EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 71:

  What does a firewall check to prevent particular ports and applications from getting packets into an organization?

  A. Transport layer port numbers and application layer headers
  B. Presentation layer headers and the session layer port numbers
  C. Network layer headers and the session layer port numbers
  D. Application layer port numbers and the transport layer headers
  A. Transport layer port numbers and application layer headers

• Question 72:

  When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

  A. Identifying operating systems, services, protocols and devices
  B. Modifying and replaying captured network traffic
  C. Collecting unencrypted information about usernames and passwords
  D. Capturing a network traffic for further analysis
  B. Modifying and replaying captured network traffic

• Question 73:

  Which of the following is a component of a risk assessment?

  A. Administrative safeguards
  B. Physical security
  C. DMZ
  D. Logical interface
  A. Administrative safeguards

• Question 74:

  In Trojan terminology, what is a covert channel?

  

  A. A channel that transfers information within a computer system or network in a way that violates the security policy
  B. A legitimate communication path within a computer system or network for transfer of data
  C. It is a kernel operation that hides boot processes and services to mask detection
  D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections
  A. A channel that transfers information within a computer system or network in a way that violates the security policy

• Question 75:

  You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: "The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. " Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

  A. The -A flag
  B. The -g flag
  C. The -f flag
  D. The -D flag
  D. The -D flag

  ---

  Explanation/Reference:

  flags -source-port and -g are equivalent and instruct nmap to send packets through a selected port. this option is used to try to cheat firewalls whitelisting traffic from specific ports. the following example can scan the target from the port twenty to ports eighty, 22, 21,23 and 25 sending fragmented packets to LinuxHint.

• Question 76:

  In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

  A. 3.0-6.9
  B. 40-6.0
  C. 4.0-6.9
  D. 3.9-6.9
  C. 4.0-6.9

• Question 77:

  Judy created a forum, one day. she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images:

  What issue occurred for the users who clicked on the image?

  A. The code inject a new cookie to the browser.
  B. The code redirects the user to another site.
  C. The code is a virus that is attempting to gather the users username and password.
  D. This php file silently executes the code and grabs the users session cookie and session ID.
  D. This php file silently executes the code and grabs the users session cookie and session ID.

  ---

  Explanation/Reference:

  document.write(); (Cookie and session ID theft)

  https://www.softwaretestinghelp.com/cross-site-scripting-xss-attack-test/ As seen in the indicated question, cookies are escaped and sent to script to variable `cookie'. If the malicious user would inject this script into the website's code, then it

  will be executed in the user's browser and cookies will be sent to the malicious user.

• Question 78:

  This TCP flag instructs the sending system to transmit all buffered data immediately.

  A. SYN
  B. RST
  C. PSH
  D. URG
  E. FIN
  C. PSH

• Question 79:

  To tailor your tests during a web application scan, you decide to determine which web server version is hosting the application. Upon using the -sV flag with Nmap, you obtain the following response:

  80/tcp open http-proxy Apache Server 7.1.6

  What information-gathering technique does this best describe?

  A. WhOiS lookup
  B. Banner grabbing
  C. Dictionary attack
  D. Brute forcing
  B. Banner grabbing

  ---

  Explanation/Reference:

  Banner grabbing is a technique wont to gain info about a computer system on a network and the services running on its open ports. administrators will use this to take inventory of the systems and services on their network. However, an to

  find will use banner grabbing so as to search out network hosts that are running versions of applications and operating systems with known exploits. Some samples of service ports used for banner grabbing are those used by Hyper Text

  Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 severally. Tools normally used to perform banner grabbing are Telnet, nmap and Netcat.

  For example, one may establish a connection to a target internet server using Netcat, then send an HTTP request. The response can usually contain info about the service running on the host:

  

  Graphical user interface, text, application This information may be used by an administrator to catalog this system, or by an intruder to narrow down a list of applicable exploits.To prevent this, network administrators should restrict access to services on their networks and shut down unused or unnecessary services running on network hosts. Shodan is a search engine for banners grabbed from portscanning the Internet.

• Question 80:

  What is a NULL scan?

  A. A scan in which all flags are turned off
  B. A scan in which certain flags are off
  C. A scan in which all flags are on
  D. A scan in which the packet size is set to zero
  E. A scan with an illegal packet size
  A. A scan in which all flags are turned off