EC-COUNCIL 312-50V13 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V13 Online Questions & Answers

• Question 221:

  You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, and power grid management The city administration is concerned about the possibility of a Distributed Denial of Service (DDoS) attack crippling these critical services. They have asked you for advice on how to prevent such an attack. What would be your primary recommendation?

  A. Implement regular firmware updates for all loT devices.
  B. A Deploy network intrusion detection systems (IDS) across the loT network.
  C. Establish strong, unique passwords for each loT device.
  D. Implement IP address whitelisting for all loT devices.
  A. Implement regular firmware updates for all loT devices.

  ---

  Explanation

  Implementing regular firmware updates for all IoT devices is the primary recommendation to prevent DDoS attacks on the smart city project. Firmware updates can fix security vulnerabilities, patch bugs, and improve performance of the IoT devices, making them less susceptible to malware infections and botnet recruitment12. Firmware updates can also enable new security features, such as encryption, authentication, and firewall, that can protect the IoT devices from unauthorized access and data theft3.

  Firmware updates should be done automatically or remotely, without requiring user intervention, to ensure timely and consistent security across the IoT network4.

  The other options are not as effective or feasible as firmware updates for the following reasons:

  B. Deploying network intrusion detection systems (IDS) across the IoT network can help detect and alert DDoS attacks, but not prevent them. IDS can monitor network traffic and identify malicious patterns, such as high volume, spoofed IP addresses, or unusual protocols, that indicate a DDoS attack5. However, IDS cannot block or mitigate the attack, and may even be overwhelmed by the flood of traffic, resulting in false positives or missed alerts. Moreover, deploying IDS across a vast network of IoT

  devices can be costly, complex, and resource-intensive, as it requires dedicated hardware, software, and personnel.

  C. Establishing strong, unique passwords for each IoT device can prevent unauthorized access and brute-force attacks, but not DDoS attacks. Passwords can protect the IoT devices from being compromised by hackers who try to guess or crack the default or weak credentials. However, passwords cannot prevent DDoS attacks that exploit known or unknown vulnerabilities in the IoT devices, such as buffer overflows, command injections, or protocol flaws. Moreover, establishing and managing strong, unique

  passwords for each IoT device can be challenging and impractical, as it requires user awareness, memory, and effort.

  D. Implementing IP address whitelisting for all IoT devices can restrict network access and communication to trusted sources, but not DDoS attacks. IP address whitelisting can filter out unwanted or malicious traffic by allowing only the predefined IP addresses to connect to the IoT devices. However, IP address whitelisting cannot prevent DDoS attacks that use spoofed or legitimate IP addresses, such as reflection or amplification attacks, that bypass the whitelisting rules. Moreover, implementing IP address

  whitelisting for all IoT devices can be difficult and risky, as it requires constant updating, testing, and monitoring of the whitelist, and may block legitimate or emergency traffic by mistake.

  References:

  1: How to proactively protect IoT devices from DDoS attacks - Synopsys

  2: IoT and DDoS: Cyberattacks on the Rise | A10 Networks

  3: Detection and Prevention of DDoS Attacks on the IoT - MDPI

  4: How to Secure IoT Devices: 5 Best Practices | IoT For All

  5: Intrusion Detection Systems (IDS) Part 1 - Network Security | Coursera

  DDoS Attacks: Detection and Mitigation - Cisco The Challenges of IoT Security - Infosec Resources IoT Security: How to Protect Connected Devices and the IoT Ecosystem | Kaspersky IoT Security: Common Vulnerabilities and Attacks | IoT For All The Password Problem: How to Use Passwords Effectively in 2021 | Dashlane Blog What is IP Whitelisting? | Cloudflare DDoS Attacks: Types, Techniques, and Protection | Cloudflare IP Whitelisting: Pros and Cons | Imperva

• Question 222:

  Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?

  A. UDP hijacking
  B. Blind hijacking
  C. TCP/IP hacking
  D. Forbidden attack
  C. TCP/IP hacking

  ---

  Explanation

  A TCP/IP hijack is an attack that spoofs a server into thinking it's talking with a sound client, once actually it' s communication with an assaulter that has condemned (or hijacked) the tcp session. Assume that the client has administrator-level privileges, which the attacker needs to steal that authority so as to form a brand new account with root-level access of the server to be used afterward. A tcp Hijacking is sort of a two-phased man- in-the-middle attack. The man-in-the-middle assaulter lurks within the circuit between a shopper and a server so as to work out what port and sequence numbers are being employed for the conversation.

  First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with some reasonably ICMP storm. This renders the client unable to transmit any packets to the server. Then, with the client crashed, the attacker assumes the client's identity so as to talk with the server. By this suggests, the attacker gains administrator-level access to the server.

  One of the most effective means of preventing a hijack attack is to want a secret, that's a shared secret between the shopper and also the server. looking on the strength of security desired, the key may be used for random exchanges. this is often once a client and server periodically challenge each other, or it will occur with each exchange, like Kerberos.

• Question 223:

  Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

  A. Burp Suite
  B. OpenVAS
  C. tshark
  D. Kismet
  D. Kismet

  ---

  Explanation

  In CEH v13 Module 11: Hacking Wireless Networks, Kismet is introduced as a passive wireless sniffer and network detector used primarily on Linux systems.

  Kismet passively listens for wireless beacons and data frames.

  Can detect hidden SSIDs, rogue APs, and even wireless client behaviors.

  Does not transmit any packets, making it stealthy and ideal for wireless reconnaissance.

  Option Analysis:

  A. Burp Suite: Used for web application testing, not wireless.

  B. OpenVAS: Vulnerability scanner, not a packet sniffer.

  C. tshark: CLI version of Wireshark, can analyze wired and wireless packets, but not wireless-specific or passive by default.

  D. Kismet: Correct wireless packet analyzer for Linux.

  Module 11 - Wireless Tools for Reconnaissance

  CEH iLabs: Wireless Packet Capturing Using Kismet

• Question 224:

  While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

  A. Conduct stealth scan
  B. Conduct ICMP scan
  C. Conduct IDLE scan
  D. Conduct silent scan
  C. Conduct IDLE scan

  ---

  Explanation

  Once a suitable zombie has been found, performing a scan is easy. Simply specify the zombie hostname to the -sI option and Nmap does the rest. Example 5.19 shows an example of Ereet scanning the Recording Industry Association of America by bouncing an idle scan off an Adobe machine named Kiosk.

  Example 5.19. An idle scan against the RIAA

  # nmap -Pn -p- -sI kiosk.adobe.com www.riaa.com

  Starting

  Nmap ( http://nmap.org )

  Idlescan using zombie kiosk.adobe.com (192.150.13.111:80); Class: Incremental Nmap scan report for 208.225.90.120

  (The 65522 ports scanned but not shown below are in state: closed)

  Port State Service

  21/tcp open ftp

  25/tcp open smtp

  80/tcp open http

  111/tcp open sunrpc

  135/tcp open loc-srv

  443/tcp open https

  1027/tcp open IIS

  1030/tcp open iad1

  2306/tcp open unknown

  5631/tcp open pcanywheredata

  7937/tcp open unknown

  7938/tcp open unknown

  36890/tcp open unknown

  Nmap done: 1 IP address (1 host up) scanned in 2594.47 seconds

• Question 225:

  Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc.) for a Domain.

  What do you think Tess King is trying to accomplish? Select the best answer.

  A. A zone harvesting
  B. A zone transfer
  C. A zone update
  D. A zone estimate
  B. A zone transfer

  ---

  Explanation

  Tess King is attempting to gather all DNS records from a target zone. This process is referred to as a zone transfer (AXFR), which is typically performed by secondary name servers to synchronize DNS data with the primary. If improperly secured, attackers can initiate unauthorized zone transfers to enumerate valuable information such as:

  Hostnames

  IP addresses

  Mail servers

  Name servers

  CEH v13 defines a zone transfer as a crucial step in DNS enumeration.

  From CEH v13 Official Courseware:

  Module 3: Scanning Networks

  Topic: DNS Enumeration # Zone Transfers

  CEH v13 Study Guide states:

  "A zone transfer (AXFR) is a DNS transaction used to replicate DNS databases. Attackers can exploit this feature to extract all DNS information from an improperly secured server."

  Incorrect Options:

  A. Zone harvesting is not a formal term.

  C. Zone update refers to DNS dynamic update operations (e.g., DDNS).

  D. Zone estimate is not a DNS-related process.

  CEH v13 Study Guide - Module 3: DNS Enumeration # Zone TransfersRFC 5936 - DNS Zone Transfer Protocol

• Question 226:

  A penetration tester is evaluating the security of a mobile application and discovers that it lacks proper input validation. The tester suspects that the application is vulnerable to a malicious code injection attack. What is the most effective way to confirm and exploit this vulnerability?

  A. Perform a brute-force attack on the application's login page to guess weak credentials
  B. Inject a malicious JavaScript code into the input fields and observe the application's behavior
  C. Use directory traversal to access sensitive files stored in the application's internal storage
  D. Execute a dictionary attack on the mobile app's encryption algorithm
  B. Inject a malicious JavaScript code into the input fields and observe the application's behavior

  ---

  Explanation

  CEH teaches that insufficient input validation on mobile applications enables code injection attacks. Injecting JavaScript or crafted payloads into fields validates whether the application improperly processes untrusted data. If executed, it confirms that the app is vulnerable to injection-based attacks.

• Question 227:

  This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve.

  Which is this wireless security protocol?

  A. WPA2 Personal
  B. WPA3-Personal
  C. WPA2-Enterprise
  D. WPA3-Enterprise
  D. WPA3-Enterprise

  ---

  Explanation

  Enterprise, governments, and financial institutions have greater security with WPA3-Enterprise. WPA3- Enterprise builds upon WPA2 and ensures the consistent application of security protocol across the network.

  WPA3-Enterprise also offers an optional mode using 192-bit minimum-strength security protocols and cryptographic tools to raised protect sensitive data:

  1. Authenticated encryption: 256-bit Galois/Counter Mode Protocol (GCMP-256) 2. Key derivation and confirmation: 384-bit Hashed Message Authentication Mode (HMAC) with Secure Hash Algorithm (HMAC-SHA384) 3. Key establishment and authentication: Elliptic Curve Diffie-Hellman (ECDH) exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) employing a 384-bit elliptic curve 4. Robust management frame protection: 256-bit Broadcast/Multicast Integrity Protocol Galois Message Authentication Code (BIP-GMAC-256)

  The 192-bit security mode offered by WPA3-Enterprise ensures the proper combination of cryptographic tools are used and sets a uniform baseline of security within a WPA3 network.

  It protects sensitive data using many cryptographic algorithms It provides authenticated encryption using GCMP-256 It uses HMAC-SHA-384 to generate cryptographic keys It uses ECDSA-384 for exchanging keys

• Question 228:

  If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

  A. Traceroute
  B. Hping
  C. TCP ping
  D. Broadcast ping
  B. Hping

  ---

  Explanation

  http://www.carnal0wnage.com/papers/LSO-Hping2-Basics.pdf

• Question 229:

  In your cybersecurity class, you are learning about common security risks associated with web servers. One topic that comes up is the risk posed by using default server settings. Why is using default settings ona web - server considered a security risk, and what would be the best initial step to mitigate this risk?

  A. Default settings cause server malfunctions; simplify the settings
  B. Default settings allow unlimited login attempts; setup account lockout
  C. Default settings reveal server software type; change these settings
  D. Default settings enable auto-updates; disable and manually patch
  C. Default settings reveal server software type; change these settings

  ---

  Explanation

  Using default settings on a web server is considered a security risk because it can reveal the server software type and version, which can help attackers identify potential vulnerabilities and launch targeted attacks. For example, if the default settings include a server signature that displays the name and version of the web server software, such as Apache 2.4.46, an attacker can search for known exploits or bugs that affect that specific software and version. Additionally, default settings may also include other insecure configurations, such as weak passwords, unnecessary services, or open ports, that can expose the web server to unauthorized access or compromise.

  The best initial step to mitigate this risk is to change the default settings to hide or obscure the server software type and version, as well as to disable or remove any unnecessary or insecure features. For example, to hide the server signature, one can modify the ServerTokens and ServerSignature directives in the Apache configuration file1. Alternatively, one can use a web application firewall or a reverse proxy to mask the server information from the client requests2. Changing the default settings can reduce the attack surface and make it harder for attackers to exploit the web server.

  References:

  How to Hide Apache Version Number and Other Sensitive Info How to hide server information from HTTP headers? - Stack Overflow

• Question 230:

  Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring.

  Which of the following is this type of solution?

  A. SaaS
  B. IaaS
  C. CaaS
  D. PasS
  A. SaaS

  ---

  Explanation

  Software as a service (SaaS) allows users to attach to and use cloud-based apps over the web. Common examples ar email, calendaring and workplace tool (such as Microsoft workplace 365).

  SaaS provides a whole software solution that you get on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organisation and your users connect with it over the web, typically with an internet browser. All of the underlying infrastructure, middleware, app software system and app knowledge ar located within the service provider's knowledge center. The service provider manages the hardware and software system and with the appropriate service agreement, can make sure the availability and also the security of the app and your data as well. SaaS allows your organisation to induce quickly up and running with an app at token upfront cost.

  Common SaaS scenarios

  This tool having used a web-based email service like Outlook, Hotmail or Yahoo! Mail, then you have got already used a form of SaaS. With these services, you log into your account over the web, typically from an internet browser. the e-mail software system is found on the service provider's network and your messages ar hold on there moreover. you can access your email and hold on messages from an internet browser on any laptop or Internet-connected device.

  The previous examples are free services for personal use. For organisational use, you can rent productivity apps, like email, collaboration and calendaring; and sophisticated business applications like client relationship management (CRM), enterprise resource coming up with (ERP) and document management. You buy the use of those apps by subscription or per the level of use.

  Advantages of SaaS

  Gain access to stylish applications. to supply SaaS apps to users, you don't ought to purchase, install, update or maintain any hardware, middleware or software system. SaaS makes even sophisticated enterprise applications, like ERP and CRM, affordable for organisations that lack the resources to shop for, deploy and manage the specified infrastructure and software system themselves.

  Pay just for what you utilize. you furthermore may economize because the SaaS service automatically scales up and down per the level of usage.

  Use free shopper software system. Users will run most SaaS apps directly from their web browser without needing to transfer and install any software system, though some apps need plugins. this suggests that you simply don't ought to purchase and install special software system for your users.

  Mobilise your hands simply. SaaS makes it simple to "mobilise" your hands as a result of users will access SaaS apps and knowledge from any Internet-connected laptop or mobile device. You don't ought to worry concerning developing apps to run on differing types of computers and devices as a result of the service supplier has already done therefore. additionally, you don't ought to bring special experience aboard to manage the safety problems inherent in mobile computing. A fastidiously chosen service supplier can make sure the security of your knowledge, no matter the sort of device intense it.

  Access app knowledge from anyplace. With knowledge hold on within the cloud, users will access their info from any Internet-connected laptop or mobile device. And once app knowledge is hold on within the cloud, no knowledge is lost if a user's laptop or device fails.