ExamGecko
Login
Home / ECCouncil / 312-50v12 / List of questions
Ask Question

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 6

Add to Whishlist

List of questions

Question 51

Report Export Collapse

The "Gray-box testing" methodology enforces what kind of restriction?

Only the external operation of a system is accessible to the tester.
Only the external operation of a system is accessible to the tester.
The internal operation of a system in only partly accessible to the tester.
The internal operation of a system in only partly accessible to the tester.
Only the internal operation of a system is known to the tester.
Only the internal operation of a system is known to the tester.
The internal operation of a system is completely known to the tester.
The internal operation of a system is completely known to the tester.
Suggested answer: D
Explanation:

White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a system-level test.

Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. Where white-box testing is design-driven,[1] that is, driven exclusively by agreed specifications of how each component of the software is required to behave (as in DO-178C and ISO 26262 processes) then white-box test techniques can accomplish assessment for unimplemented or missing requirements.

White-box test design techniques include the following code coverage criteria:

. Control flow testing

. Data flow testing

. Branch testing

. Statement coverage

. Decision coverage

. Modified condition/decision coverage

. Prime path testing

. Path testing

asked 18/09/2024
Rene Claassen
44 questions

Question 52

Report Export Collapse

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration.

What type of an alert is this?

False negative
False negative
True negative
True negative
True positive
True positive
False positive
False positive
Suggested answer: D
Explanation:

True Positive - IDS referring a behavior as an attack, in real life it is True Negative - IDS referring a behavior not an attack and in real life it is not False Positive - IDS referring a behavior as an attack, in real life it is not False Negative - IDS referring a behavior not an attack, but in real life is an attack.

False Negative - is the most serious and dangerous state of all !!!!

asked 18/09/2024
Asif Ibrahim
51 questions

Question 53

Report Export Collapse

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing – Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?

Paros Proxy
Paros Proxy
BBProxy
BBProxy
Blooover
Blooover
BBCrack
BBCrack
Suggested answer: B
asked 18/09/2024
Fermin Paneque Cabrera
44 questions

Question 54

Report Export Collapse

When you are getting information about a web server, it is very important to know the HTTPMethods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two criticalmethods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from theserver. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP scriptengine. What Nmap script will help you with this task?

http-methods
http-methods
http enum
http enum
http-headers
http-headers
http-git
http-git
Suggested answer: A
asked 18/09/2024
Aparecido Primo
44 questions

Question 55

Report Export Collapse

Todd has been asked by the security officer to purchase a counter-based authentication system.

Which of the following best describes this type of system?

A biometric system that bases authentication decisions on behavioral attributes.
A biometric system that bases authentication decisions on behavioral attributes.
A biometric system that bases authentication decisions on physical attributes.
A biometric system that bases authentication decisions on physical attributes.
An authentication system that creates one-time passwords that are encrypted with secret keys.
An authentication system that creates one-time passwords that are encrypted with secret keys.
An authentication system that uses passphrases that are converted into virtual passwords.
An authentication system that uses passphrases that are converted into virtual passwords.
Suggested answer: C
asked 18/09/2024
Arnaldo Martinez 2-30793
48 questions

Question 56

Report Export Collapse

Which of the following is a low-tech way of gaining unauthorized access to systems?

Social Engineering
Social Engineering
Eavesdropping
Eavesdropping
Scanning
Scanning
Sniffing
Sniffing
Suggested answer: A
asked 18/09/2024
Ryan Shannon
44 questions

Question 57

Report Export Collapse

Which system consists of a publicly available set of databases that contain domain name registration contact information?

WHOIS
WHOIS
CAPTCHA
CAPTCHA
IANA
IANA
IETF
IETF
Suggested answer: A
asked 18/09/2024
Cornel Sasu
44 questions

Question 58

Report Export Collapse

Why is a penetration test considered to be more thorough than vulnerability scan?

Vulnerability scans only do host discovery and port scanning by default.
Vulnerability scans only do host discovery and port scanning by default.
A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
Suggested answer: B
asked 18/09/2024
Mathieu Alingum Nubee
44 questions

Question 59

Report Export Collapse

Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is true?

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
This is a scam because Bob does not know Scott.
This is a scam because Bob does not know Scott.
Bob should write to [email protected] to verify the identity of Scott.
Bob should write to [email protected] to verify the identity of Scott.
This is probably a legitimate message as it comes from a respectable organization.
This is probably a legitimate message as it comes from a respectable organization.
Suggested answer: A
asked 18/09/2024
Beena Bamania
39 questions

Question 60

Report Export Collapse

env x='(){ :;};echo exploit' bash –c 'cat/etc/passwd' What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

Removes the passwd file
Removes the passwd file
Changes all passwords in passwd
Changes all passwords in passwd
Add new user to the passwd file
Add new user to the passwd file
Display passwd content to prompt
Display passwd content to prompt
Suggested answer: D
asked 18/09/2024
Joseph McCray
46 questions
Total 573 questions
Go to page: of 58
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
What is correct about digital signatures?
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?
Which file is a rich target to discover the structure of a website during web-server footprinting?
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
The "Gray-box testing" methodology enforces what kind of restriction?
A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?