ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 43

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Question 421

Report
Export
Collapse

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker.

Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?

A.
Man-in-the-disk attack
A.
Man-in-the-disk attack
Answers
B.
aLTEr attack
B.
aLTEr attack
Answers
C.
SIM card attack
C.
SIM card attack
Answers
D.
Spearphone attack
D.
Spearphone attack
Answers
Suggested answer: D

Question 422

Report
Export
Collapse

Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers.

In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.

What is the type of vulnerability assessment that Jude performed on the organization?

A.
External assessment
A.
External assessment
Answers
B.
Passive assessment
B.
Passive assessment
Answers
C.
Host-based assessment
C.
Host-based assessment
Answers
D.
Application assessment
D.
Application assessment
Answers
Suggested answer: A

Explanation:

Types of Vulnerability Assessment - External Assessment External assessment examines the network from a hacker's point of view to identify exploits and vulnerabilities accessible to the outside world.These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall.

(P.527/511) External assessment examines the network from a hacker's point of view to identify exploits and vulnerabilities accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks from outside the organization. It determines the level of security of the external network and firewall.The following are some of the possible steps in performing an external assessment: o Determine a set of rules for firewall and router configurations for the external network o Check whether the external server devices and network devices are mapped o Identify open ports and related services on the external network o Examine the patch levels on the server and external network devices o Review detection systems such as IDS, firewalls, and application-layer protection systems o Get information on DNS zones o Scan the external network through a variety of proprietary tools available on the Internet o Examine Web applications such as e-commerce and shopping cart software for vulnerabilities

Question 423

Report
Export
Collapse

Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

A.
Technical threat intelligence
A.
Technical threat intelligence
Answers
B.
Operational threat intelligence
B.
Operational threat intelligence
Answers
C.
Tactical threat intelligence
C.
Tactical threat intelligence
Answers
D.
Strategic threat intelligence
D.
Strategic threat intelligence
Answers
Suggested answer: A

Question 424

Report
Export
Collapse

Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

A.
ARIN
A.
ARIN
Answers
B.
APNIC
B.
APNIC
Answers
C.
RIPE
C.
RIPE
Answers
D.
LACNIC
D.
LACNIC
Answers
Suggested answer: C

Explanation:

Regional Internet Registries (RIRs):

ARIN (American Registry for Internet Numbers)

AFRINIC (African Network Information Center)

APNIC (Asia Pacific Network Information Center)

RIPE (Réseaux IP Européens Network Coordination Centre)

LACNIC (Latin American and Caribbean Network Information Center)

Question 425

Report
Export
Collapse

Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario?

A.
DNS rebinding attack
A.
DNS rebinding attack
Answers
B.
Clickjacking attack
B.
Clickjacking attack
Answers
C.
MarioNet attack
C.
MarioNet attack
Answers
D.
Watering hole attack
D.
Watering hole attack
Answers
Suggested answer: D

Explanation:

Web Application Threats - Watering Hole Attack In a watering hole attack, the attacker identifies the kinds of websites a target company/individual frequently surfs and tests those particular websites to identify any possible vulnerabilities.

Attacker injects malicious script/code into the web application that can redirect the webpage and download malware onto the victim machine. (P.1797/1781)

Question 426

Report
Export
Collapse

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task?

A.
Reverse image search
A.
Reverse image search
Answers
B.
Meta search engines
B.
Meta search engines
Answers
C.
Advanced image search
C.
Advanced image search
Answers
D.
Google advanced search
D.
Google advanced search
Answers
Suggested answer: A

Explanation:

Gathering Information using Reverse Image Search Reverse image search helps an attacker in tracking the original source and details of images, such as photographs, profile pictures, and memes Attackers can use online tools such as

Google Image Search, TinEye Reverse Image Search, and Yahoo Image Search to perform reverse

Question 427

Report
Export
Collapse

A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine.

Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan?

A.
-PY
A.
-PY
Answers
B.
-PU
B.
-PU
Answers
C.
-PP
C.
-PP
Answers
D.
-Pn
D.
-Pn
Answers
Suggested answer: C

Question 428

Report
Export
Collapse

Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources.

This service runs directly on port 21. What is the service enumerated byjames in the above scenario?

A.
Border Gateway Protocol (BGP)
A.
Border Gateway Protocol (BGP)
Answers
B.
File Transfer Protocol (FTP)
B.
File Transfer Protocol (FTP)
Answers
C.
Network File System (NFS)
C.
Network File System (NFS)
Answers
D.
Remote procedure call (RPC)
D.
Remote procedure call (RPC)
Answers
Suggested answer: B

Question 429

Report
Export
Collapse

Given below are different steps involved in the vulnerability-management life cycle.

1) Remediation

2) Identify assets and create a baseline

3) Verification

4) Monitor

5) Vulnerability scan

6) Risk assessment

Identify the correct sequence of steps involved in vulnerability management.

A.
2-->5-->6-->1-->3-->4
A.
2-->5-->6-->1-->3-->4
Answers
B.
2-->1-->5-->6-->4-->3
B.
2-->1-->5-->6-->4-->3
Answers
C.
2-->4-->5-->3-->6--> 1
C.
2-->4-->5-->3-->6--> 1
Answers
D.
1-->2-->3-->4-->5-->6
D.
1-->2-->3-->4-->5-->6
Answers
Suggested answer: A

Question 430

Report
Export
Collapse

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.

Which of the following tools would not be useful for cracking the hashed passwords?

A.
John the Ripper
A.
John the Ripper
Answers
B.
Hashcat
B.
Hashcat
Answers
C.
netcat
C.
netcat
Answers
D.
THC-Hydra
D.
THC-Hydra
Answers
Suggested answer: C
Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms