EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 431:

  Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and

  authorized visitors but not for students.

  He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

  A. Disable unused ports in the switches
  B. Separate students in a different VLAN
  C. Use the 802.1x protocol
  D. Ask students to use the wireless network
  C. Use the 802.1x protocol

• Question 432:

  What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

  A. All are hacking tools developed by the legion of doom
  B. All are tools that can be used not only by hackers, but also security personnel
  C. All are DDOS tools
  D. All are tools that are only effective against Windows
  E. All are tools that are only effective against Linux
  C. All are DDOS tools

• Question 433:

  Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

  A. Linux
  B. Unix
  C. OS X
  D. Windows
  D. Windows

• Question 434:

  What hacking attack is challenge/response authentication used to prevent?

  A. Replay attacks
  B. Scanning attacks
  C. Session hijacking attacks
  D. Password cracking attacks
  A. Replay attacks

• Question 435:

  In an attempt to increase the security of your network, you implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know it. How do you accomplish this?

  A. Delete the wireless network
  B. Remove all passwords
  C. Lock all users
  D. Disable SSID broadcasting
  D. Disable SSID broadcasting

  ---

  Explanation/Reference:

  The SSID (service set identifier) is the name of your wireless network. SSID broadcast is how your router transmits this name to surrounding devices. Its primary function is to make your network visible and easily accessible. Most routers

  broadcast their SSIDs automatically. To disable or enable SSID broadcast, you need to change your router's settings.

  Disabling SSID broadcast will make your Wi-FI network name invisible to other users. However, this only hides the name, not the network itself. You cannot disguise the router's activity, so hackers can still attack it. With your network invisible

  to wireless devices, connecting becomes a bit more complicated. Just giving a Wi-FI password to your guests is no longer enough. They have to configure their settings manually by including the network name, security mode, and other

  relevant info.

  Disabling SSID might be a small step towards online security, but by no means should it be your final one. Before considering it as a security measure, consider the following aspects:

  -

  Disabling SSID broadcast will not hide your network completely Disabling SSID broadcast only hides the network name, not the fact that it exists. Your router constantly transmits so-called beacon frames to announce the presence of a

  wireless network. They contain essential information about the network and help the device connect.

  -

  Third-party software can easily trace a hidden network Programs such as NetStumbler or Kismet can easily locate hidden networks. You can try using them yourself to see how easy it is to find available networks ?hidden or not.

  -You might attract unwanted attention.

  Disabling your SSID broadcast could also raise suspicion. Most of us assume that when somebody hides something, they have a reason to do so. Thus, some hackers might be attracted to your network.

• Question 436:

  What is the least important information when you analyze a public IP address in a security alert?

  A. DNS
  B. Whois
  C. Geolocation
  D. ARP
  D. ARP

• Question 437:

  The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS)

  protocols defined in RFC6520.

  What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

  A. Public
  B. Private
  C. Shared
  D. Root
  B. Private

• Question 438:

  What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

  A. The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.
  B. Reveals the daily outgoing message limits before mailboxes are locked.
  C. The internal command RCPT provides a list of ports open to message traffic.
  D. A list of all mail proxy server addresses used by the targeted host.
  A. The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

• Question 439:

  In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists of 'x' tables, each with y columns. Each table contains z1 records. An attacker, well-versed in SQLi techniques, crafts 'u' SQL payloads, each attempting to extract maximum data from the database. The payloads include UNION SELECT' statements and 'DBMS_XSLPPOCESSOR.READ2CLOB' to read sensitive files. The attacker aims to maximize the total data extracted E=xyz'u'. Assuming 'x=4\ y=2\ and varying z' and 'u\ which situation is likely to result in the highest extracted data volume?

  A. z=400. u=4: The attacker constructs A SQLpayloads, each focusing on tables with 400 records, influencing all columns of all tables
  B. z=550, u=Z Here, the attacker formulates 2 SQL payloads and directs them towards tables containing 550 records, impacting all columns and tables
  C. z=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables
  D. Az=500. u=3: The attacker creates 3 SQL payloads and targets tables with 500 records each, exploiting all columns and tables
  C. z=600. u=2: The attacker devises 2 SQL payloads. each aimed at tables holding 600 records, affecting all columns across all tables

  ---

  Explanation/Reference:

  The total data extracted by the attacker is E=xyz'u', where x is the number of tables, y is the number of columns, z is the number of records, and u is the number of SQL payloads. To maximize E, the attacker would want to choose the highest values of z and u, while keeping x and y constant. Therefore, the situation where z=600 and u=2 would result in the highest extracted data volume, as E=42600*2=9600. The other situations would result in lower values of E, as shown below:

  A: E=42400*4=12800

  B: E=42550*2=8800

  D: E=42500*3=12000 The attacker uses UNION SELECT statements to combine the results from different tables and columns, and DBMS_XSLPPOCESSOR.READ2CLOB to read sensitive files from the database server12. These techniques can bypass input validation and pattern matching measures that are based on the application's responses3.

  References:

  1: DBMS_XSLPROCESSOR - Oracle Help Center

  2: DBMS_XSLPROCESSOR.READ2CLOB Example Script to Read a file data into ...

  3: Attack Surface Analysis - OWASP Cheat Sheet Series

• Question 440:

  Which of the following are well known password-cracking programs?

  A. L0phtcrack
  B. NetCat
  C. Jack the Ripper
  D. Netbus
  E. John the Ripper
  A. L0phtcrack
  E. John the Ripper