EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 491:

  An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

  A. Protocol analyzer
  B. Network sniffer
  C. Intrusion Prevention System (IPS)
  D. Vulnerability scanner
  A. Protocol analyzer

• Question 492:

  What did the following commands determine?

  

  A. That the Joe account has a SID of 500
  B. These commands demonstrate that the guest account has NOT been disabled
  C. These commands demonstrate that the guest account has been disabled
  D. That the true administrator is Joe
  E. Issued alone, these commands prove nothing
  D. That the true administrator is Joe

• Question 493:

  Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these

  hashes.

  Which type of attack can she implement in order to continue?

  A. LLMNR/NBT-NS poisoning
  B. Internal monologue attack
  C. Pass the ticket
  D. Pass the hash
  D. Pass the hash

• Question 494:

  If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?

  A. -r
  B. -F
  C. -P
  D. -sP
  B. -F

• Question 495:

  Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company. While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?

  A. RST Hijacking
  B. Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing
  C. UDP Hijacking
  D. TCP/IP Hijacking
  B. Man-in-the-middle Attack Using Forged ICMP and ARP Spoofing

  ---

  Explanation/Reference:

  A man-in-the-middle attack using forged ICMP and ARP spoofing is a type of network-level session hijacking attack where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets and intercept or modify the data exchanged between the client and the server. A man-in-the-middle attack using forged ICMP and ARP spoofing works as follows: The attacker sends a forged ICMP redirect message to the client, claiming to be the gateway. The ICMP redirect message tells the client to use the attacker's machine as the next hop for reaching the server's network. The client updates its routing table accordingly and starts sending packets to the attacker's machine instead of the gateway. The attacker also sends a forged ARP reply message to the client, claiming to be the server. The ARP reply message associates the attacker's MAC address with the server's IP address. The client updates its ARP cache accordingly and starts sending packets to the attacker's MAC address instead of the server's MAC address. The attacker receives the packets from the client and forwards them to the server, acting as a relay. The attacker can also monitor, modify, or drop the packets as they wish. The server responds to the packets and sends them back to the attacker, who then forwards them to the client. The client and the server are unaware of the attacker's presence and think they are communicating directly with each other. Therefore, Jake is studying a man-in-the-middle attack using forged ICMP and ARP spoofing, which is a type of network-level session hijacking attack. References: Network or TCP Session Hijacking | Ethical Hacking - GreyCampus

• Question 496:

  A new wireless client is configured to join an 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

  A. The WAP does not recognize the client's MAC address
  B. The client cannot see the SSID of the wireless network
  C. Client is configured for the wrong channel
  D. The wireless client is not configured to use DHCP
  A. The WAP does not recognize the client's MAC address

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/MAC_filtering MAC filtering is a security method based on access control. Each address is assigned a 48-bit address, which is used to determine whether we can access a network or not. It helps in listing a set of allowed devices that you need on your Wi-Fi and the list of denied devices that you don't want on your Wi-Fi. It helps in preventing unwanted access to the network. In a way, we can blacklist or white list certain computers based on their MAC address. We can configure the filter to allow connection only to those devices included in the white list. White lists provide greater security than blacklists because the router grants access only to selected devices. It is used on enterprise wireless networks having multiple access points to prevent clients from communicating with each other. The access point can be configured only to allow clients to talk to the default gateway, but not other wireless clients. It increases the efficiency of access to a network. The router allows configuring a list of allowed MAC addresses in its web interface, allowing you to choose which devices can connect to your network. The router has several functions designed to improve the network's security, but not all are useful. Media access control may seem advantageous, but there are certain flaws. On a wireless network, the device with the proper credentials such as SSID and password can authenticate with the router and join the network, which gets an IP address and access to the internet and any shared resources. MAC address filtering adds an extra layer of security that checks the device's MAC address against a list of agreed addresses. If the client's address matches one on the router's list, access is granted; otherwise, it doesn't join the network.

• Question 497:

  While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, "Learn more about your friends!" along with a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions in the post. A few days later, Matt's bank account is accessed, and the password is changed. What most likely happened?

  A. Matt inadvertently provided the answers to his security questions when responding to the post.
  B. Matt's bank-account login information was brute forced.
  C. Matt Inadvertently provided his password when responding to the post.
  D. Matt's computer was infected with a keylogger.
  A. Matt inadvertently provided the answers to his security questions when responding to the post.

• Question 498:

  What is correct about digital signatures?

  A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
  B. Digital signatures may be used in different documents of the same type.
  C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
  D. Digital signatures are issued once for each user and can be used everywhere until they expire.
  A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

• Question 499:

  During the process of encryption and decryption, what keys are shared?

  A. Private keys
  B. User passwords
  C. Public keys
  D. Public and private keys
  C. Public keys

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Public-key_cryptography Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys (which may be known to others), and private keys (which may never be known by any except the owner). The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way functions. Effective security requires keeping the private key private; the public key can be openly distributed without compromising security. In such a system, any person can encrypt a message using the intended receiver's public key, but that encrypted message can only be decrypted with the receiver's private key. This allows, for instance, a server program to generate a cryptographic key intended for a suitable symmetric-key cryptography, then to use a client's openly-shared public key to encrypt that newly generated symmetric key. The server can then send this encrypted symmetric key over an insecure channel to the client; only the client can decrypt it using the client's private key (which pairs with the public key used by the server to encrypt the message). With the client and server both having the same symmetric key, they can safely use symmetric key encryption (likely much faster) to communicate over otherwise-insecure channels. This scheme has the advantage of not having to manually pre-share symmetric keys (a fundamentally difficult problem) while gaining the higher data throughput advantage of symmetric-key cryptography. With public-key cryptography, robust authentication is also possible. A sender can combine a message with a private key to create a short digital signature on the message. Anyone with the sender's corresponding public key can combine that message with a claimed digital signature; if the signature matches the message, the origin of the message is verified (i.e., it must have been made by the owner of the corresponding private key). Public key algorithms are fundamental security primitives in modern cryptosystems, including applications and protocols which offer assurance of the confidentiality, authenticity and non-repudiability of electronic communications and data storage. They underpin numerous Internet standards, such as Transport Layer Security (TLS), S/MIME, PGP, and GPG. Some public key algorithms provide key distribution and secrecy (e.g., Diffieellman key exchange), some provide digital signatures (e.g., Digital Signature Algorithm), and some provide both (e.g., RSA). Compared to symmetric encryption, asymmetric encryption is rather slower than good symmetric encryption, too slow for many purposes. Today's cryptosystems (such as TLS, Secure Shell) use both symmetric encryption and asymmetric encryption.

• Question 500:

  Which of the following commands checks for valid users on an SMTP server?

  A. RCPT
  B. CHK
  C. VRFY
  D. EXPN
  C. VRFY

  ---

  Explanation/Reference:

  The VRFY commands enables SMTP clients to send an invitation to an SMTP server to verify that mail for a selected user name resides on the server. The VRFY command is defined in RFC 821.The server sends a response indicating whether the user is local or not, whether mail are going to be forwarded, and so on. A response of 250 indicates that the user name is local; a response of 251 indicates that the user name isn't local, but the server can forward the message. The server response includes the mailbox name.