ExamGecko
Login
Home / ECCouncil / 312-50v12 / List of questions
Ask Question

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 10

Add to Whishlist

List of questions

Question 91

Report Export Collapse

What is the purpose of a demilitarized zone on a network?

To scan all traffic coming through the DMZ to the internal network
To scan all traffic coming through the DMZ to the internal network
To only provide direct access to the nodes within the DMZ and protect the network behind it
To only provide direct access to the nodes within the DMZ and protect the network behind it
To provide a place to put the honeypot
To provide a place to put the honeypot
To contain the network devices you wish to protect
To contain the network devices you wish to protect
Suggested answer: B
asked 18/09/2024
Melissa Taylor
33 questions

Question 92

Report Export Collapse

Which of the following Linux commands will resolve a domain name into IP address?

>host-t a hackeddomain.com
>host-t a hackeddomain.com
>host-t ns hackeddomain.com
>host-t ns hackeddomain.com
>host -t soa hackeddomain.com
>host -t soa hackeddomain.com
>host -t AXFR hackeddomain.com
>host -t AXFR hackeddomain.com
Suggested answer: A
asked 18/09/2024
Jorge Pinto
33 questions

Question 93

Report Export Collapse

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

Linux
Linux
Unix
Unix
OS X
OS X
Windows
Windows
Suggested answer: D
asked 18/09/2024
ce temp2
51 questions

Question 94

Report Export Collapse

Which regulation defines security and privacy controls for Federal information systems and organizations?

HIPAA
HIPAA
EU Safe Harbor
EU Safe Harbor
PCI-DSS
PCI-DSS
NIST-800-53
NIST-800-53
Suggested answer: D
Explanation:

NIST Special Publication 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security

Modernization Act of 2014 (FISMA) and to help with managing cost-effective programs to protect their information and information systems.

asked 18/09/2024
dennis schouwenaars
41 questions

Question 95

Report Export Collapse

What is a "Collision attack" in cryptography?

Collision attacks try to get the public key
Collision attacks try to get the public key
Collision attacks try to break the hash into three parts to get the plaintext value
Collision attacks try to break the hash into three parts to get the plaintext value
Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key
Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key
Collision attacks try to find two inputs producing the same hash
Collision attacks try to find two inputs producing the same hash
Suggested answer: D
asked 18/09/2024
Maria Telan
36 questions

Question 96

Report Export Collapse

Which of the following tools can be used for passive OS fingerprinting?

nmap
nmap
tcpdump
tcpdump
tracert
tracert
ping
ping
Suggested answer: B
asked 18/09/2024
Bhavani Simhadri
33 questions

Question 97

Report Export Collapse

Which of the following describes the characteristics of a Boot Sector Virus?

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.
Modifies directory table entries so that directory entries point to the virus code instead of the actual program.
Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
Overwrites the original MBR and only executes the new virus code.
Overwrites the original MBR and only executes the new virus code.
Suggested answer: C
asked 18/09/2024
Dawit Abegaz
30 questions

Question 98

Report Export Collapse

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Use the built-in Windows Update tool
Use the built-in Windows Update tool
Use a scan tool like Nessus
Use a scan tool like Nessus
Check MITRE.org for the latest list of CVE findings
Check MITRE.org for the latest list of CVE findings
Create a disk image of a clean Windows installation
Create a disk image of a clean Windows installation
Suggested answer: B
asked 18/09/2024
Djordje Novakovic
44 questions

Question 99

Report Export Collapse

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

nessus
nessus
tcpdump
tcpdump
ethereal
ethereal
jack the ripper
jack the ripper
Suggested answer: B
Explanation:

Tcpdump is a data-network packet analyzer computer program that runs under a command-line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

https://www.wireshark.org/

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

NOTE: Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

asked 18/09/2024
Edwin Lebron
43 questions

Question 100

Report Export Collapse

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Spanning tree
Spanning tree
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
Port security
Port security
Layer 2 Attack Prevention Protocol (LAPP)
Layer 2 Attack Prevention Protocol (LAPP)
Suggested answer: B
Explanation:

Dynamic ARP inspection (DAI) protects switching devices against Address Resolution Protocol (ARP) packet spoofing (also known as ARP poisoning or ARP cache poisoning).

DAI inspects ARPs on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those comparisons. When an attacker tries to use a forged ARP packet to spoof an address, the switch compares the address with entries in the database. If the media access control (MAC) address or IP address in the ARP packet does not match a valid entry in the DHCP snooping database, the packet is dropped.

asked 18/09/2024
Flora Hundal
38 questions
Total 573 questions
Go to page: of 58
Open VPLUS File
Convert VPLUS to PDF

Related questions

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
What is correct about digital signatures?
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?
Which file is a rich target to discover the structure of a website during web-server footprinting?
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
The "Gray-box testing" methodology enforces what kind of restriction?
A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?