ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 38

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Question 371

Report
Export
Collapse

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

A.
Performing content enumeration on the web server to discover hidden folders
A.
Performing content enumeration on the web server to discover hidden folders
Answers
B.
Using wget to perform banner grabbing on the webserver
B.
Using wget to perform banner grabbing on the webserver
Answers
C.
Flooding the web server with requests to perform a DoS attack
C.
Flooding the web server with requests to perform a DoS attack
Answers
D.
Downloading all the contents of the web page locally for further examination
D.
Downloading all the contents of the web page locally for further examination
Answers
Suggested answer: B

Explanation:

-q, --quiet quiet (no output)

-S, --server-response print server response

Question 372

Report
Export
Collapse

The security administrator of PLUS needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic.

After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network? access-list 102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any

A.
The ACL 104 needs to be first because is UDP
A.
The ACL 104 needs to be first because is UDP
Answers
B.
The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
B.
The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router
Answers
C.
The ACL for FTP must be before the ACL 110
C.
The ACL for FTP must be before the ACL 110
Answers
D.
The ACL 110 needs to be changed to port 80
D.
The ACL 110 needs to be changed to port 80
Answers
Suggested answer: B

Explanation:

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html Since the first line prohibits any TCP traffic (access-list 102 deny tcp any any), the lines below will simply be ignored by the router. Below you will find the example from CISCO documentation.

This figure shows that FTP (TCP, port 21) and FTP data (port 20) traffic sourced from NetB destined to NetA is denied, while all other IP traffic is permitted.

FTP uses port 21 and port 20. TCP traffic destined to port 21 and port 20 is denied and everything else is explicitly permitted. access-list 102 deny tcp any any eq ftp access-list 102 deny tcp any any eq ftp-data access-list 102 permit ip any any

Question 373

Report
Export
Collapse

Which of the following provides a security professional with most information about the system's security posture?

A.
Phishing, spamming, sending trojans
A.
Phishing, spamming, sending trojans
Answers
B.
Social engineering, company site browsing tailgating
B.
Social engineering, company site browsing tailgating
Answers
C.
Wardriving, warchalking, social engineering
C.
Wardriving, warchalking, social engineering
Answers
D.
Port scanning, banner grabbing service identification
D.
Port scanning, banner grabbing service identification
Answers
Suggested answer: D

Question 374

Report
Export
Collapse

Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?

A.
Data-driven firewall
A.
Data-driven firewall
Answers
B.
Packet firewall
B.
Packet firewall
Answers
C.
Web application firewall
C.
Web application firewall
Answers
D.
Stateful firewall
D.
Stateful firewall
Answers
Suggested answer: C

Explanation:

https://en.wikipedia.org/wiki/Web_application_firewall

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.

Question 375

Report
Export
Collapse

An attacker scans a host with the below command. Which three flags are set?

# nmap -sX host.domain.com

A.
This is SYN scan. SYN flag is set.
A.
This is SYN scan. SYN flag is set.
Answers
B.
This is Xmas scan. URG, PUSH and FIN are set.
B.
This is Xmas scan. URG, PUSH and FIN are set.
Answers
C.
This is ACK scan. ACK flag is set.
C.
This is ACK scan. ACK flag is set.
Answers
D.
This is Xmas scan. SYN and ACK flags are set.
D.
This is Xmas scan. SYN and ACK flags are set.
Answers
Suggested answer: B

Question 376

Report
Export
Collapse

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?

A.
Criminal
A.
Criminal
Answers
B.
International
B.
International
Answers
C.
Common
C.
Common
Answers
D.
Civil
D.
Civil
Answers
Suggested answer: D

Question 377

Report
Export
Collapse

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

A.
Role Based Access Control (RBAC)
A.
Role Based Access Control (RBAC)
Answers
B.
Discretionary Access Control (DAC)
B.
Discretionary Access Control (DAC)
Answers
C.
Single sign-on
C.
Single sign-on
Answers
D.
Windows authentication
D.
Windows authentication
Answers
Suggested answer: C

Question 378

Report
Export
Collapse

What would you enter if you wanted to perform a stealth scan using Nmap?

A.
nmap -sM
A.
nmap -sM
Answers
B.
nmap -sU
B.
nmap -sU
Answers
C.
nmap -sS
C.
nmap -sS
Answers
D.
nmap -sT
D.
nmap -sT
Answers
Suggested answer: C

Question 379

Report
Export
Collapse

Which protocol is used for setting up secure channels between two devices, typically in VPNs?

A.
PEM
A.
PEM
Answers
B.
ppp
B.
ppp
Answers
C.
IPSEC
C.
IPSEC
Answers
D.
SET
D.
SET
Answers
Suggested answer: C

Question 380

Report
Export
Collapse

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

A.
The nmap syntax is wrong.
A.
The nmap syntax is wrong.
Answers
B.
This is a common behavior for a corrupted nmap application.
B.
This is a common behavior for a corrupted nmap application.
Answers
C.
The outgoing TCP/IP fingerprinting is blocked by the host firewall.
C.
The outgoing TCP/IP fingerprinting is blocked by the host firewall.
Answers
D.
OS Scan requires root privileges.
D.
OS Scan requires root privileges.
Answers
Suggested answer: D
Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms