ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Question 181

Report
Export
Collapse

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers, We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats.

Simply visit the link below and enter your antivirus code:

or you may contact us at the following address:

Media Internet Consultants, Edif. Neptuno, Planta

Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

A.
Look at the website design, if it looks professional then it is a Real Anti-Virus website
A.
Look at the website design, if it looks professional then it is a Real Anti-Virus website
Answers
B.
Connect to the site using SSL, if you are successful then the website is genuine
B.
Connect to the site using SSL, if you are successful then the website is genuine
Answers
C.
Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
C.
Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site
Answers
D.
Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
D.
Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
Answers
E.
Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
E.
Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware
Answers
Suggested answer: C

Question 182

Report
Export
Collapse

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

A.
Information Audit Policy (IAP)
A.
Information Audit Policy (IAP)
Answers
B.
Information Security Policy (ISP)
B.
Information Security Policy (ISP)
Answers
C.
Penetration Testing Policy (PTP)
C.
Penetration Testing Policy (PTP)
Answers
D.
Company Compliance Policy (CCP)
D.
Company Compliance Policy (CCP)
Answers
Suggested answer: B

Question 183

Report
Export
Collapse

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

A.
Configure the Web Server to deny requests involving "hex encoded" characters
A.
Configure the Web Server to deny requests involving "hex encoded" characters
Answers
B.
Create rules in IDS to alert on strange Unicode requests
B.
Create rules in IDS to alert on strange Unicode requests
Answers
C.
Use SSL authentication on Web Servers
C.
Use SSL authentication on Web Servers
Answers
D.
Enable Active Scripts Detection at the firewall and routers
D.
Enable Active Scripts Detection at the firewall and routers
Answers
Suggested answer: B

Question 184

Report
Export
Collapse

Which type of sniffing technique is generally referred as MiTM attack?

A.
Password Sniffing
A.
Password Sniffing
Answers
B.
ARP Poisoning
B.
ARP Poisoning
Answers
C.
Mac Flooding
C.
Mac Flooding
Answers
D.
DHCP Sniffing
D.
DHCP Sniffing
Answers
Suggested answer: B

Question 185

Report
Export
Collapse

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

A.
Switch then acts as hub by broadcasting packets to all machines on the network
A.
Switch then acts as hub by broadcasting packets to all machines on the network
Answers
B.
The CAM overflow table will cause the switch to crash causing Denial of Service
B.
The CAM overflow table will cause the switch to crash causing Denial of Service
Answers
C.
The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
C.
The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
Answers
D.
Every packet is dropped and the switch sends out SNMP alerts to the IDS port
D.
Every packet is dropped and the switch sends out SNMP alerts to the IDS port
Answers
Suggested answer: A

Question 186

Report
Export
Collapse

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

A.
Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
A.
Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
Answers
B.
"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
B.
"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
Answers
C.
"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
C.
"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
Answers
D.
Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
D.
Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
Answers
Suggested answer: A

Question 187

Report
Export
Collapse

How does a denial-of-service attack work?

A.
A hacker prevents a legitimate user (or group of users) from accessing a service
A.
A hacker prevents a legitimate user (or group of users) from accessing a service
Answers
B.
A hacker uses every character, word, or letter he or she can think of to defeat authentication
B.
A hacker uses every character, word, or letter he or she can think of to defeat authentication
Answers
C.
A hacker tries to decipher a password by using a system, which subsequently crashes the network
C.
A hacker tries to decipher a password by using a system, which subsequently crashes the network
Answers
D.
A hacker attempts to imitate a legitimate user by confusing a computer or even another person
D.
A hacker attempts to imitate a legitimate user by confusing a computer or even another person
Answers
Suggested answer: A

Question 188

Report
Export
Collapse

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

A.
Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
A.
Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
Answers
B.
Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
B.
Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
Answers
C.
Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"
C.
Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"
Answers
D.
Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques
D.
Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques
Answers
Suggested answer: B

Question 189

Report
Export
Collapse

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

A.
Cross-site-scripting attack
A.
Cross-site-scripting attack
Answers
B.
SQL Injection
B.
SQL Injection
Answers
C.
URL Traversal attack
C.
URL Traversal attack
Answers
D.
Buffer Overflow attack
D.
Buffer Overflow attack
Answers
Suggested answer: A

Question 190

Report
Export
Collapse

Which utility will tell you in real time which ports are listening or in another state?

A.
Netstat
A.
Netstat
Answers
B.
TCPView
B.
TCPView
Answers
C.
Nmap
C.
Nmap
Answers
D.
Loki
D.
Loki
Answers
Suggested answer: B
Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms