EC-COUNCIL 312-50V12 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V12 Online Questions & Answers

• Question 81:

  Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

  A. Compound SQLi
  B. Blind SQLi
  C. Classic SQLi
  D. DMS-specific SQLi
  B. Blind SQLi

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/SQL_injection#Blind_SQL_injection Blind SQL injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack has traditionally been considered time-intensive because a new statement needed to be crafted for each bit recovered, and depending on its structure, the attack may consist of many unsuccessful requests. Recent advancements have allowed each request to recover multiple bits, with no unsuccessful requests, allowing for more consistent and efficient extraction.

• Question 82:

  An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the three-way handshake with an ACK

  packet, they send an RST packet.

  What kind of scan is the ethical hacker likely performing and what is their goal?

  A. They are performing an SYN scan to stealthily identify open ports without fully establishing a connection
  B. They are performing a TCP connect scan to identify open ports on the target machine
  C. They are performing a vulnerability scan to identify any weaknesses in the target system
  D. They are performing a network scan to identify live hosts and their IP addresses
  A. They are performing an SYN scan to stealthily identify open ports without fully establishing a connection

  ---

  Explanation/Reference:

  The ethical hacker is likely performing an SYN scan to stealthily identify open ports without fully establishing a connection. An SYN scan, also known as a half-open scan or a stealth scan, is a type of port scanning technique that exploits the TCP three-way handshake process. The hacker sends an SYN packet to a target port and waits for a response. If the target responds with an SYN/ACK packet, it means the port is open and listening for connections. If the target responds with an RST packet, it means the port is closed and not accepting connections. However, instead of completing the handshake with an ACK packet, the hacker sends an RST packet to abort the connection. This way, the hacker avoids creating a full connection and logging an entry in the target's system, making the scan less detectable and intrusive. The hacker can repeat this process for different ports and identify which ones are open and potentially vulnerable to exploitation. The other options are not correct for the following reasons:

  B. They are performing a TCP connect scan to identify open ports on the target machine: This option is incorrect because a TCP connect scan involves establishing a full connection with the target port by completing the TCP three-way handshake. The hacker sends an SYN packet, receives an SYN/ACK packet, and then sends an ACK packet to finalize the connection. Then, the hacker terminates the connection with an RST or FIN packet. A TCP connect scan is more reliable and compatible than an SYN scan, but also more noisy and slow, as it creates more traffic and logs on the target system. C. They are performing a vulnerability scan to identify any weaknesses in the target system: This option is incorrect because a vulnerability scan is a broader and deeper process than a port scan. A vulnerability scan involves identifying and assessing the security flaws and risks in a system or network, such as missing patches, misconfigurations, outdated software, or weak passwords. A vulnerability scan may use port scanning as one of its techniques, but it also uses other methods, such as banner grabbing, service enumeration, or exploit testing. A vulnerability scan usually requires more time, resources, and permissions than a port scan. D. They are performing a network scan to identify live hosts and their IP addresses: This option is incorrect because a network scan is a different process than a port scan. A network scan involves discovering and mapping the devices and hosts connected to a network, such as routers, switches, servers, or workstations. A network scan may use ping, traceroute, or ARP requests to identify the IP addresses, MAC addresses, and hostnames of the live hosts. A network scan usually precedes a port scan, as it provides the target range and scope for the port scan. References:

  1: Port Scanning Techniques - an overview | ScienceDirect Topics

  2: nmap Host Discovery Techniques

  3: Vulnerability Scanning Tools | OWASP Foundation

  4: What Is Vulnerability Scanning? Types, Tools and Best Practices | Splunk

  5: Network Scanning - an overview | ScienceDirect Topics

  6: Network Scanning - Nmap

• Question 83:

  Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection?

  A. DMZ
  B. SMB signing
  C. VPN
  D. Switch network
  C. VPN

• Question 84:

  You have successfully logged on a Linux system. You want to now cover your trade. Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

  A. user.log
  B. auth.fesg
  C. wtmp
  D. btmp
  C. wtmp

• Question 85:

  You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.

  A. Provide employees with corporate-owned devices for work-related tasks.
  B. Implement a mobile device management solution that restricts the installation of non- approved applications.
  C. Require all employee devices to use a company-provided VPN for internet access.
  D. Conduct regular cybersecurity awareness training, focusing on phishing attacks.
  D. Conduct regular cybersecurity awareness training, focusing on phishing attacks.

  ---

  Explanation/Reference:

  The best measure to prevent similar attacks without overly restricting the use of personal devices is to conduct regular cybersecurity awareness training, focusing on phishing attacks. Cybersecurity awareness training is a process of educating and empowering employees on the best practices and behaviors to protect themselves and the organization from cyber threats, such as phishing, malware, ransomware, or data breaches. Cybersecurity awareness training can help the organization mitigate the risk of phishing incidents by providing the following benefits: It can increase the knowledge and skills of employees on how to identify and avoid phishing emails, messages, or links, such as by checking the sender, the subject, the content, the attachments, and the URL of the message, and by verifying the legitimacy and authenticity of the message before responding or clicking. It can enhance the attitude and culture of employees on the importance and responsibility of cybersecurity, such as by encouraging them to report any suspicious or malicious activity, to follow the security policies and guidelines, and to seek help or guidance when in doubt or trouble. It can reduce the human error and negligence that are often the main causes of phishing incidents, such as by reminding employees to update their devices and applications, to use strong and unique passwords, to enable multi-factor authentication, and to backup their data regularly. The other options are not as optimal as option D for the following reasons:

  A. Provide employees with corporate-owned devices for work-related tasks: This option is not feasible because it contradicts the BYOD policy, which allows employees to use their personal devices for work-related tasks. Providing employees with corporate-owned devices would require the organization to incur additional costs and resources, such as purchasing, maintaining, and securing the devices, as well as training and supporting the employees on how to use them. Moreover, providing employees with corporate-owned devices would not necessarily prevent phishing incidents, as the devices could still be compromised by phishing emails, messages, or links, unless the organization implements strict security controls and policies on the devices, which may limit the user autonomy and productivity.

  B. Implement a mobile device management solution that restricts the installation of non-approved applications: This option is not desirable because it violates the user autonomy and privacy under the BYOD policy, which allows employees to use their personal devices for both personal and professional purposes. Implementing a mobile device management solution that restricts the installation of non- approved applications would require the organization to monitor and control the devices of the employees, which may raise legal and ethical issues, such as data ownership, consent, and compliance. Furthermore, implementing a mobile device management solution that restricts the installation of non-approved applications would not completely prevent phishing incidents, as the employees could still receive phishing emails, messages, or links through the approved applications, unless the organization implements strict security controls and policies on the applications, which may affect the user experience and functionality.

  C. Require all employee devices to use a company-provided VPN for internet access: This option is not sufficient because it does not address the root cause of phishing incidents, which is the human factor. Requiring all employee devices to use a company-provided VPN for internet access would provide the organization with some benefits, such as encrypting the network traffic, hiding the IP address, and bypassing geo-restrictions. However, requiring all employee devices to use a company-provided VPN for internet access would not prevent phishing incidents, as the employees could still fall victim to phishing emails, messages, or links that lure them to malicious websites or applications, unless the organization implements strict security controls and policies on the VPN, which may affect the network performance and reliability. References:

  1: What is Cybersecurity Awareness Training? | Definition, Benefits and Best Practices | Kaspersky

  2: How to Prevent Phishing Attacks with Security Awareness Training | Infosec

  3: BYOD vs. Corporate-Owned Devices: Pros and Cons | Bitglass

  4: Mobile Device Management (MDM) | OWASP Foundation

  5: What is a VPN and why do you need one? Everything you need to know | ZDNet

• Question 86:

  Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario?

  A. WebSite Watcher
  B. web-Stat
  C. Webroot
  D. WAFW00F
  B. web-Stat

  ---

  Explanation/Reference:

  Increase your web site's performance and grow! Add Web-Stat to your site (it's free!) and watch individuals act together with your pages in real time. Learn how individuals realize your web site. Get details concerning every visitor's path through your web site and track pages that flip browsers into consumers. One-click install. observe locations, in operation systems, browsers and screen sizes and obtain alerts for new guests and conversions

• Question 87:

  In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

  A. Privilege Escalation
  B. Shoulder-Surfing
  C. Hacking Active Directory
  D. Port Scanning
  A. Privilege Escalation

• Question 88:

  When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of

  the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting

  to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

  How would an attacker exploit this design by launching TCP SYN attack?

  A. Attacker generates TCP SYN packets with random destination addresses towards a victim host
  B. Attacker floods TCP SYN packets with random source addresses towards a victim host
  C. Attacker generates TCP ACK packets with random source addresses towards a victim host
  D. Attacker generates TCP RST packets with random source addresses towards a victim host
  B. Attacker floods TCP SYN packets with random source addresses towards a victim host

• Question 89:

  Which of the following is the BEST way to defend against network sniffing?

  A. Using encryption protocols to secure network communications
  B. Register all machines MAC Address in a Centralized Database
  C. Use Static IP Address
  D. Restrict Physical Access to Server Rooms hosting Critical Servers
  A. Using encryption protocols to secure network communications

  ---

  Explanation/Reference:

  https://en.wikipedia.org/wiki/Sniffing_attack To prevent networks from sniffing attacks, organizations and individual users should keep away from applications using insecure protocols, like basic HTTP authentication, File Transfer Protocol (FTP), and Telnet. Instead, secure protocols such as HTTPS, Secure File Transfer Protocol (SFTP), and Secure Shell (SSH) should be preferred. In case there is a necessity for using any insecure protocol in any application, all the data transmission should be encrypted. If required, VPN (Virtual Private Networks) can be used to provide secure access to users. NOTE: I want to note that the wording "best option" is valid only for the EC-Council's exam since the other options will not help against sniffing or will only help from some specific attack vectors. The sniffing attack surface is huge. To protect against it, you will need to implement a complex of measures at all levels of abstraction and apply controls at the physical, administrative, and technical levels. However, encryption is indeed the best option of all, even if your data is intercepted - an attacker cannot understand it.

• Question 90:

  Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

  A. Evil twin attack
  B. DNS cache flooding
  C. MAC flooding
  D. DDoS attack
  C. MAC flooding