ExamGecko
Login
Home / ECCouncil / 312-50v12 / List of questions
Ask Question

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 7

Add to Whishlist

List of questions

Question 61

Report Export Collapse

Which of the following is assured by the use of a hash?

Authentication
Authentication
Confidentiality
Confidentiality
Availability
Availability
Integrity
Integrity
Suggested answer: D
asked 18/09/2024
Farah Fauzi
46 questions

Question 62

Report Export Collapse

Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
Results matching all words in the query.
Results matching all words in the query.
Results for matches on target.com and Marketing.target.com that include the word "accounting"
Results for matches on target.com and Marketing.target.com that include the word "accounting"
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
Suggested answer: D
asked 18/09/2024
MM rahn
46 questions

Question 63

Report Export Collapse

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

OPPORTUNISTICTLS
OPPORTUNISTICTLS
UPGRADETLS
UPGRADETLS
FORCETLS
FORCETLS
STARTTLS
STARTTLS
Suggested answer: D
asked 18/09/2024
Carmina Medel
37 questions

Question 64

Report Export Collapse

In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
A backdoor placed into a cryptographic algorithm by its creator.
A backdoor placed into a cryptographic algorithm by its creator.
Extraction of cryptographic secrets through coercion or torture.
Extraction of cryptographic secrets through coercion or torture.
Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.
Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.
Suggested answer: C
Explanation:

A powerful and often the most effective cryptanalysis method in which the attack is directed at the most vulnerable link in the cryptosystem - the person. In this attack, the cryptanalyst uses blackmail, threats, torture, extortion, bribery, etc.

This method's main advantage is the decryption time's fundamental independence from the volume of secret information, the length of the key, and the cipher's mathematical strength.

The method can reduce the time to guess a password, for example, for AES, to an acceptable level; however, it requires special authorization from the relevant regulatory authorities. Therefore, it is outside the scope of this course and is not considered in its practical part.

asked 18/09/2024
Andre Passos
45 questions

Question 65

Report Export Collapse

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort.

You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

tcp.srcport= = 514 && ip.src= = 192.168.0.99
tcp.srcport= = 514 && ip.src= = 192.168.0.99
tcp.srcport= = 514 && ip.src= = 192.168.150
tcp.srcport= = 514 && ip.src= = 192.168.150
tcp.dstport= = 514 && ip.dst= = 192.168.0.99
tcp.dstport= = 514 && ip.dst= = 192.168.0.99
tcp.dstport= = 514 && ip.dst= = 192.168.0.150
tcp.dstport= = 514 && ip.dst= = 192.168.0.150
Suggested answer: D
asked 18/09/2024
Owais Mansoor
45 questions

Question 66

Report Export Collapse

What two conditions must a digital signature meet?

Has to be the same number of characters as a physical signature and must be unique.
Has to be the same number of characters as a physical signature and must be unique.
Has to be unforgeable, and has to be authentic.
Has to be unforgeable, and has to be authentic.
Must be unique and have special characters.
Must be unique and have special characters.
Has to be legible and neat.
Has to be legible and neat.
Suggested answer: B
asked 18/09/2024
Danilo Omaljev
40 questions

Question 67

Report Export Collapse

A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Attempts by attackers to access the user and password information stored in the company's SQL database.
Attempts by attackers to access the user and password information stored in the company's SQL database.
Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
Attempts by attackers to access password stored on the user's computer without the user's knowledge.
Attempts by attackers to access password stored on the user's computer without the user's knowledge.
Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
Suggested answer: B
asked 18/09/2024
annalise ramdin
43 questions

Question 68

Report Export Collapse

What is correct about digital signatures?

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
Digital signatures may be used in different documents of the same type.
Digital signatures may be used in different documents of the same type.
A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
Digital signatures are issued once for each user and can be used everywhere until they expire.
Digital signatures are issued once for each user and can be used everywhere until they expire.
Suggested answer: A
asked 18/09/2024
Jose M Rivera Vega
42 questions

Question 69

Report Export Collapse

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
He will activate OSPF on the spoofed root bridge.
He will activate OSPF on the spoofed root bridge.
He will repeat this action so that it escalates to a DoS attack.
He will repeat this action so that it escalates to a DoS attack.
He will repeat the same attack against all L2 switches of the network.
He will repeat the same attack against all L2 switches of the network.
Suggested answer: A
asked 18/09/2024
Henrik Persson
43 questions

Question 70

Report Export Collapse

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive.

When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?

John the Ripper
John the Ripper
SET
SET
CHNTPW
CHNTPW
Cain & Abel
Cain & Abel
Suggested answer: C
asked 18/09/2024
Alejandro Yepez
51 questions
Total 573 questions
Go to page: of 58
Open VPLUS File
Convert VPLUS to PDF

Related questions

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
What is correct about digital signatures?
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?
Which file is a rich target to discover the structure of a website during web-server footprinting?
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
The "Gray-box testing" methodology enforces what kind of restriction?
A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?