EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 411:

  A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view of attackers, performs well-organized inference-based testing, scans automatically against continuously updated databases, and supports multiple networks. Given these requirements, which type of vulnerability assessment solution would be most appropriate?

  A. Inference-based assessment solution
  B. Service-based solution offered by an auditing firm
  C. Tree-based assessment approach
  D. Product-based solution installed on a private network
  B. Service-based solution offered by an auditing firm

  ---

  Explanation/Reference:

  A service-based solution offered by an auditing firm would be the most appropriate type of vulnerability assessment solution for the large e-commerce organization, given their requirements. A service-based solution is a type of vulnerability assessment that is performed by external experts who have the skills, tools, and experience to conduct a thorough and comprehensive analysis of the target system or network. A service-based solution can imitate the outside view of attackers, as the experts are not familiar with the internal details or configurations of the organization. A service- based solution can also perform well-organized inference-based testing, which is a type of testing that uses logical reasoning and deduction to identify and exploit vulnerabilities based on the information gathered from the target. A service-based solution can scan automatically against continuously updated databases, as the experts have access to the latest security intelligence and threat feeds. A service-based solution can also support multiple networks, as the experts can use different techniques and tools to scan different types of networks, such as wired, wireless, cloud, or hybrid. The other options are not as appropriate as option B for the following reasons:

  A. Inference-based assessment solution: This option is not a type of vulnerability assessment solution, but a type of testing method that can be used by any solution. Inference-based testing is a testing method that uses logical reasoning and deduction to identify and exploit vulnerabilities based on the information gathered from the target. Inference-based testing can be performed by service- based, product-based, or tree-based solutions, depending on the scope, objectives, and resources of the assessment.

  C. Tree-based assessment approach: This option is not a type of vulnerability assessment solution, but a type of testing method that can be used by any solution. Tree-based testing is a testing method that uses a hierarchical structure to organize and prioritize the vulnerabilities based on their severity, impact, and exploitability. Tree-based testing can be performed by service-based, product- based, or inference-based solutions, depending on the scope, objectives, and resources of the assessment.

  D. Product-based solution installed on a private network: This option is a type of vulnerability assessment solution, but it may not meet all the requirements of the large e-commerce organization. A product-based solution is a type of vulnerability assessment that is performed by using software or hardware tools that are installed on the organization's own network. A product-based solution can scan automatically against continuously updated databases, as the tools can be configured to download and apply the latest security updates and patches. However, a product-based solution may not imitate the outside view of attackers, as the tools may have limited access or visibility to the external network or the internet. A product-based solution may also not perform well-organized inference- based testing, as the tools may rely on predefined rules or signatures to detect and report vulnerabilities, rather than using logical reasoning and deduction. A product- based solution may also not support multiple networks, as the tools may be designed or optimized for a specific type of network, such as wired, wireless, cloud, or hybrid . References:

  1: Vulnerability Assessment Services | Rapid7

  2: Vulnerability Assessment Services | IBM

  3: Inference-Based Vulnerability Testing of Firewall Policies - IEEE Conference Publication

  4: A Tree-Based Approach for Vulnerability Assessment - IEEE Conference Publication

  5: Vulnerability Assessment Tools | OWASP Foundation

  6: Vulnerability Assessment Solutions

  7: Why You Need One and How to Choose | Defensible

• Question 412:

  Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by johnson in the above scenario?

  A. Host-based assessment
  B. Wireless network assessment
  C. Application assessment
  D. Distributed assessment
  B. Wireless network assessment

  ---

  Explanation/Reference:

  Expanding your network capabilities are often done well using wireless networks, but it also can be a source of harm to your data system . Deficiencies in its implementations or configurations can allow tip to be accessed in an unauthorized manner.This makes it imperative to closely monitor your wireless network while also conducting periodic Wireless Network assessment.It identifies flaws and provides an unadulterated view of exactly how vulnerable your systems are to malicious and unauthorized accesses.Identifying misconfigurations and inconsistencies in wireless implementations and rogue access points can improve your security posture and achieve compliance with regulatory frameworks.

• Question 413:

  Being a Certified Ethical Hacker (CEH), a company has brought you on board to evaluate the safety measures in place for their network system. The company uses a network time protocol server in the demilitarized zone. During your

  enumeration, you decide to run a ntptrace command. Given the syntax:

  ntptrace [-n] [-m maxhosts] [servername/IP_address], which command usage would best serve your objective to find where the NTP server obtains the time from and to trace the list of NTP servers connected to the network?

  A. ntptrace -m 5 192.168.1.1
  B. tptrace 192.1681.
  C. ntptrace -n localhost
  D. ntptrace -n -m 5 192.168.1.1
  D. ntptrace -n -m 5 192.168.1.1

  ---

  Explanation/Reference:

  The command usage that would best serve your objective to find where the NTP server obtains the time from and to trace the list of NTP servers connected to the network is ntptrace -n -m 5 192.168.1.1. This command usage works as follows: ntptrace is a tool that determines where a given NTP server gets its time from, and follows the chain of NTP servers back to their master time source. For example, a stratum 0 server, which is a device that directly obtains the time from a physical source, such as an atomic clock or a GPS receiver. -n is a flag that outputs host IP addresses instead of host names. This can be useful if the host names are not resolvable or if the IP addresses are more informative. -m 5 is a flag that specifies the maximum number of hosts to be traced. This can be useful to limit the output and avoid tracing irrelevant or unreachable hosts1. 192.168.1.1 is the IP address of the NTP server in the demilitarized zone, which is the starting point of the trace. This can be useful to find out the source and the path of the time synchronization for the network system. By using this command usage, the output will show the IP addresses, the stratum, the offset, the sync distance, and the reference ID of each NTP server in the chain, up to five hosts. This can provide valuable information about the accuracy, the reliability, and the security of the time service for the network system1. The other options are not as suitable as option D for the following reasons:

  A. ntptrace -m 5 192.168.1.1: This option is similar to option D, but it does not use the -n flag, which means that it will output host names instead of IP addresses. This can be less useful if the host names are not resolvable or if the IP

  addresses are more informative.

  B. tptrace 192.1681.: This option is incorrect because it uses a wrong tool name and a wrong IP address. tptrace is not a valid tool name, and 192.1681. is not a valid IP address. The correct tool name is ntptrace, and the correct IP address is

  192.168.1.11.

  C. ntptrace -n localhost: This option is not effective because it uses localhost as the starting point of the trace, which means that it will only show the local host's time source. This can be useful to check the local host's time configuration, but it

  does not help to find out the time source and the trace of the NTP server in the demilitarized zone, which is the objective of this scenario.

  References:

  1: ntptrace - trace a chain of NTP servers back to the primary source

• Question 414:

  A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

  A. tcp.port = = 21
  B. tcp.port = 23
  C. tcp.port = = 21 | | tcp.port = =22
  D. tcp.port ! = 21
  A. tcp.port = = 21

• Question 415:

  Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

  A. USER, NICK
  B. LOGIN, NICK
  C. USER, PASS
  D. LOGIN, USER
  A. USER, NICK

• Question 416:

  You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

  A. Social engineering
  B. Piggybacking
  C. Tailgating
  D. Eavesdropping
  A. Social engineering

  ---

  Explanation/Reference:

  Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.

• Question 417:

  Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

  A. To determine who is the holder of the root account
  B. To perform a DoS
  C. To create needless SPAM
  D. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
  E. To test for virus protection
  D. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

• Question 418:

  A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing ?Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?

  A. Paros Proxy
  B. BBProxy
  C. Blooover
  D. BBCrack
  B. BBProxy

• Question 419:

  What two conditions must a digital signature meet?

  A. Has to be the same number of characters as a physical signature and must be unique.
  B. Has to be unforgeable, and has to be authentic.
  C. Must be unique and have special characters.
  D. Has to be legible and neat.
  B. Has to be unforgeable, and has to be authentic.

• Question 420:

  A penetration tester is performing an enumeration on a client's network. The tester has acquired permission to perform enumeration activities. They have identified a remote inter- process communication (IPC) share and are trying to collect more information about it. The tester decides to use a common enumeration technique to collect the desired data. Which of the following techniques would be most appropriate for this scenario?

  A. Brute force Active Directory
  B. Probe the IPC share by attempting to brute force admin credentials
  C. Extract usernames using email IDs
  D. Conduct a DNS zone transfer
  B. Probe the IPC share by attempting to brute force admin credentials

  ---

  Explanation/Reference:

  Probing the IPC share by attempting to brute force admin credentials is the most appropriate technique for this scenario, because it can reveal valuable information about the target system, such as its operating system, services, users, groups, and shares. An IPC share is a special share that allows processes to communicate with each other over the network using named pipes. An IPC share can be accessed anonymously or with valid credentials, depending on the security configuration of the target system. A brute force attack is a method of trying different combinations of usernames and passwords until a valid pair is found. By using a brute force attack, the tester can try to access the IPC share with admin credentials, which can grant them more privileges and access to more resources on the target system. The other options are less suitable or effective techniques for this scenario. Brute forcing Active Directory may not be relevant or feasible, as the target system may not be part of a domain or may have strong password policies. Extracting usernames using email IDs may not provide enough information or access to the target system, as email IDs may not match the usernames or passwords. Conducting a DNS zone transfer may not be possible or useful, as the target system may not be a DNS server or may have restricted zone transfers. A DNS zone transfer is a method of obtaining information about the domain names and IP addresses of the hosts in a network by querying a DNS server. References: Inter-process communication - Wikipedia IPC$ share and null session behavior - Windows Server Brute Force Attack: Definition, Examples, and Prevention DNS Zone Transfer: Definition, Types, and Examples