ECCouncil 312-50v12 Practice Test - Questions Answers, Page 4

https://en.wikipedia.org/wiki/Clickjacking Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.

File system permissions Processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself, are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.

Adversaries may use this technique to replace legitimate binaries with malicious ones as a means of executing code at a higher permissions level. If the executing process is set to run at a specific time or during a certain event (e.g., system bootup) then this technique can also be used for persistence.

Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds. Success depends on the set of predefined values. It will take more time if it is larger, but there is a better probability of success. In a traditional brute-force attack, the passcode or password is incrementally increased by one letter/number each time until the right passcode/password is found.

https://nmap.org/book/man-output.html -oX - Requests that XML output be directed to the given filename.

Incorrect answers:

Run an express scan https://nmap.org/book/man-port-specification.htmlThere is no express scan in Nmap, but there is a fast scan.

-F (Fast (limited port) scan) Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.

Or we can influence the intensity (and speed) of the scan with the -T flag. https://nmap.org/book/man-performance.html -T paranoid|sneaky|polite|normal|aggressive|insane Output the results in truncated format to the screen https://nmap.org/book/man-output.html -oG (grepable output) It is a simple format that lists each host on one line and can be trivially searched and parsed with standard Unix tools such as grep, awk, cut, sed, diff, and Perl.

Run a Xmas scan https://nmap.org/book/man-port-scanning-techniques.htmlXmas scan (-sX)Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

1. AV (Asset value) = $300 + (14 * $10) = $440 - the cost of a hard drive plus the work of a recovery person, i.e.how much would it take to replace 1 asset? 10 hours for resorting the OS and soft + 4 hours for DB restore multiplies by hourly rate of the recovery person.

2. SLE (Single Loss Expectancy) = AV * EF (Exposure Factor) = $440 * 1 = $440 3. ARO (Annual rate of occurrence) = 1/3 (every three years, meaning the probability of occurring during 1 years is 1/3) 4. ALE (Annual Loss Expectancy) =

SLE * ARO = 0.33 * $440 = $145.2