EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 401:

  Sam is working as a system administrator in an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing CVSS rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

  A. Medium
  B. Low
  C. Critical
  D. High
  C. Critical

  ---

  Explanation/Reference:

  Rating CVSS Score None 0.0 Low 0.1 - 3.9 Medium 4.0 - 6.9 High 7.0 - 8.9 Critical 9.0 - 10.0

  https://www.first.org/cvss/v3.0/specification-document

  The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores. Two common uses of CVSS are calculating the severity of vulnerabilities discovered on one's systems and as a factor in prioritization of vulnerability remediation activities. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities. Qualitative Severity Rating Scale For some purposes, it is useful to have a textual representation of the numeric Base, Temporal and Environmental scores.

  

  Table

• Question 402:

  Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of

  the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's

  computer systems until they have signed the policy in acceptance of its terms.

  What is this document called?

  A. Information Audit Policy (IAP)
  B. Information Security Policy (ISP)
  C. Penetration Testing Policy (PTP)
  D. Company Compliance Policy (CCP)
  B. Information Security Policy (ISP)

• Question 403:

  What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

  A. Copy the system files from a known good system
  B. Perform a trap and trace
  C. Delete the files and try to determine the source
  D. Reload from a previous backup
  E. Reload from known good media
  E. Reload from known good media

• Question 404:

  The collection of potentially actionable, overt, and publicly available information is known as

  A. Open-source intelligence
  B. Real intelligence
  C. Social intelligence
  D. Human intelligence
  A. Open-source intelligence

• Question 405:

  Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network WHOIS records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

  A. Knative
  B. zANTI
  C. Towelroot
  D. Bluto
  D. Bluto

  ---

  Explanation/Reference:

  https://www.darknet.org.uk/2017/07/bluto-dns-recon-zone-transfer-brute-forcer/ "Attackers also use DNS lookup tools such as DNSdumpster.com, Bluto, and Domain Dossier to retrieve DNS records for a specified domain or hostname. These tools retrieve information such as domains and IP addresses, domain Whois records, DNS records, and network Whois records." CEH Module 02 Page 138

• Question 406:

  Scenario1:

  1.Victim opens the attacker's web site.

  2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'.

  3.Victim clicks to the interesting and attractive content URL.

  4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

  What is the name of the attack which is mentioned in the scenario?

  A. Session Fixation
  B. HTML Injection
  C. HTTP Parameter Pollution
  D. Clickjacking Attack
  D. Clickjacking Attack

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Clickjacking Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web

  pages, provide credentials or sensitive information, transfer money, or purchase products online.

  Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the

  additional page transposed on top of it.

• Question 407:

  Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

  A. DNS zone walking
  B. DNS cache snooping
  C. DNS SEC zone walking
  D. DNS cache poisoning
  B. DNS cache snooping

• Question 408:

  You are an ethical hacker tasked with conducting an enumeration of a company's network. Given a Windows system with NetBIOS enabled, port 139 open, and file and printer sharing active, you are about to run some nbtstat commands to enumerate NetBIOS names. The company uses |Pv6 for its network. Which of the following actions should you take next?

  A. Use nbtstat -c to get the contents of the NetBIOS name cache
  B. use nbtstat -a followed by the IPv6 address of the target machine
  C. Utilize Nmap Scripting Engine (NSE) for NetBIOS enumeration
  D. Switch to an enumeration tool that supports IPv6
  D. Switch to an enumeration tool that supports IPv6

  ---

  Explanation/Reference:

  The nbtstat command is a Windows utility that displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables, and the NetBIOS name cache. However, the nbtstat command does not support IPv6 addresses, which are the standard format for the Internet Protocol version 6 (IPv6). Therefore, using the nbtstat command with IPv6 addresses will result in an error message or no output. To enumerate NetBIOS names on a network that uses IPv6, you should switch to an enumeration tool that supports IPv6, such as Nmap, which is a network scanning and security auditing tool. Nmap has a scripting engine (NSE) that allows users to write and execute scripts for various network tasks, including NetBIOS enumeration. Nmap can also detect the operating system, services, and vulnerabilities of the target machines, regardless of the IP version they use. References: Nbtstat Command - Computer Hope Nbtstat CMD: Windows Network Command Line Prompt [Nmap Scripting Engine (NSE) Documentation]

• Question 409:

  What is not a PCI compliance recommendation?

  A. Use a firewall between the public network and the payment card data.
  B. Use encryption to protect all transmission of card holder data over any public network.
  C. Rotate employees handling credit card transactions on a yearly basis to different departments.
  D. Limit access to card holder data to as few individuals as possible.
  C. Rotate employees handling credit card transactions on a yearly basis to different departments.

  ---

  Explanation/Reference:

  https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security Build and Maintain a Secure Network

  1.

  Install and maintain a firewall configuration to protect cardholder data.

  2.

  Do not use vendor-supplied defaults for system passwords and other security parameters. Protect Cardholder Data

  3.

  Protect stored cardholder data.

  4.

  Encrypt transmission of cardholder data across open, public networks. Maintain a Vulnerability Management Program

  5.

  Use and regularly update anti-virus software or programs.

  6.

  Develop and maintain secure systems and applications. Implement Strong Access Control Measures

  7.

  Restrict access to cardholder data by business need-to-know.

  8.

  Assign a unique ID to each person with computer access.

  9.

  Restrict physical access to cardholder data. Regularly Monitor and Test Networks

  10.

  Track and monitor all access to network resources and cardholder data.

  11.

  Regularly test security systems and processes. Maintain an Information Security Policy

  12.

  Maintain a policy that addresses information security for employees and contractors.

• Question 410:

  Which of the following is the primary objective of a rootkit?

  A. It opens a port to provide an unauthorized service
  B. It creates a buffer overflow
  C. It replaces legitimate programs
  D. It provides an undocumented opening in a program
  C. It replaces legitimate programs