Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 22

Question list

List of questions

Question 211

(0)

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Question 212

(0)

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system

Question 213

(0)

Why containers are less secure that virtual machines?

Question 214

(0)

These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?

Question 215

(0)

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail.

Question 216

(0)

In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

Question 217

(0)

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Question 218

(0)

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Question 219

(0)

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, i

Question 220

(0)

What is the minimum number of network connections in a multi homed firewall?

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Question 211

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Symmetric encryption allows the server to securely transmit the session keys out-of-band.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

Show Answer Comment (0)

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Data items and vulnerability scanning

Interviewing employees and network engineers

Reviewing the firewalls configuration

Source code review

Show Answer Comment (0)

Question 213

Why containers are less secure that virtual machines?

Host OS on containers has a larger surface attack.

Containers may full fill disk space of the host.

A compromise container may cause a CPU starvation of the host.

Containers are attached to the same virtual network.

Show Answer Comment (0)

Question 214

These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

Black-Hat Hackers A

Script Kiddies

White-Hat Hackers

Gray-Hat Hacker

Show Answer Comment (0)

Question 215

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail.

What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

Authentication

Confidentiality

Integrity

Non-Repudiation

Show Answer Comment (0)

Question 216

In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

Extraction of cryptographic secrets through coercion or torture.

Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.

A backdoor placed into a cryptographic algorithm by its creator.

Show Answer Comment (0)

Question 217

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Black-box

Announced

White-box

Grey-box

Show Answer Comment (0)

Question 218

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Determines if any flaws exist in systems, policies, or procedures

Assigns values to risk probabilities; Impact values.

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Show Answer Comment (0)

Question 219

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

Time Keeper

NTP

PPP

OSPP

Show Answer Comment (0)