ExamGecko
Search Search Login
Home Home / ECCouncil / 112-51

ECCouncil 112-51 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?
Identify the UBA tool that collects user activity details from multiple sources and uses artificial intelligence and machine learning algorithms to perform user behavior analysis to prevent and detect various threats before the fraud is perpetrated.
Which of the following types of network traffic flow does not provide encryption in the data transfer process, and the data transfer between the sender and receiver is in plain text?
A major fire broke out in the storeroom of CyberSol Inc. It first gutted the equipment in the storeroom and then started spreading to other areas in the company. The officials of the company informed the fire department. The fire rescue team reached the premises and used a distribution piping system to suppress the fire, thereby preventing any human or asset loss. Identify the type of fire-fighting system used by the rescue team in the above scenario.
Which of the following types of network cable is made up of a single copper conductor at its center and a plastic layer that provides an insulated center conductor with a braided metal shield?
Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah's computer without her knowledge. This download might be due to the free Internet access and the absence of network defense solutions. Identify the Internet access policy demonstrated in the above scenario.
Which of the following algorithms is an iterated block cipher that works by repeating the defined steps multiple times and has a 128-bit block size, having key sizes of 128, 192, and 256 bits?
Steve was sharing his confidential file with John via an email that was digitally signed and encrypted. The digital signature was made using the 'Diffie-Hellman (X9.42) with DSS' algorithm, and the email was encrypted using triple DES. Which of the following protocols employs the above features to encrypt an email message?
Below is the list of encryption modes used in a wireless network. 1.WPA2 Enterprise with RADIUS 2.WPA3 3.WPA2 PSK 4.WPA2 Enterprise Identify the correct order of wireless encryption modes in terms of security from high to low.
Finch, a security professional, was instructed to strengthen the security at the entrance. At the doorway, he implemented a security mechanism that allows employees to register their retina scan and a unique six- digit code, using which they can enter the office at any time. Which of the following combinations of authentication mechanisms is implemented in the above scenario?

Question 1

Report
Export
Collapse

Which of the following algorithms uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes?

A.
MD5
A.
MD5
Answers
B.
SHA-2
B.
SHA-2
Answers
C.
SHA-3
C.
SHA-3
Answers
D.
MD6
D.
MD6
Answers
Suggested answer: C

Explanation:

SHA-3 is the algorithm that uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertible permutes. SHA-3 is a family of cryptographic hash functions that was standardized by NIST in 2015 as a successor to SHA-2. SHA-3 is based on the Keccak algorithm, which won the NIST hash function competition in 2012. SHA-3 uses a sponge construction, which is a simple iterated construction that can produce variable-length output from a fixed-length permutation. The sponge construction operates on a state of b bits, which is divided into two sections: the bitrate r and the capacity c. The sponge construction has two phases: the absorbing phase and the squeezing phase. In the absorbing phase, the input message is padded and divided into blocks of r bits. Each block is XORed into the first r bits of the state, and then the state is transformed by the permutation function f. This process continues until all the input blocks are processed. In the squeezing phase, the output is generated by repeatedly applying the permutation function f to the state and extracting the first r bits as output blocks. The output can be truncated to the desired length. SHA-3 uses a permutation function f that is based on a round function that consists of five steps: theta, rho, pi, chi, and iota. These steps perform bitwise operations, rotations, permutations, and additions on the state. The permutation function f is invertible, meaning that it can be reversed to obtain the previous state. SHA-3 has four variants with different output lengths: SHA3-224, SHA3-256, SHA3-384, and SHA3-512. SHA-3 also supports two additional modes: SHAKE128 and SHAKE256, which are extendable-output functions that can produce arbitrary-length output.

Reference:

Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-23 to 3-25

SHA-3 - Wikipedia, Wikipedia, March 16, 2021

The sponge and duplex constructions - Keccak Team, Keccak Team, 2020

Question 2

Report
Export
Collapse

Below are the various steps involved in the creation of a data retention policy.

1.Understand and determine the applicable legal requirements of the organization

2.Ensure that all employees understand the organization's data retention policy

3.Build a data retention policy development team

4.ldentify and classify the data to be included in the data retention policy

5.Develop the data retention policy

Identify the correct sequence of steps involved.

A.
3 -- >2 -- >5 -- >4 -- >1
A.
3 -- >2 -- >5 -- >4 -- >1
Answers
B.
3 -- >1 -- >4 -- >5 -- >2
B.
3 -- >1 -- >4 -- >5 -- >2
Answers
C.
1 -- >3 -- >4 -- >2 -- >5
C.
1 -- >3 -- >4 -- >2 -- >5
Answers
D.
1 -- >5 -- >4 -- >2 -- >3
D.
1 -- >5 -- >4 -- >2 -- >3
Answers
Suggested answer: B

Explanation:

The correct sequence of steps involved in the creation of a data retention policy is 3 -> 1 -> 4 -> 5 -> 2. This is based on the following description of the data retention policy creation process from the web search results:

Build a team: To design a data retention policy, you need a team of industry experts, such as legal, IT, compliance, and business representatives, who can contribute their knowledge and perspectives to the policy. The team should have a clear leader who can coordinate the tasks and communicate the goals and expectations1.

Determine legal requirements: The team should research and understand the applicable legal and regulatory requirements for data retention that affect the organization, such as GDPR, HIPAA, PCI DSS, etc. The team should also consider any contractual obligations or industry standards that may influence the data retention policy2134.

Identify and classify the data: The team should inventory and categorize all the data that the organization collects, stores, and processes, based on their function, subject, or type. The team should also assess the value, risk, and sensitivity of each data category, and determine the appropriate retention period, format, and location for each data category2134.

Develop the data retention policy: The team should draft the data retention policy document that outlines the purpose, scope, roles, responsibilities, procedures, and exceptions of the data retention policy. The policy should be clear, concise, and consistent, and should reflect the legal and business requirements of the organization. The policy should also include a data retention schedule that specifies the retention period and disposition method for each data category2134.

Ensure that all employees understand the organization's data retention policy: The team should communicate and distribute the data retention policy to all the relevant employees and stakeholders, and provide training and guidance on how to comply with the policy. The team should also monitor and enforce the policy, and review and update the policy regularly to reflect any changes in the legal or business environment2134.

How to Create a Data Retention Policy | Smartsheet, Smartsheet, July 17, 2019

What Is a Data Retention Policy? Best Practices + Template, Drata, November 29, 2023

Data Retention Policy: What It Is and How to Create One - SpinOne, SpinOne, 2020

How to Develop and Implement a Retention Policy - SecureScan, SecureScan, 2020

Question 3

Report
Export
Collapse

Which of the following acts was enacted in 2002 and aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures?

A.
Sarbanes-Oxley Act (SOX)
A.
Sarbanes-Oxley Act (SOX)
Answers
B.
Digital Millennium Copyright Act (DMCA)
B.
Digital Millennium Copyright Act (DMCA)
Answers
C.
Gramm-Leach-Bliley Act
C.
Gramm-Leach-Bliley Act
Answers
D.
Payment Card Industry-Data Security Standard (PCI-DSS)
D.
Payment Card Industry-Data Security Standard (PCI-DSS)
Answers
Suggested answer: A

Explanation:

The Sarbanes-Oxley Act (SOX) is a US law that was enacted in 2002 in response to the corporate scandals involving Enron, WorldCom, and others. The SOX aims to protect the public and investors by increasing the accuracy and reliability of corporate disclosures, such as financial statements, audit reports, and internal controls. The SOX also establishes the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing of public companies and imposes criminal penalties for fraud and non-compliance12.

Reference: Network Defense Essentials - EC-Council Learning, Sarbanes-Oxley Act of 2002 (SOX) | U.S. Department of Labor

Question 4

Report
Export
Collapse

Robert, an ISP, was instructed to provide network connectivity to all areas even if some locations are inaccessible to capture direct signals from wireless access points. In this process, Robert used a wireless network component that takes a signal from one access point and boosts its signal strength to create a new network.

Identify the component of the wireless network employed by Robert in the above scenario.

A.
Mobile hotspot
A.
Mobile hotspot
Answers
B.
Wireless bridge
B.
Wireless bridge
Answers
C.
Wireless NIC
C.
Wireless NIC
Answers
D.
Wireless repeater
D.
Wireless repeater
Answers
Suggested answer: D

Explanation:

A wireless repeater is a wireless network component that takes a signal from one access point and boosts its signal strength to create a new network. A wireless repeater can extend the range of a wireless network by repeating the signal from the original access point. This way, the wireless repeater can provide network connectivity to areas that are inaccessible to capture direct signals from the access point. In the scenario, Robert used a wireless repeater to provide network connectivity to all areas12.

Reference: Network Defense Essentials - EC-Council Learning, Understanding the Wireless Network Components

Question 5

Report
Export
Collapse

Jessica, a user, wanted to access the Internet from her laptop and therefore sends a connection request to the access point. To identify the wireless client, the access point forwarded that request to a RADIUS server.

The RADIUS server transmitted authentication keys to both the access point and Jessica's laptop. This key helps the access point identify a particular wireless client.

Identify the authentication method demonstrated in the above scenario.

A.
Shared key authentication
A.
Shared key authentication
Answers
B.
Null authentication
B.
Null authentication
Answers
C.
Open system authentication
C.
Open system authentication
Answers
D.
Centralized authentication
D.
Centralized authentication
Answers
Suggested answer: D

Explanation:

Centralized authentication is a method that uses a central server to authenticate users and devices on a network. The central server stores the credentials and access rights of the users and devices, and verifies them when they request to access the network resources. The central server can also provide encryption keys to the users and devices for secure communication. In the scenario, Jessica's laptop and the access point use a RADIUS server as the central server for authentication. The RADIUS server transmits authentication keys to both the access point and Jessica's laptop, which helps the access point identify the wireless client12.

Reference: Network Defense Essentials - EC-Council Learning, Centralized Authentication: What It Is and How It Works

Question 6

Report
Export
Collapse

Which of the following solutions is a software or a hardware device on a network or host that filters the incoming and outgoing traffic to prevent unauthorized access to private networks?

A.
Firewall
A.
Firewall
Answers
B.
Router
B.
Router
Answers
C.
Hub
C.
Hub
Answers
D.
Switch
D.
Switch
Answers
Suggested answer: A

Explanation:

A firewall is a software or a hardware device on a network or host that filters the incoming and outgoing traffic to prevent unauthorized access to private networks. A firewall can use various criteria, such as IP addresses, ports, protocols, or application rules, to allow or deny the traffic. A firewall can also perform other functions, such as logging, auditing, encryption, or proxy services. A firewall can be deployed at different levels of a network, such as network perimeter, network segment, or host level12.

Reference: Network Defense Essentials - EC-Council Learning, Firewall (computing) - Wikipedia

Question 7

Report
Export
Collapse

Which of the following techniques protects sensitive data by obscuring specific areas with random characters or codes?

A.
Data retention
A.
Data retention
Answers
B.
Data resilience
B.
Data resilience
Answers
C.
Data backup
C.
Data backup
Answers
D.
Data masking
D.
Data masking
Answers
Suggested answer: D

Question 8

Report
Export
Collapse

Which of the following components of VPN is used to manage tunnels and encapsulate private data?

A.
Remote network
A.
Remote network
Answers
B.
VPN protocol
B.
VPN protocol
Answers
C.
Network access server
C.
Network access server
Answers
D.
VPN client
D.
VPN client
Answers
Suggested answer: B

Explanation:

A VPN protocol is a component of VPN that is used to manage tunnels and encapsulate private data. A VPN protocol defines the rules and standards for establishing and maintaining a secure connection between the VPN client and the VPN server. A VPN protocol also specifies how the data is encrypted, authenticated, and transmitted over the tunnel. Some common VPN protocols are IPSec, SSL/TLS, PPTP, L2TP, and OpenVPN12.

Reference: Network Defense Essentials - EC-Council Learning, VPN Protocols Explained & Compared: OpenVPN, IPSec, PPTP, IKEv2

Question 9

Report
Export
Collapse

Which of the following practices helps security professionals protect mobile applications from various attacks?

A.
Always cache app data
A.
Always cache app data
Answers
B.
Use containerization for critical corporate data
B.
Use containerization for critical corporate data
Answers
C.
Use query string while handling sensitive data
C.
Use query string while handling sensitive data
Answers
D.
Allow apps to save passwords to avoid multiple logins
D.
Allow apps to save passwords to avoid multiple logins
Answers
Suggested answer: B

Explanation:

Containerization is a practice that helps security professionals protect mobile applications from various attacks. Containerization is a technique that isolates critical corporate data from the rest of the device data and applications. Containerization creates a secure and encrypted environment on the device where the corporate data and applications can be accessed and managed. This way, containerization prevents unauthorized access, data leakage, malware infection, or device theft from compromising the corporate data and applications12.

Reference: Network Defense Essentials - EC-Council Learning, Mobile Application Security: Containerization vs. App Wrapping vs. SDK

Question 10

Report
Export
Collapse

Which of the following layers of loT architecture employs protocols and networks for connecting, sending, and receiving data between devices and network?

A.
Device layer
A.
Device layer
Answers
B.
Cloud layer
B.
Cloud layer
Answers
C.
Communication layer
C.
Communication layer
Answers
D.
Process layer
D.
Process layer
Answers
Suggested answer: C

Explanation:

The communication layer of IoT architecture employs protocols and networks for connecting, sending, and receiving data between devices and network. The communication layer is responsible for enabling data exchange among the IoT devices and the cloud or other devices. The communication layer can use various types of networks, such as wired, wireless, cellular, or satellite, and various types of protocols, such as TCP/IP, MQTT, CoAP, or ZigBee12.

Reference: Network Defense Essentials - EC-Council Learning, IoT Architecture: The 4 Layers of an IoT System

Total 75 questions
Go to page: of 8
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms