EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 451:

  A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

  The engineer receives this output:

  HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag:"b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?

  A. Banner grabbing
  B. SQL injection
  C. Whois database query
  D. Cross-site scripting
  A. Banner grabbing

• Question 452:

  In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

  A. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
  B. Extraction of cryptographic secrets through coercion or torture.
  C. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
  D. A backdoor placed into a cryptographic algorithm by its creator.
  B. Extraction of cryptographic secrets through coercion or torture.

• Question 453:

  Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?

  A. Tethered jailbreaking
  B. Semi-tethered jailbreaking
  C. Untethered jailbreaking
  D. Semi-Untethered jailbreaking
  C. Untethered jailbreaking

  ---

  Explanation/Reference:

  An untethered jailbreak is one that allows a telephone to finish a boot cycle when being pwned with none interruption to jailbreak-oriented practicality. Untethered jailbreaks area unit the foremost sought-after of all, however they're additionally the foremost difficult to attain due to the powerful exploits and organic process talent they need. associate unbound jailbreak is sent over a physical USB cable association to a laptop or directly on the device itself by approach of associate application-based exploit, like a web site in campaign. Upon running associate unbound jailbreak, you'll be able to flip your pwned telephone off and on once more while not running the jailbreak tool once more. all of your jailbreak tweaks and apps would then continue in operation with none user intervention necessary. It's been an extended time since IOS has gotten the unbound jailbreak treatment. the foremost recent example was the computer-based Pangu break, that supported most handsets that ran IOS nine.1. We've additionally witnessed associate unbound jailbreak within the kind of JailbreakMe, that allowed users to pwn their handsets directly from the mobile campaign applications programme while not a laptop.

• Question 454:

  An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns. Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

  A. Implement case variation by altering the case of SQL statements
  B. Employ IP fragmentation to obscure the attack payload
  C. Use Hex encoding to represent the SQL query string
  D. Leverage string concatenation to break identifiable keywords
  D. Leverage string concatenation to break identifiable keywords

  ---

  Explanation/Reference:

  The most effective evasion technique to bypass the IDS signature detection while performing a SQL Injection attack is to leverage string concatenation to break identifiable keywords. This technique involves splitting SQL keywords or

  operators into smaller parts and joining them with string concatenation operators, such as `+' or `||'. This way, the SQL query can still be executed by the database engine, but the IDS cannot recognize the keywords or operators as malicious,

  as they are hidden within strings. For example, the hacker could replace the keyword `OR' with `O'||`R' or `O'+`R' in the SQL query, and the IDS would not be able to match the signature of a typical SQL injection pattern.

  The other options are not as effective as option D for the following reasons:

  A. Implement case variation by altering the case of SQL statements: This option is not effective because most SQL engines and IDS systems are case-insensitive, meaning that they treat SQL keywords and operators the same regardless of their case. Therefore, altering the case of SQL statements would not help evade the IDS signature detection, as the IDS would still be able to match the signature of a typical SQL injection pattern. B. Employ IP fragmentation to obscure the attack payload: This option is not applicable because IP fragmentation is a network-level technique that splits IP packets into smaller fragments to fit the maximum transmission unit (MTU) of the network. IP fragmentation does not affect the content or structure of the SQL query, and it does not help evade the IDS signature detection, as the IDS would still be able to reassemble the fragments and match the signature of a typical SQL injection pattern. C. Use Hex encoding to represent the SQL query string: This option is not feasible because Hex encoding is a method of representing binary data in hexadecimal format, such as `0x41' for `A'. Hex encoding does not work for SQL queries, as the SQL engine would not be able to interpret the hexadecimal values as valid SQL syntax. Moreover, Hex encoding would not help evade the IDS signature detection, as the IDS would still be able to decode the hexadecimal values and match the signature of a typical SQL injection pattern. References:

  1: SQL Injection Evasion Detection - F5

  2: Mastering SQL Injection with SQLmap: A Comprehensive Evasion Techniques Cheatsheet

  3: SQL Injection Prevention - OWASP Cheat Sheet Series

  4: IP Fragmentation - an overview | ScienceDirect Topics : Hex Encoding - an overview | ScienceDirect Topics

• Question 455:

  Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

  A. False-negative
  B. False-positive
  C. Brute force attack
  D. Backdoor
  B. False-positive

  ---

  Explanation/Reference:

  https://www.infocyte.com/blog/2019/02/16/cybersecurity-101-what-you-need-to-know-about-false-positives-and-false-negatives/

  False positives are mislabeled security alerts, indicating there is a threat when in actuality, there isn't. These false/non-malicious alerts (SIEM events) increase noise for already over- worked security teams and can include software bugs,

  poorly written software, or unrecognized network traffic.

  False negatives are uncaught cyber threats -- overlooked by security tooling because they're dormant, highly sophisticated (i.e. file-less or capable of lateral movement) or the security infrastructure in place lacks the technological ability to

  detect these attacks.

