EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 531:

  Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?

  Code:

  #include int main(){char buffer[8];

  strcpy(buffer, ""11111111111111111111111111111"");} Output: Segmentation fault

  A. C#
  B. Python
  C. Java
  D. C++
  D. C++

• Question 532:

  You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

  A. Use Alternate Data Streams to hide the outgoing packets from this server.
  B. Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.
  C. Install Cryptcat and encrypt outgoing packets from this server.
  D. Install and use Telnet to encrypt all outgoing traffic from this server.
  C. Install Cryptcat and encrypt outgoing packets from this server.

  ---

  Explanation/Reference:

  https://linuxsecurityblog.com/2018/12/23/create-a-backdoor-with-cryptcat/

  Cryptcat enables us to communicate between two systems and encrypts the communication between them with twofish, one of many excellent encryption algorithms from Bruce Schneier et al. Twofish's encryption is on par with AES encryption, making it nearly bulletproof. In this way, the IDS can't detect the malicious behavior taking place even when its traveling across normal HTTP ports like 80 and 443.

• Question 533:

  A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server. Based on this information, what should be one of your key recommendations to the bank?

  A. Place a front-end web server in a demilitarized zone that only handles external web traffic
  B. Require all employees to change their anti-virus program with a new one
  C. Move the financial data to another server on the same IP subnet
  D. Issue new certificates to the web servers from the root certificate authority
  A. Place a front-end web server in a demilitarized zone that only handles external web traffic

• Question 534:

  Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords. Which of the following tools would not be useful for cracking the hashed passwords?

  A. John the Ripper
  B. Hashcat
  C. netcat
  D. THC-Hydra
  A. John the Ripper

• Question 535:

  What is GINA?

  A. Gateway Interface Network Application
  B. GUI Installed Network Application CLASS
  C. Global Internet National Authority (G-USA)
  D. Graphical Identification and Authentication DLL
  D. Graphical Identification and Authentication DLL

• Question 536:

  You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

  A. nmap -A - Pn
  B. nmap -sP -p-65535 -T5
  C. nmap -sT -O -T0
  D. nmap -A --host-timeout 99 -T1
  C. nmap -sT -O -T0

• Question 537:

  What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

  A. Residual risk
  B. Impact risk
  C. Deferred risk
  D. Inherent risk
  A. Residual risk

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Residual_risk

  The residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied

  (scientifically conceivable measures); in other words, the amount of risk left over after natural or inherent risks have been reduced by risk controls.

  Residual risk = (Inherent risk) - (impact of risk controls)

• Question 538:

  As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

  A. Use the same machines for DNS and other applications
  B. Harden DNS servers
  C. Use split-horizon operation for DNS servers
  D. Restrict Zone transfers
  E. Have subnet diversity between DNS servers
  B. Harden DNS servers
  C. Use split-horizon operation for DNS servers
  D. Restrict Zone transfers
  E. Have subnet diversity between DNS servers

• Question 539:

  Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?

  ] >

  A. XXE
  B. SQLi
  C. IDOR
  D. XXS
  A. XXE

• Question 540:

  A certified ethical hacker is conducting a Whois footprinting activity on a specific domain. The individual is leveraging various tools such as Batch IP Converter and Whois Analyzer Pro to retrieve vital details but is unable to gather complete Whois information from the registrar for a particular set of data. As the hacker, what might be the probable data model being utilized by the domain's registrar for storing and looking up Whois information?

  A. Thick Whois model with a malfunctioning server
  B. Thick Whois model working correctly
  C. Thin Whois model with a malfunctioning server
  D. Thin Whois model working correctly
  D. Thin Whois model working correctly

  ---

  Explanation/Reference:

  A thin Whois model is a type of data model that is used by some domain registrars for storing and looking up Whois information. In a thin Whois model, the registrar only stores the basic information about the domain, such as the domain name, the registrar name, the name servers, and the registration and expiration dates. The rest of the information, such as the contact details of the domain owner, the administrative contact, and the technical contact, is stored by the registry that manages the top-level domain (TLD) of the domain. For example, the registry for .com and .net domains is Verisign, and the registry for .org domains is Public Interest Registry. When a Whois lookup is performed on a domain that uses a thin Whois model, the registrar's Whois server only returns the basic information and refers the query to the registry's Whois server for the complete information. As a hacker, if you are unable to gather complete Whois information from the registrar for a particular set of data, it might be because the domain's registrar is using a thin Whois model and the registry's Whois server is not responding or providing the information. This could be due to various reasons, such as network issues, server errors, rate limits, privacy policies, or legal restrictions. Therefore, the probable data model being utilized by the domain's registrar for storing and looking up Whois information is a thin Whois model working correctly. References: Differences Between Thin WHOIS vs Thick WHOIS ?OpenSRS Helpand; Support