ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 49

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Question 481

Report
Export
Collapse

Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption software employed by Sam for securing the email messages?

A.
PGP
A.
PGP
Answers
B.
S/MIME
B.
S/MIME
Answers
C.
SMTP
C.
SMTP
Answers
D.
GPG
D.
GPG
Answers
Suggested answer: A

Question 482

Report
Export
Collapse

Which among the following is the best example of the hacking concept called "clearing tracks"?

A.
After a system is breached, a hacker creates a backdoor to allow re-entry into a system.
A.
After a system is breached, a hacker creates a backdoor to allow re-entry into a system.
Answers
B.
During a cyberattack, a hacker injects a rootkit into a server.
B.
During a cyberattack, a hacker injects a rootkit into a server.
Answers
C.
An attacker gains access to a server through an exploitable vulnerability.
C.
An attacker gains access to a server through an exploitable vulnerability.
Answers
D.
During a cyberattack, a hacker corrupts the event logs on all machines.
D.
During a cyberattack, a hacker corrupts the event logs on all machines.
Answers
Suggested answer: D

Question 483

Report
Export
Collapse

George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all his online activities. Which of the following anonymizers helps George hide his activities?

A.
https://www.baidu.com
A.
https://www.baidu.com
Answers
B.
https://www.guardster.com
B.
https://www.guardster.com
Answers
C.
https://www.wolframalpha.com
C.
https://www.wolframalpha.com
Answers
D.
https://karmadecay.com
D.
https://karmadecay.com
Answers
Suggested answer: B

Question 484

Report
Export
Collapse

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

A.
VPN footprinting
A.
VPN footprinting
Answers
B.
Email footprinting
B.
Email footprinting
Answers
C.
VoIP footprinting
C.
VoIP footprinting
Answers
D.
Whois footprinting
D.
Whois footprinting
Answers
Suggested answer: B

Question 485

Report
Export
Collapse

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

A.
MAC spoofing attack
A.
MAC spoofing attack
Answers
B.
Evil-twin attack
B.
Evil-twin attack
Answers
C.
War driving attack
C.
War driving attack
Answers
D.
Phishing attack
D.
Phishing attack
Answers
Suggested answer: B

Explanation:

Wireless Threats - Confidentiality Attacks Launch of Wireless Attacks: Evil Twin Evil Twin is a wireless AP that pretends to be a legitimate AP by replicating another network name. Attackers set up a rogue AP outside the corporate perimeter and lures users to sign into the wrong AP. (P.2297/2281)

Question 486

Report
Export
Collapse

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?

A.
You should check your ARP table and see if there is one IP address with two different MAC addresses.
A.
You should check your ARP table and see if there is one IP address with two different MAC addresses.
Answers
B.
You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
B.
You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
Answers
C.
You should use netstat to check for any suspicious connections with another IP address within the LAN.
C.
You should use netstat to check for any suspicious connections with another IP address within the LAN.
Answers
D.
You cannot identify such an attack and must use a VPN to protect your traffic, r
D.
You cannot identify such an attack and must use a VPN to protect your traffic, r
Answers
Suggested answer: A

Explanation:

ARP Spoofing Attack ARP packets can be forged to send data to the attacker's machine.Attackers flood a target computer's ARP cache with forged entries, which is also known as poisoning. (P.1143/1127)

Question 487

Report
Export
Collapse

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

A.
Time-based SQL injection
A.
Time-based SQL injection
Answers
B.
Union SQL injection
B.
Union SQL injection
Answers
C.
Error-based SQL injection
C.
Error-based SQL injection
Answers
D.
Blind SQL injection
D.
Blind SQL injection
Answers
Suggested answer: D

Question 488

Report
Export
Collapse

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the

WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages.

What is the attack performed in the above scenario?

A.
Timing-based attack
A.
Timing-based attack
Answers
B.
Side-channel attack
B.
Side-channel attack
Answers
C.
Downgrade security attack
C.
Downgrade security attack
Answers
D.
Cache-based attack
D.
Cache-based attack
Answers
Suggested answer: C

Question 489

Report
Export
Collapse

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

A.
PyLoris
A.
PyLoris
Answers
B.
Slowloris
B.
Slowloris
Answers
C.
Evilginx
C.
Evilginx
Answers
D.
PLCinject
D.
PLCinject
Answers
Suggested answer: C

Question 490

Report
Export
Collapse

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

A.
Bluesmacking
A.
Bluesmacking
Answers
B.
BlueSniffing
B.
BlueSniffing
Answers
C.
Bluejacking
C.
Bluejacking
Answers
D.
Bluesnarfing
D.
Bluesnarfing
Answers
Suggested answer: C

Explanation:

https://en.wikipedia.org/wiki/Bluejacking

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.

Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.

Bluejacking is also confused with Bluesnarfing, which is the way in which mobile phones are illegally hacked via Bluetooth.

Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms