EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 471:

  Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day,

  Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down

  the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

  What would Yancey be considered?

  A. Yancey would be considered a Suicide Hacker
  B. Since he does not care about going to jail, he would be considered a Black Hat
  C. Because Yancey works for the company currently; he would be a White Hat
  D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
  A. Yancey would be considered a Suicide Hacker

• Question 472:

  Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

  A. MITM attack
  B. Birthday attack
  C. DDoS attack
  D. Password attack
  C. DDoS attack

• Question 473:

  Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

  A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
  B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
  C. nmap -Pn -sT -p 46824 < Target IP >
  D. nmap -Pn -sT -p 102 --script s7-info < Target IP >
  B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >

  ---

  Explanation/Reference:

  https://nmap.org/nsedoc/scripts/enip-info.html Example Usage enip-info:

  -nmap --script enip-info -sU -p 44818

  This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command

  that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP. This script was written based

  of information collected by using the the Wireshark dissector for CIP, and EtherNet/IP, The original information was collected by running a modified version of the ethernetip.py script (https://github.com/paperwork/ pyenip)

• Question 474:

  An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

  A. Product-based solutions
  B. Tree-based assessment
  C. Service-based solutions
  D. inference-based assessment
  D. inference-based assessment

  ---

  Explanation/Reference:

  In an inference-based assessment, scanning starts by building an inventory of the protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those relevant tests.

• Question 475:

  An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the

  connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given `a=100' and variable 'm', along with the attacker's intention

  of maximizing the attack duration 'D=a*b', consider the following scenarios.

  Which is most likely to result in the longest duration of server unavailability?

  A. m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection
  B. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant
  C. 95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower
  D. m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time
  B. m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant

  ---

  Explanation/Reference:

  A Slow HTTP POST attack is a type of denial-of-service (DoS) attack that exploits the way web servers handle HTTP requests. The attacker sends a legitimate HTTP POST header to the web server, specifying a large amount of data to be sent in the request body. However, the attacker then sends the data very slowly, keeping the connection open and occupying the server's resources. The attacker can launch multiple such connections, exceeding the server's capacity to handle concurrent requests and preventing legitimate users from accessing the web server. The attack duration D is given by the formula D = a * b, where a is the number of connections and b is the hold-up time per connection. The attacker intends to maximize D by manipulating a and b. The server can manage m connections per second, but any connections exceeding m will overwhelm the system. Therefore, the scenario that is most likely to result in the longest duration of server unavailability is the one where a > m and b is the largest. Among the four options, this is the case for option B, where a = 100, m = 90, and b = 15. In this scenario, D = 100 * 15 = 1500 seconds, which is the longest among the four options. Option A has a larger b, but a < m, so the server can handle the connections without being overwhelmed. Option C has a > m, but a smaller b, so the attack duration is shorter. Option D has a > m, but a smaller b and a smaller difference between a and m, so the attack duration is also shorter. References: What is a Slow POST Attack and How to Prevent One? (Guide) Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server - Acunetix What is a Slow Post DDoS Attack? | NETSCOUT

• Question 476:

  Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather

  will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution?

  A. SaaS
  B. IaaS
  C. CaaS
  D. PasS
  A. SaaS

  ---

  Explanation/Reference:

  Software as a service (SaaS) allows users to attach to and use cloud-based apps over the web. Common examples ar email, calendaring and workplace tool (such as Microsoft workplace 365). SaaS provides a whole software solution that you get on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organisation and your users connect with it over the web, typically with an internet browser. All of the underlying infrastructure, middleware, app software system and app knowledge ar located within the service provider's knowledge center. The service provider manages the hardware and software system and with the appropriate service agreement, can make sure the availability and also the security of the app and your data as well. SaaS allows your organisation to induce quickly up and running with an app at token upfront cost. Common SaaS scenariosThis tool having used a web-based email service like Outlook, Hotmail or Yahoo! Mail, then you have got already used a form of SaaS. With these services, you log into your account over the web, typically from an internet browser. the e- mail software system is found on the service provider's network and your messages ar hold on there moreover. you can access your email and hold on messages from an internet browser on any laptop or Internet-connected device. The previous examples are free services for personal use. For organisational use, you can rent productivity apps, like email, collaboration and calendaring; and sophisticated business applications like client relationship management (CRM), enterprise resource coming up with (ERP) and document management. You buy the use of those apps by subscription or per the level of use. Advantages of SaaSGain access to stylish applications. to supply SaaS apps to users, you don't ought to purchase, install, update or maintain any hardware, middleware or software system. SaaS makes even sophisticated enterprise applications, like ERP and CRM, affordable for organisations that lack the resources to shop for, deploy and manage the specified infrastructure and software system themselves. Pay just for what you utilize. you furthermore may economize because the SaaS service automatically scales up and down per the level of usage. Use free shopper software system. Users will run most SaaS apps directly from their web browser without needing to transfer and install any software system, though some apps need plugins. this suggests that you simply don't ought to purchase and install special software system for your users. Mobilise your hands simply. SaaS makes it simple to "mobilise" your hands as a result of users will access SaaS apps and knowledge from any Internet-connected laptop or mobile device. You don't ought to worry concerning developing apps to run on differing types of computers and devices as a result of the service supplier has already done therefore. additionally, you don't ought to bring special experience aboard to manage the safety problems inherent in mobile computing. A fastidiously chosen service supplier can make sure the security of your knowledge, no matter the sort of device intense it. Access app knowledge from anyplace. With knowledge hold on within the cloud, users will access their info from any Internet-connected laptop or mobile device. And once app knowledge is hold on within the cloud, no knowledge is lost if a user's laptop or device fails.

• Question 477:

  Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed

  security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited.

  What is the incident handling and response (IHandR) phase, in which Robert has determined these issues?

  A. Preparation
  B. Eradication
  C. Incident recording and assignment
  D. Incident triage
  D. Incident triage

  ---

  Explanation/Reference:

  Triage is that the initial post-detection incident response method any responder can execute to open an event or false positive. Structuring an efficient and correct triage method can reduce analyst fatigue, reduce time to reply to and right

  incidents, and ensure that solely valid alerts are promoted to "investigation or incident" status.

  Every part of the triage method should be performed with urgency, as each second counts once in the inside of a crisis. However, triage responders face the intense challenge of filtering an unwieldy input supply into a condensed trickle of

  events. Here are some suggestions for expediting analysis before knowledge is validated:

  Organization: reduce redundant analysis by developing a workflow that may assign tasks to responders. Avoid sharing an email box or email alias between multiple responders. Instead use a workflow tool, like those in security orchestration,

  automation, and response (SOAR) solutions, to assign tasks. Implement a method to re-assign or reject tasks that are out of scope for triage. Correlation: Use a tool like a security info and even management (SIEM) to mix similar events. Link

  potentially connected events into one useful event. Data Enrichment: automate common queries your responders perform daily, like reverse DNS lookups, threat intelligence lookups, and IP/domain mapping. Add this knowledge to the event

  record or make it simply accessible. Moving full speed ahead is that the thanks to get through the initial sorting method however a a lot of detailed, measured approach is necessary throughout event verification. Presenting a robust case to be

  accurately evaluated by your security operations center (SOC) or cyber incident response team (CIRT) analysts is key. Here are many tips for the verification:

  Adjacent Data: Check the data adjacent to the event. for example, if an end has a virus signature hit, look to visualize if there's proof the virus is running before career for more response metrics. Intelligence Review: understand the context

  around the intelligence. simply because an ip address was flagged as a part of a botnet last week doesn't mean it still is an element of a botnet today. Initial Priority: Align with operational incident priorities and classify incidents appropriately.

  ensure the right level of effort is applied to every incident. Cross Analysis: look for and analyze potentially shared keys, like science addresses or domain names, across multiple knowledge sources for higher knowledge acurity.

• Question 478:

  The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?

  A. WEP
  B. WPA
  C. WPA2
  D. WPA3
  C. WPA2

• Question 479:

  Which of the following is an extremely common IDS evasion technique in the web world?

  A. Spyware
  B. Subnetting
  C. Unicode Characters
  D. Port Knocking
  C. Unicode Characters

• Question 480:

  An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources, what is the best initial approach to vulnerability assessment?

  A. Checking for hardware and software misconfigurations to identify any possible loopholes
  B. Evaluating the network for inherent technology weaknesses prone to specific types of attacks
  C. Investigating if any ex-employees still have access to the company's system and data
  D. Conducting social engineering tests to check if employees can be tricked into revealing sensitive information
  A. Checking for hardware and software misconfigurations to identify any possible loopholes

  ---

  Explanation/Reference:

  A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends

  remediation or mitigation, if and whenever needed1. A vulnerability assessment can be performed using various tools and techniques, depending on the scope and objectives of the assessment. Considering the potential vulnerability sources,

  the best initial approach to vulnerability assessment is to check for hardware and software misconfigurations to identify any possible loopholes. Hardware and software misconfigurations are common sources of vulnerabilities that can expose

  the system to unauthorized access, data breaches, or service disruptions. Hardware and software misconfigurations can include:

  Insecure default settings, such as weak passwords, open ports, unnecessary services, or verbose error messages.

  Improper access control policies, such as granting excessive privileges, allowing anonymous access, or failing to revoke access for terminated users. Lack of encryption or authentication mechanisms, such as using plain text protocols,

  storing sensitive data in clear text, or transmitting data without verifying the identity of the sender or receiver.

  Outdated or incompatible software versions, such as using unsupported or deprecated software, failing to apply security patches, or having software conflicts or dependencies. Checking for hardware and software misconfigurations can help

  identify any possible loopholes that could be exploited by attackers to compromise the system or the data. Checking for hardware and software misconfigurations can be done using various tools, such as:

  Configuration management tools, such as Ansible, Puppet, or Chef, that can automate the deployment and maintenance of consistent and secure configurations across the system. Configuration auditing tools, such as Nipper, Lynis, or

  OpenSCAP, that can scan the system for deviations from the desired or expected configurations and report any issues or vulnerabilities. Configuration testing tools, such as Inspec, Serverspec, or Testinfra, that can verify the system's

  compliance with the specified configuration rules and standards. Therefore, checking for hardware and software misconfigurations is the best initial approach to vulnerability assessment, as it can help identify and eliminate any possible

  loopholes that could pose a security risk to the system or the data.

  References:

  Vulnerability Assessment Principles | Tenable?

  Configuration Management Tools: A Complete Guide - Guru99 Top 10 Configuration Auditing Tools - Infosec Resources [Configuration Testing Tools: A Complete Guide - Guru99]