EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 521:

  What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

  A. Man-in-the-middle attack
  B. Meet-in-the-middle attack
  C. Replay attack
  D. Traffic analysis attack
  B. Meet-in-the-middle attack

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Meet-in-the-middle_attack The meet-in-the-middle attack (MITM), a known plaintext attack, is a generic space-time tradeoff cryptographic attack against encryption schemes that rely on performing multiple encryption operations in sequence. The MITM attack is the primary reason why Double DES is not used and why a Triple DES key (168-bit) can be bruteforced by an attacker with 256 space and 2112 operations. The intruder has to know some parts of plaintext and their ciphertexts. Using meet-in-the- middle attacks it is possible to break ciphers, which have two or more secret keys for multiple encryption using the same algorithm. For example, the 3DES cipher works in this way. Meet-in-the-middle attack was first presented by Diffie and Hellman for cryptanalysis of DES algorithm.

• Question 522:

  Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect

  field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

  Which of the following design flaws in the authentication mechanism is exploited by Calvin?

  A. Insecure transmission of credentials
  B. Verbose failure messages
  C. User impersonation
  D. Password reset mechanism
  D. Password reset mechanism

• Question 523:

  You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

  Dear valued customers,

  We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your

  antivirus code:

  

  or you may contact us at the following address:

  Media Internet Consultants, Edif. Neptuno, Planta

  Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

  A. Look at the website design, if it looks professional then it is a Real Anti-Virus website
  B. Connect to the site using SSL, if you are successful then the website is genuine
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
  D. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  E. Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
  C. Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

• Question 524:

  A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

  A. Credentialed assessment
  B. Database assessment
  C. Host-based assessment
  D. Distributed assessment
  C. Host-based assessment

  ---

  Explanation/Reference:

  The host-based vulnerability assessment (VA) resolution arose from the auditors' got to periodically review systems. Arising before the net becoming common, these tools typically take an "administrator's eye" read of the setting by evaluating all of the knowledge that an administrator has at his or her disposal. UsesHost VA tools verify system configuration, user directories, file systems, registry settings, and all forms of other info on a number to gain information about it. Then, it evaluates the chance of compromise. it should also live compliance to a predefined company policy so as to satisfy an annual audit. With administrator access, the scans area unit less possible to disrupt traditional operations since the computer code has the access it has to see into the complete configuration of the system. What it Measures Host VA tools will examine the native configuration tables and registries to spot not solely apparent vulnerabilities, however additionally "dormant" vulnerabilities ?those weak or misconfigured systems and settings which will be exploited when an initial entry into the setting. Host VA solutions will assess the safety settings of a user account table; the access management lists related to sensitive files or data; and specific levels of trust applied to other systems. The host VA resolution will a lot of accurately verify the extent of the danger by determinant however way any specific exploit could also be ready to get.

• Question 525:

  You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

  A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
  B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
  C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
  D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account
  C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

• Question 526:

  As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless network security. While experimenting with your home Wi-Fi network, you decide to use a well-known hacking tool to capture network

  traffic and attempt to crack the Wi-Fi password. However, despite many attempts, you have been unsuccessful. Your home Wi-Fi network uses WPA2 Personal with AES encryption.

  Why are you finding it difficult to crack the Wi-Fi password?

  A. The Wi-Fi password is too complex and long
  B. Your hacking tool is outdated
  C. The network is using an uncrackable encryption method
  D. The network is using MAC address filtering.
  C. The network is using an uncrackable encryption method

  ---

  Explanation/Reference:

  The network is using an uncrackable encryption method, which makes it difficult to crack the Wi-Fi password. WPA2 Personal with AES encryption is the strongest form of security offered by Wi-Fi devices at the moment, and it should be used for all purposes. AES stands for Advanced Encryption Standard, and it is a symmetric-key algorithm that uses a 128-bit, 192-bit, or 256-bit key to encrypt and decrypt data. AES is considered to be uncrackable by brute force attacks, as it would take an impractical amount of time and computational power to try all possible key combinations. Therefore, unless you have access to the Wi-Fi password or the encryption key, you will not be able to decrypt the network traffic and crack the password. The other options are not correct for the following reasons:

  A. The Wi-Fi password is too complex and long: This option is not relevant because the Wi-Fi password is not directly used to encrypt the network traffic. Instead, the password is used to generate a Pre-Shared Key (PSK), which is then used to derive a Pairwise Master Key (PMK), which is then used to derive a Pairwise Transient Key (PTK), which is then used to encrypt the data. Therefore, the complexity and length of the password do not affect the encryption strength, as long as the password is not easily guessed or leaked34. B. Your hacking tool is outdated: This option is not plausible because even if your hacking tool is outdated, it would not affect your ability to capture the network traffic and attempt to crack the password. The hacking tool may not support the latest Wi-Fi standards or protocols, but it should still be able to capture the raw data packets and save them in a file. The cracking process would depend on the encryption algorithm and the key, not on the hacking tool. D. The network is using MAC address filtering: This option is not feasible because MAC address filtering is a technique that restricts network access and communication to trusted devices based on their MAC addresses, which are unique identifiers assigned to network interfaces. MAC address filtering can prevent unauthorized devices from joining the network, but it cannot prevent authorized devices from capturing the network traffic. Moreover, MAC address filtering can be easily bypassed by spoofing the MAC address of an allowed device56. References:

  1: What is AES Encryption and How Does it Work? | Kaspersky

  2: AES Encryption: Everything You Need to Know | Comparitech

  3: How Does WPA2 Work? | Techwalla

  4: How Does WPA2 Encryption Work? | Security Boulevard

  5: What is MAC Address Filtering? | Definition, Types and Examples - Fortinet

  6: How to Bypass MAC Address Filtering on Wireless Networks - Null Byte ::WonderHowTo

• Question 527:

  What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

  A. CPU
  B. GPU
  C. UEFI
  D. TPM
  D. TPM

  ---

  Explanation/Reference:

  The TPM is a chip that's part of your computer's motherboard -- if you bought an off-the-shelf PC, it's soldered onto the motherboard. If you built your own computer, you can buy one as an add-on module if your motherboard supports it. The TPM generates encryption keys, keeping part of the key to itself

• Question 528:

  An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

  A. MAC spoofing attack
  B. Evil-twin attack
  C. War driving attack
  D. Phishing attack
  B. Evil-twin attack

• Question 529:

  A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network. What is this hacking process known as?

  A. GPS mapping
  B. Spectrum analysis
  C. Wardriving
  D. Wireless sniffing
  C. Wardriving

• Question 530:

  A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer. What tests would you perform to determine whether his computer Is Infected?

  A. Use ExifTool and check for malicious content.
  B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
  C. Upload the file to VirusTotal.
  D. Use netstat and check for outgoing connections to strange IP addresses or domains.
  D. Use netstat and check for outgoing connections to strange IP addresses or domains.