• Question 456:

  You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has Snort installed, and the second machine (192.168.0.150) has Kiwi Syslog installed. You perform a SYN scan in your network, and you notice that Kiwi Syslog is not receiving the alert message from Snort. You decide to run Wireshark in the Snort machine to check if the messages are going to the Kiwi Syslog machine. What Wireshark filter will show the connections from the Snort machine to Kiwi Syslog machine?

  A. tcp.srcport= = 514 andand ip.src= = 192.168.0.99
  B. tcp.srcport= = 514 andand ip.src= = 192.168.150
  C. tcp.dstport= = 514 andand ip.dst= = 192.168.0.99
  D. tcp.dstport= = 514 andand ip.dst= = 192.168.0.150
  D. tcp.dstport= = 514 andand ip.dst= = 192.168.0.150

• Question 457:

  You want to analyze packets on your wireless network. Which program would you use?

  A. Wireshark with Airpcap
  B. Airsnort with Airpcap
  C. Wireshark with Winpcap
  D. Ethereal with Winpcap
  A. Wireshark with Airpcap

  ---

  Explanation/Reference:

  https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html

  Since this question refers specifically to analyzing a wireless network, it is obvious that we need an option with AirPcap (Riverbed AirPcap USB-based adapters capture 802.11 wireless traffic for analysis). Since it works with two traffic

  analyzers SteelCentral Packet Analyzer (Cascade Pilot) or Wireshark, the correct option would be "Wireshark with Airpcap."

  NOTE: AirPcap adapters no longer available for sale effective January 1, 2018, but a question on this topic may occur on your exam.

• Question 458:

  Which file is a rich target to discover the structure of a website during web-server footprinting?

  A. Document root
  B. Robots.txt
  C. domain.txt
  D. index.html
  B. Robots.txt

  ---

  Explanation/Reference:

  Web Server Attack Methodolog Information Gathering from Robots.txt File The robots.txt file contains the list of the web server directories and files that the web site owner wants to hide from web crawlers. Poorly written robots.txt files can cause the complete indexing of website files and directories. If confidential files and directories are indexed, an attacker may easily obtain information such as passwords, email addresses, hidden links, and membership areas. (P.1650/1634)

• Question 459:

  You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

  

  What is the hexadecimal value of NOP instruction?

  A. 0x60
  B. 0x80
  C. 0x70
  D. 0x90
  D. 0x90

• Question 460:

  This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

  A. Twofish encryption algorithm
  B. HMAC encryption algorithm
  C. IDEA
  D. Blowfish encryption algorithm
  A. Twofish encryption algorithm

  ---

  Explanation/Reference:

  Twofish is an encryption algorithm designed by Bruce Schneier. It's a symmetric key block cipher with a block size of 128 bits, with keys up to 256 bits. it's associated with AES (Advanced Encryption Standard) and an earlier block cipher called Blowfish. Twofish was actually a finalist to become the industry standard for encryption, but was ultimately beaten out by the present AES.Twofish has some distinctive features that set it aside from most other cryptographic protocols. For one, it uses pre-computed, key- dependent S-boxes. An S-box (substitution-box) may be a basic component of any symmetric key algorithm which performs substitution. within the context of Twofish's block cipher, the S-box works to obscure the connection of the key to the ciphertext. Twofish uses a pre-computed, key-dependent S-box which suggests that the S-box is already provided, but depends on the cipher key to decrypt the knowledge . How Secure is Twofish? Twofish is seen as a really secure option as far as encryption protocols go. one among the explanations that it wasn't selected because the advanced encryption standard is thanks to its slower speed. Any encryption standard that uses a 128bit or higher key, is theoretically safe from brute force attacks. Twofish is during this category.Because Twofish uses "pre-computed key-dependent S-boxes", it are often susceptible to side channel attacks. this is often thanks to the tables being pre-computed. However, making these tables key-dependent helps mitigate that risk. There are a couple of attacks on Twofish, but consistent with its creator, Bruce Schneier, it didn't constitute a real cryptanalysis. These attacks didn't constitue a practical break within the cipher. Products That Use TwofishGnuPG: GnuPG may be a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also referred to as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a flexible key management system, along side access modules for all types of public key directories.KeePass: KeePass may be a password management tool that generates passwords with top-notch security. It's a free, open source, lightweight and easy-to-use password manager with many extensions and plugins.Password Safe: Password Safe uses one master password to stay all of your passwords protected, almost like the functionality of most of the password managers on this list. It allows you to store all of your passwords during a single password database, or multiple databases for various purposes. Creating a database is straightforward , just create the database, set your master password.PGP (Pretty Good Privacy): PGP is employed mostly for email encryption, it encrypts the content of the e-mail . However, Pretty Good Privacy doesn't encrypt the topic and sender of the e- mail , so make certain to never put sensitive information in these fields when using PGP.TrueCrypt: TrueCrypt may be a software program that encrypts and protects files on your devices. With TrueCrypt the encryption is transparent to the user and is completed locally at the user's computer. this suggests you'll store a TrueCrypt file on a server and TrueCrypt will encrypt that file before it's sent over the network.