EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 481:

  Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

  A. Error-based injection
  B. Boolean-based blind SQL injection
  C. Blind SQL injection
  D. Union SQL injection
  D. Union SQL injection

• Question 482:

  The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

  A. Regularly test security systems and processes.
  B. Encrypt transmission of cardholder data across open, public networks.
  C. Assign a unique ID to each person with computer access.
  D. Use and regularly update anti-virus software on all systems commonly affected by malware.
  C. Assign a unique ID to each person with computer access.

• Question 483:

  A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely. Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

  A. .stm
  B. .html
  C. .rss
  D. .cms
  A. .stm

• Question 484:

  An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

  A. Make sure that legitimate network routers are configured to run routing protocols with authentication.
  B. Disable all routing protocols and only use static routes
  C. Only using OSPFv3 will mitigate this risk.
  D. Redirection of the traffic cannot happen unless the admin allows it explicitly.
  A. Make sure that legitimate network routers are configured to run routing protocols with authentication.

• Question 485:

  The "Gray-box testing" methodology enforces what kind of restriction?

  A. Only the external operation of a system is accessible to the tester.
  B. The internal operation of a system in only partly accessible to the tester.
  C. Only the internal operation of a system is known to the tester.
  D. The internal operation of a system is completely known to the tester.
  D. The internal operation of a system is completely known to the tester.

  ---

  Explanation/Reference:

  White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. in- circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white- box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a system-level test. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. Where white-box testing is design-driven,[1] that is, driven exclusively by agreed specifications of how each component of the software is required to behave (as in DO-178C and ISO 26262 processes) then white-box test techniques can accomplish assessment for unimplemented or missing requirements.

  White-box test design techniques include the following code coverage criteria:

  1.

  Control flow testing

  2.

  Data flow testing

  3.

  Branch testing

  4.

  Statement coverage

  5.

  Decision coverage

  6.

  Modified condition/decision coverage

  7.

  Prime path testing

  8.

  Path testing

• Question 486:

  Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used

  in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network

  resources.

  What is the attack technique used by Jude for finding loopholes in the above scenario?

  A. UDP flood attack
  B. Ping-of-death attack
  C. Spoofed session flood attack
  D. Peer-to-peer attack
  C. Spoofed session flood attack

• Question 487:

  You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you will use?

  A. nmap -T4 -q 10.10.0.0/24
  B. nmap -T4 -F 10.10.0.0/24
  C. nmap -T4 -r 10.10.1.0/24
  D. nmap -T4 -O 10.10.0.0/24
  B. nmap -T4 -F 10.10.0.0/24

  ---

  Explanation/Reference:

  https://nmap.org/book/man-port-specification.html NOTE: In my opinion, this is an absolutely wrong statement of the question. But you may come across a question with a similar wording on the exam. What does "fast" mean? If we want to

  increase the speed and intensity of the scan we can select the mode using the -T flag (0/1/2/3/4/5). At high -T values, we will sacrifice stealth and gain speed, but we will not limit functionality.

  -F (Fast (limited port) scan)

  Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100. Technically, scanning will be faster, but just because we have

  reduced the number of ports by 10 times, we are just doing 10 times less work, not faster.

• Question 488:

  Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This

  vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

  Which of the following attacks can be performed by exploiting the above vulnerability?

  A. DROWN attack
  B. Padding oracle attack
  C. Side-channel attack
  D. DUHK attack
  A. DROWN attack

  ---

  Explanation/Reference:

  DROWN is a serious vulnerability that affects HTTPS and other services that deem SSL and TLS, some of the essential cryptographic protocols for net security. These protocols allow everyone on the net to browse the net, use email, look on-

  line, and send instant messages while not third-parties being able to browse the communication. DROWN allows attackers to break the encryption and read or steal sensitive communications, as well as passwords, credit card numbers, trade

  secrets, or financial data. At the time of public disclosure on March 2016, our measurements indicated thirty third of all HTTPS servers were vulnerable to the attack. fortuitously, the vulnerability is much less prevalent currently. As of 2019,

  SSL Labs estimates that one.2% of HTTPS servers are vulnerable.

  What will the attackers gain?Any communication between users and the server. This typically includes, however isn't limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. under

  some common scenarios, an attacker can also impersonate a secure web site and intercept or change the content the user sees.

  Who is vulnerable?Websites, mail servers, and other TLS-dependent services are in danger for the DROWN attack. At the time of public disclosure, many popular sites were affected. we used Internet-wide scanning to live how many sites are

  vulnerable:

  

  SSLv2 Operators of vulnerable servers got to take action. there's nothing practical that browsers or end-users will do on their own to protect against this attack. Is my site vulnerable?Modern servers and shoppers use the TLS encryption protocol. However, because of misconfigurations, several servers also still support SSLv2, a 1990s- era precursor to TLS. This support did not matter in practice, since no up-to-date clients really use SSLv2. Therefore, despite the fact that SSLv2 is thought to be badly insecure, until now, simply supporting SSLv2 wasn't thought of a security problem, is a clients never used it. DROWN shows that merely supporting SSLv2 may be a threat to fashionable servers and clients. It modern associate degree attacker to modern fashionable TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key.

  

  SSLv2

  It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings.

  Its private key is used on any other serverthat allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports

  SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server.

  A server is vulnerable to DROWN if:

  

  SSLv2 How do I protect my server?To protect against DROWN, server operators need to ensure that their private keys software used anyplace with server computer code that enables SSLv2 connections. This includes net servers, SMTP servers, IMAP and POP servers, and the other software that supports SSL/TLS. Disabling SSLv2 is difficult and depends on the particular server software. we offer instructions here for many common products: OpenSSL: OpenSSL may be a science library employed in several server merchandise. For users of OpenSSL, the simplest and recommended solution is to upgrade to a recent OpenSSL version. OpenSSL 1.0.2 users ought to upgrade to 1.0.2g. OpenSSL 1.0.1 users ought to upgrade to one.0.1s. Users of older OpenSSL versions ought to upgrade to either one in every of these versions. (Updated March thirteenth, 16:00 UTC) Microsoft IIS (Windows Server): Support for SSLv2 on the server aspect is enabled by default only on the OS versions that correspond to IIS 7.0 and IIS seven.5, particularly Windows scene, Windows Server 2008, Windows seven and Windows Server 2008R2. This support is disabled within the appropriate SSLv2 subkey for `Server', as outlined in KB245030. albeit users haven't taken the steps to disable SSLv2, the export-grade and 56-bit ciphers that build DROWN possible don't seem to be supported by default. Network Security Services (NSS): NSS may be a common science library designed into several server merchandise. NSS versions three.13 (released back in 2012) and higher than ought to have SSLv2 disabled by default. (A little variety of users might have enabled SSLv2 manually and can got to take steps to disable it.) Users of older versions ought to upgrade to a more moderen version. we tend to still advocate checking whether or not your non-public secret is exposed elsewhere Other affected software and in operation systems: Instructions and data for: Apache, Postfix, Nginx, Debian, Red Hat Browsers and other consumers: practical nothing practical that net browsers or different client computer code will do to stop DROWN. only server operators ar ready to take action to guard against the attack.

• Question 489:

  What is the algorithm used by LM for Windows2000 SAM?

  A. MD4
  B. DES
  C. SHA
  D. SSL
  B. DES

• Question 490:

  A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

  A. Perform a vulnerability scan of the system.
  B. Determine the impact of enabling the audit feature.
  C. Perform a cost/benefit analysis of the audit feature.
  D. Allocate funds for staffing of audit log review.
  B. Determine the impact of enabling the audit feature.