ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 39

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Question 381

Report
Export
Collapse

What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability?

A.
SYN Flood
A.
SYN Flood
Answers
B.
SSH
B.
SSH
Answers
C.
Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
C.
Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
Answers
D.
Manipulate format strings in text fields
D.
Manipulate format strings in text fields
Answers
Suggested answer: C

Question 382

Report
Export
Collapse

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?

TCP port 21 no response

TCP port 22 no response

TCP port 23 Time-to-live exceeded

A.
The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
A.
The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
Answers
B.
The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
B.
The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
Answers
C.
The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
C.
The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
Answers
D.
The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host
D.
The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host
Answers
Suggested answer: C

Question 383

Report
Export
Collapse

#!/usr/bin/python import socket buffer=[""A""] counter=50 while len(buffer)<=100: buffer.append (""A""*counter) counter=counter+50 commands= [""HELP"",""STATS ."",""RTIME ."",""LTIME. "",""SRUN ."',""TRUN ."",""GMON ."",""GDOG ."",""KSTET .",""GTER ."",""HTER ."", ""LTER .",""KSTAN .""] for command in commands: for buffstring in buffer: print ""Exploiting"" +command +"":""+str(len(buffstring)) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect

(('127.0.0.1', 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for?

A.
Denial-of-service (DOS)
A.
Denial-of-service (DOS)
Answers
B.
Buffer Overflow
B.
Buffer Overflow
Answers
C.
Bruteforce
C.
Bruteforce
Answers
D.
Encryption
D.
Encryption
Answers
Suggested answer: B

Question 384

Report
Export
Collapse

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

A.
Presentation tier
A.
Presentation tier
Answers
B.
Application Layer
B.
Application Layer
Answers
C.
Logic tier
C.
Logic tier
Answers
D.
Data tier
D.
Data tier
Answers
Suggested answer: C

Question 385

Report
Export
Collapse

In both pharming and phishing attacks, an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims.

What is the difference between pharming and phishing attacks?

A.
In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name
A.
In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name
Answers
B.
In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name
B.
In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name
Answers
C.
Both pharming and phishing attacks are purely technical and are not considered forms of social engineering
C.
Both pharming and phishing attacks are purely technical and are not considered forms of social engineering
Answers
D.
Both pharming and phishing attacks are identical
D.
Both pharming and phishing attacks are identical
Answers
Suggested answer: A

Question 386

Report
Export
Collapse

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication "open" but sets the SSID to a 32-character string of random letters and numbers.

What is an accurate assessment of this scenario from a security perspective?

A.
Since the SSID is required in order to connect, the 32-character string is sufficient to prevent bruteforce attacks.
A.
Since the SSID is required in order to connect, the 32-character string is sufficient to prevent bruteforce attacks.
Answers
B.
Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging "security through obscurity".
B.
Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging "security through obscurity".
Answers
C.
It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.
C.
It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.
Answers
D.
Javik's router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.
D.
Javik's router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.
Answers
Suggested answer: C

Question 387

Report
Export
Collapse

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

A.
Heuristic Analysis
A.
Heuristic Analysis
Answers
B.
Code Emulation
B.
Code Emulation
Answers
C.
Scanning
C.
Scanning
Answers
D.
Integrity checking
D.
Integrity checking
Answers
Suggested answer: B

Question 388

Report
Export
Collapse

Which of the following statements is TRUE?

A.
Packet Sniffers operate on the Layer 1 of the OSI model.
A.
Packet Sniffers operate on the Layer 1 of the OSI model.
Answers
B.
Packet Sniffers operate on Layer 2 of the OSI model.
B.
Packet Sniffers operate on Layer 2 of the OSI model.
Answers
C.
Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
C.
Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
Answers
D.
Packet Sniffers operate on Layer 3 of the OSI model.
D.
Packet Sniffers operate on Layer 3 of the OSI model.
Answers
Suggested answer: B

Question 389

Report
Export
Collapse

Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

A.
"GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
A.
"GET /restricted/goldtransfer?to=Rob&from=1 or 1=1' HTTP/1.1Host: westbank.com"
Answers
B.
"GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com"
B.
"GET /restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com"
Answers
C.
"GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com"
C.
"GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com"
Answers
D.
"GET /restricted/ HTTP/1.1 Host: westbank.com
D.
"GET /restricted/ HTTP/1.1 Host: westbank.com
Answers
Suggested answer: C

Explanation:

This question shows a classic example of an IDOR vulnerability. Rob substitutes Ned's name in the "name" parameter and if the developer has not fixed this vulnerability, then Rob will gain access to Ned's account. Below you will find more detailed information about IDOR vulnerability.

Insecure direct object references (IDOR) are a cybersecurity issue that occurs when a web application developer uses an identifier for direct access to an internal implementation object but provides no additional access control and/or authorization checks. For example, an IDOR vulnerability would happen if the URL of a transaction could be changed through client-side user input to show unauthorized data of another transaction.

Most web applications use simple IDs to reference objects. For example, a user in a database will usually be referred to via the user ID. The same user ID is the primary key to the database column containing user information and is generated automatically. The database key generation algorithm is very simple: it usually uses the next available integer. The same database ID generation mechanisms are used for all other types of database records.

The approach described above is legitimate but not recommended because it could enable the attacker to enumerate all users. If it's necessary to maintain this approach, the developer must at least make absolutely sure that more than just a reference is needed to access resources. For example, let's say that the web application displays transaction details using the following URL:

https://www.example.com/transaction.php?id=74656

A malicious hacker could try to substitute the id parameter value 74656 with other similar values, for example:

https://www.example.com/transaction.php?id=74657

The 74657 transaction could be a valid transaction belonging to another user. The malicious hacker should not be authorized to see it. However, if the developer made an error, the attacker would see this transaction and hence we would have an insecure direct object reference vulnerability.

Question 390

Report
Export
Collapse

Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

A.
False-negative
A.
False-negative
Answers
B.
False-positive
B.
False-positive
Answers
C.
Brute force attack
C.
Brute force attack
Answers
D.
Backdoor
D.
Backdoor
Answers
Suggested answer: B

Explanation:

https://www.infocyte.com/blog/2019/02/16/cybersecurity-101-what-you-need-to-know-aboutfalse- positives-and-false-negatives/ False positives are mislabeled security alerts, indicating there is a threat when in actuality, there isn't. These false/non-malicious alerts (SIEM events) increase noise for already over-worked security teams and can include software bugs, poorly written software, or unrecognized network traffic.

False negatives are uncaught cyber threats — overlooked by security tooling because they're dormant, highly sophisticated (i.e. file-less or capable of lateral movement) or the security infrastructure in place lacks the technological ability to detect these attacks.

Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms