EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 421:

  Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

  A. LNMIB2.MIB
  B. WINS.MIB
  C. DHCP.MIS
  D. MIB_II.MIB
  A. LNMIB2.MIB

  ---

  Explanation/Reference:

  DHCP.MIB: Monitors network traffic between DHCP servers and remote hosts HOSTMIB.MIB: Monitors and manages host resources

  LNMIB2.MIB: Contains object types for workstation and server services MIBJI.MIB: Manages TCP/IP-based Internet using a simple architecture and system WINS.MIB: For the Windows Internet Name Service (WINS)

• Question 422:

  Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario?

  A. website defacement
  B. Server-side request forgery (SSRF) attack
  C. Web server misconfiguration
  D. web cache poisoning attack
  B. Server-side request forgery (SSRF) attack

  ---

  Explanation/Reference:

  Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker's choosing. In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization's infrastructure, or to external third-party systems. Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren't directly reachable by users. These systems typically have non- routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems. In the preceding example, suppose there's an body interface at the back-end url https://192.168.0.68/admin. Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request: POST /product/stock HTTP/1.0 Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://192.168.0.68/admin

• Question 423:

  _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

  A. Trojan
  B. RootKit
  C. DoS tool
  D. Scanner
  E. Backdoor
  B. RootKit

• Question 424:

  Password cracking programs reverse the hashing process to recover passwords.(True/False.)

  A. True
  B. False
  B. False

• Question 425:

  During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?

  A. Server Message Block (SMB)
  B. Network File System (NFS)
  C. Remote procedure call (RPC)
  D. Telnet
  A. Server Message Block (SMB)

  ---

  Explanation/Reference:

  Worker Message Block (SMB) is an organization document sharing and information texture convention. SMB is utilized by billions of gadgets in a different arrangement of working frameworks, including Windows, MacOS, iOS , Linux, and Android. Customers use SMB to get to information on workers. This permits sharing of records, unified information the board, and brought down capacity limit needs for cell phones. Workers additionally use SMB as a feature of the Software-characterized Data Center for outstanding burdens like grouping and replication. Since SMB is a far off record framework, it requires security from assaults where a Windows PC may be fooled into reaching a pernicious worker running inside a confided in organization or to a far off worker outside the organization edge. Firewall best practices and arrangements can upgrade security keeping malevolent traffic from leaving the PC or its organization. For Windows customers and workers that don't have SMB shares, you can obstruct all inbound SMB traffic utilizing the Windows Defender Firewall to keep far off associations from malignant or bargained gadgets. In the Windows Defender Firewall, this incorporates the accompanying inbound principles.

  

  You should also create a new blocking rule to override any other inbound firewall rules. Use the following suggested settings for any Windows clients or servers that do not host SMB Shares: Name: Block all inbound SMB 445 Description: Blocks all inbound SMB TCP 445 traffic. Not to be applied to domain controllers or computers that host SMB shares. Action: Block the connection Programs: All Remote Computers: Any Protocol Type: TCP Local Port: 445 Remote Port: Any Profiles: All Scope (Local IP Address): Any Scope (Remote IP Address): Any Edge Traversal: Block edge traversal You must not globally block inbound SMB traffic to domain controllers or file servers. However, you can restrict access to them from trusted IP ranges and devices to lower their attack surface. They should also be restricted to Domain or Private firewall profiles and not allow Guest/Public traffic.

• Question 426:

  Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

  A. SOA
  B. biometrics
  C. single sign on
  D. PKI
  D. PKI

• Question 427:

  Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

  A. In-memory exploits
  B. Phishing
  C. Legitimate applications
  D. Script-based injection
  B. Phishing

• Question 428:

  CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?

  A. Output encoding
  B. Enforce least privileges
  C. Whitelist validation
  D. Blacklist validation
  C. Whitelist validation

• Question 429:

  On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service. What is the name of the process by which you can determine those critical businesses?

  A. Emergency Plan Response (EPR)
  B. Business Impact Analysis (BIA)
  C. Risk Mitigation
  D. Disaster Recovery Planning (DRP)
  B. Business Impact Analysis (BIA)

• Question 430:

  Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST

  packet is sent in response by the target host, indicating that the port is closed.

  What is the port scanning technique used by Sam to discover open ports?

  A. Xmas scan
  B. IDLE/IPID header scan
  C. TCP Maimon scan
  D. ACK flag probe scan
  C. TCP Maimon scan

  ---

  Explanation/Reference:

  TCP Maimon scan

  This scan technique is very similar to NULL, FIN, and Xmas scan, but the probe used here is FIN/ACK. In most cases, to determine if the port is open or closed, the RST packet should be generated as a response to a probe request.

  However, in many BSD systems, the port is open if the packet gets dropped in response to a probe.

  https://nmap.org/book/scan-methods-maimon-scan.html

  How Nmap interprets responses to a Maimon scan probe

  Probe Response Assigned State

  No response received (even after retransmissions) open|filtered TCP RST packet closed

  ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) filtered