ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
The "Gray-box testing" methodology enforces what kind of restriction?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Question 51

Report
Export
Collapse

The "Gray-box testing" methodology enforces what kind of restriction?

A.
Only the external operation of a system is accessible to the tester.
A.
Only the external operation of a system is accessible to the tester.
Answers
B.
The internal operation of a system in only partly accessible to the tester.
B.
The internal operation of a system in only partly accessible to the tester.
Answers
C.
Only the internal operation of a system is known to the tester.
C.
Only the internal operation of a system is known to the tester.
Answers
D.
The internal operation of a system is completely known to the tester.
D.
The internal operation of a system is completely known to the tester.
Answers
Suggested answer: D

Explanation:

White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a system-level test.

Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. Where white-box testing is design-driven,[1] that is, driven exclusively by agreed specifications of how each component of the software is required to behave (as in DO-178C and ISO 26262 processes) then white-box test techniques can accomplish assessment for unimplemented or missing requirements.

White-box test design techniques include the following code coverage criteria:

. Control flow testing

. Data flow testing

. Branch testing

. Statement coverage

. Decision coverage

. Modified condition/decision coverage

. Prime path testing

. Path testing

Question 52

Report
Export
Collapse

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration.

What type of an alert is this?

A.
False negative
A.
False negative
Answers
B.
True negative
B.
True negative
Answers
C.
True positive
C.
True positive
Answers
D.
False positive
D.
False positive
Answers
Suggested answer: D

Explanation:

True Positive - IDS referring a behavior as an attack, in real life it is True Negative - IDS referring a behavior not an attack and in real life it is not False Positive - IDS referring a behavior as an attack, in real life it is not False Negative - IDS referring a behavior not an attack, but in real life is an attack.

False Negative - is the most serious and dangerous state of all !!!!

Question 53

Report
Export
Collapse

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing – Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?

A.
Paros Proxy
A.
Paros Proxy
Answers
B.
BBProxy
B.
BBProxy
Answers
C.
Blooover
C.
Blooover
Answers
D.
BBCrack
D.
BBCrack
Answers
Suggested answer: B

Question 54

Report
Export
Collapse

When you are getting information about a web server, it is very important to know the HTTPMethods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two criticalmethods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from theserver. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP scriptengine. What Nmap script will help you with this task?

A.
http-methods
A.
http-methods
Answers
B.
http enum
B.
http enum
Answers
C.
http-headers
C.
http-headers
Answers
D.
http-git
D.
http-git
Answers
Suggested answer: A

Question 55

Report
Export
Collapse

Todd has been asked by the security officer to purchase a counter-based authentication system.

Which of the following best describes this type of system?

A.
A biometric system that bases authentication decisions on behavioral attributes.
A.
A biometric system that bases authentication decisions on behavioral attributes.
Answers
B.
A biometric system that bases authentication decisions on physical attributes.
B.
A biometric system that bases authentication decisions on physical attributes.
Answers
C.
An authentication system that creates one-time passwords that are encrypted with secret keys.
C.
An authentication system that creates one-time passwords that are encrypted with secret keys.
Answers
D.
An authentication system that uses passphrases that are converted into virtual passwords.
D.
An authentication system that uses passphrases that are converted into virtual passwords.
Answers
Suggested answer: C

Question 56

Report
Export
Collapse

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.
Social Engineering
A.
Social Engineering
Answers
B.
Eavesdropping
B.
Eavesdropping
Answers
C.
Scanning
C.
Scanning
Answers
D.
Sniffing
D.
Sniffing
Answers
Suggested answer: A

Question 57

Report
Export
Collapse

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A.
WHOIS
A.
WHOIS
Answers
B.
CAPTCHA
B.
CAPTCHA
Answers
C.
IANA
C.
IANA
Answers
D.
IETF
D.
IETF
Answers
Suggested answer: A

Question 58

Report
Export
Collapse

Why is a penetration test considered to be more thorough than vulnerability scan?

A.
Vulnerability scans only do host discovery and port scanning by default.
A.
Vulnerability scans only do host discovery and port scanning by default.
Answers
B.
A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
B.
A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
Answers
C.
It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
C.
It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
Answers
D.
The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
D.
The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
Answers
Suggested answer: B

Question 59

Report
Export
Collapse

Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which statement below is true?

A.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
A.
This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
Answers
B.
This is a scam because Bob does not know Scott.
B.
This is a scam because Bob does not know Scott.
Answers
C.
Bob should write to [email protected] to verify the identity of Scott.
C.
Bob should write to [email protected] to verify the identity of Scott.
Answers
D.
This is probably a legitimate message as it comes from a respectable organization.
D.
This is probably a legitimate message as it comes from a respectable organization.
Answers
Suggested answer: A

Question 60

Report
Export
Collapse

env x='(){ :;};echo exploit' bash –c 'cat/etc/passwd' What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

A.
Removes the passwd file
A.
Removes the passwd file
Answers
B.
Changes all passwords in passwd
B.
Changes all passwords in passwd
Answers
C.
Add new user to the passwd file
C.
Add new user to the passwd file
Answers
D.
Display passwd content to prompt
D.
Display passwd content to prompt
Answers
Suggested answer: D
Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms