols in their organization to identify potential vulnerabilities. During their investigation, they encounter a suspicious program running on several computers. Further examination reveals that the program has been logging all user keystrokes. How can the security team confirm the type of program and what countermeasures should be taken to ensure the same attack does not occur in the future?

  A. The program is a Trojan; the tearm should regularly update antivirus software and install a reliable firewall
  B. The program is spyware; the team should use password managers and encrypt sensitive data
  C. The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software
  D. The program is a keylogger; the team should educate employees about phishing attacks and maintain regular backups
  C. The program is a keylogger; the team should employ intrusion detection systems and regularly update the system software

  ---

  Explanation/Reference:

  A keylogger is a type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device. Keyloggers are a common tool for cybercriminals, who use them to capture passwords, credit card numbers, personal information, and other sensitive data. Keyloggers can be installed on a device through various methods, such as phishing emails, malicious downloads, or physical access. To confirm the type of program, the security team can use a web search tool, such as Bing, to look for keylogger programs and compare their features and behaviors with the suspicious program they encountered. Alternatively, they can use a malware analysis tool, such as Malwarebytes, to scan and identify the program and its characteristics. To prevent the same attack from occurring in the future, the security team should employ intrusion detection systems (IDS) and regularly update the system software. An IDS is a system that monitors network traffic and system activities for signs of malicious or unauthorized behavior, such as keylogger installation or communication. An IDS can alert the security team of any potential threats and help them respond accordingly. Regularly updating the system software can help patch any vulnerabilities or bugs that keyloggers may exploit to infect the device. Additionally, the security team should also remove the keylogger program from the affected computers and change any compromised passwords or credentials. References: Keylogger | What is a Keylogger? How to protect yourself How to Detect and Remove a Keylogger From Your Computer Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) What is a Keylogger? | Keystroke Logging Definition | Avast Keylogger Software: 11 Best Free to Use in 2023

• Question 389:

  When considering how an attacker may exploit a web server, what is web server footprinting?

  A. When an attacker implements a vulnerability scanner to identify weaknesses
  B. When an attacker creates a complete profile of the site's external links and file structures
  C. When an attacker gathers system-level data, including account details and server names
  D. When an attacker uses a brute-force attack to crack a web-server password
  B. When an attacker creates a complete profile of the site's external links and file structures

• Question 390:

  How does a denial-of-service attack work?

  A. A hacker prevents a legitimate user (or group of users) from accessing a service
  B. A hacker uses every character, word, or letter he or she can think of to defeat authentication
  C. A hacker tries to decipher a password by using a system, which subsequently crashes the network
  D. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
  A. A hacker prevents a legitimate user (or group of users) from accessing a service