ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 40

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Question 391

Report
Export
Collapse

What is the least important information when you analyze a public IP address in a security alert?

A.
DNS
A.
DNS
Answers
B.
Whois
B.
Whois
Answers
C.
Geolocation
C.
Geolocation
Answers
D.
ARP
D.
ARP
Answers
Suggested answer: D

Question 392

Report
Export
Collapse

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

A.
IDS log
A.
IDS log
Answers
B.
Event logs on domain controller
B.
Event logs on domain controller
Answers
C.
Internet Firewall/Proxy log.
C.
Internet Firewall/Proxy log.
Answers
D.
Event logs on the PC
D.
Event logs on the PC
Answers
Suggested answer: C

Question 393

Report
Export
Collapse

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

A.
Yagi antenna
A.
Yagi antenna
Answers
B.
Dipole antenna
B.
Dipole antenna
Answers
C.
Parabolic grid antenna
C.
Parabolic grid antenna
Answers
D.
Omnidirectional antenna
D.
Omnidirectional antenna
Answers
Suggested answer: A

Question 394

Report
Export
Collapse

From the following table, identify the wrong answer in terms of Range (ft).

Standard Range (ft)

802.11a 150-150

802.11b 150-150

802.11g 150-150

802.16 (WiMax) 30 miles

A.
802.16 (WiMax)
A.
802.16 (WiMax)
Answers
B.
802.11g
B.
802.11g
Answers
C.
802.11b
C.
802.11b
Answers
D.
802.11a
D.
802.11a
Answers
Suggested answer: A

Question 395

Report
Export
Collapse

Which tool can be used to silently copy files from USB devices?

A.
USB Grabber
A.
USB Grabber
Answers
B.
USB Snoopy
B.
USB Snoopy
Answers
C.
USB Sniffer
C.
USB Sniffer
Answers
D.
Use Dumper
D.
Use Dumper
Answers
Suggested answer: D

Question 396

Report
Export
Collapse

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed.

Which security policy must the security analyst check to see if dial-out modems are allowed?

A.
Firewall-management policy
A.
Firewall-management policy
Answers
B.
Acceptable-use policy
B.
Acceptable-use policy
Answers
C.
Permissive policy
C.
Permissive policy
Answers
D.
Remote-access policy
D.
Remote-access policy
Answers
Suggested answer: D

Question 397

Report
Export
Collapse

ping-* 6 192.168.0.101 Output:

Pinging 192.168.0.101 with 32 bytes of data:

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101:

Ping statistics for 192.168.0101

Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

What does the option * indicate?

A.
t
A.
t
Answers
B.
s
B.
s
Answers
C.
a
C.
a
Answers
D.
n
D.
n
Answers
Suggested answer: D

Question 398

Report
Export
Collapse

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

A.
Burp Suite
A.
Burp Suite
Answers
B.
OpenVAS
B.
OpenVAS
Answers
C.
tshark
C.
tshark
Answers
D.
Kismet
D.
Kismet
Answers
Suggested answer: C

Question 399

Report
Export
Collapse

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

A.
Cross-site scripting vulnerability
A.
Cross-site scripting vulnerability
Answers
B.
SQL injection vulnerability
B.
SQL injection vulnerability
Answers
C.
Web site defacement vulnerability
C.
Web site defacement vulnerability
Answers
D.
Gross-site Request Forgery vulnerability
D.
Gross-site Request Forgery vulnerability
Answers
Suggested answer: A

Explanation:

There is no single, standardized classification of cross-site scripting flaws, but most experts distinguish between at least two primary flavors of XSS flaws: non-persistent and persistent. In this issue, we consider the non-persistent cross-site scripting vulnerability.

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most basic type of web vulnerability. These holes show up when the data provided by a web client, most commonly in HTTP query parameters (e.g. HTML form submission), is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the content.

Because HTML documents have a flat, serial structure that mixes control statements, formatting, and the actual content, any non-validated user-supplied data included in the resulting page without proper HTML encoding, may lead to markup injection. A classic example of a potential vector is a site search engine: if one searches for a string, the search string will typically be redisplayed verbatim on the result page to indicate what was searched for. If this response does not properly escape or reject HTML control characters, a cross-site scripting flaw will ensue.

Question 400

Report
Export
Collapse

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

A.
Emergency Plan Response (EPR)
A.
Emergency Plan Response (EPR)
Answers
B.
Business Impact Analysis (BIA)
B.
Business Impact Analysis (BIA)
Answers
C.
Risk Mitigation
C.
Risk Mitigation
Answers
D.
Disaster Recovery Planning (DRP)
D.
Disaster Recovery Planning (DRP)
Answers
Suggested answer: B
Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms