ExamGecko
Login
Home / ECCouncil / 312-50v12 / List of questions
Ask Question

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 11

Add to Whishlist

List of questions

Question 101

Report Export Collapse

Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

Disable unused ports in the switches
Disable unused ports in the switches
Separate students in a different VLAN
Separate students in a different VLAN
Use the 802.1x protocol
Use the 802.1x protocol
Ask students to use the wireless network
Ask students to use the wireless network
Suggested answer: C
asked 18/09/2024
Paul Beugelsdijk
44 questions

Question 102

Report Export Collapse

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes.

You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

tcp.port = = 21
tcp.port = = 21
tcp.port = 23
tcp.port = 23
tcp.port = = 21 | | tcp.port = =22
tcp.port = = 21 | | tcp.port = =22
tcp.port ! = 21
tcp.port ! = 21
Suggested answer: A
asked 18/09/2024
Sergio Quintero Angel
44 questions

Question 103

Report Export Collapse

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ""FTP on the network!"";)

A firewall IPTable
A firewall IPTable
FTP Server rule
FTP Server rule
A Router IPTable
A Router IPTable
An Intrusion Detection System
An Intrusion Detection System
Suggested answer: D
asked 18/09/2024
Suraj Porwal
43 questions

Question 104

Report Export Collapse

Which of the following program infects the system boot sector and the executable files at the same time?

Polymorphic virus
Polymorphic virus
Stealth virus
Stealth virus
Multipartite Virus
Multipartite Virus
Macro virus
Macro virus
Suggested answer: C
asked 18/09/2024
Maurille AGBISSIKO
40 questions

Question 105

Report Export Collapse

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

Randomizing
Randomizing
Bounding
Bounding
Mutating
Mutating
Fuzzing
Fuzzing
Suggested answer: D
asked 18/09/2024
Arash Rind
50 questions

Question 106

Report Export Collapse

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Protocol analyzer
Protocol analyzer
Network sniffer
Network sniffer
Intrusion Prevention System (IPS)
Intrusion Prevention System (IPS)
Vulnerability scanner
Vulnerability scanner
Suggested answer: A
asked 18/09/2024
Rama Krishna
42 questions

Question 107

Report Export Collapse

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Public
Public
Private
Private
Shared
Shared
Root
Root
Suggested answer: B
asked 18/09/2024
Oeurn Chan
31 questions

Question 108

Report Export Collapse

Why should the security analyst disable/remove unnecessary ISAPI filters?

To defend against social engineering attacks
To defend against social engineering attacks
To defend against webserver attacks
To defend against webserver attacks
To defend against jailbreaking
To defend against jailbreaking
To defend against wireless attacks
To defend against wireless attacks
Suggested answer: B
asked 18/09/2024
Prakash Varghese
41 questions

Question 109

Report Export Collapse

Which of the following is a component of a risk assessment?

Administrative safeguards
Administrative safeguards
Physical security
Physical security
DMZ
DMZ
Logical interface
Logical interface
Suggested answer: A
asked 18/09/2024
Joseph Bauer
45 questions

Question 110

Report Export Collapse

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: [email protected]

To: [email protected] Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ's email gateway doesn't prevent what?

Email Masquerading
Email Masquerading
Email Harvesting
Email Harvesting
Email Phishing
Email Phishing
Email Spoofing
Email Spoofing
Suggested answer: D
Explanation:

Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source. Because core email protocols do not have a built-in method of authentication, it is common for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message.

The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems and sometimes pose a real security threat.

asked 18/09/2024
Steven Bertoldi
36 questions
Total 573 questions
Go to page: of 58
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
What is correct about digital signatures?
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?
Which file is a rich target to discover the structure of a website during web-server footprinting?
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
The "Gray-box testing" methodology enforces what kind of restriction?
A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?