ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 7

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
The "Gray-box testing" methodology enforces what kind of restriction?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Question 61

Report
Export
Collapse

Which of the following is assured by the use of a hash?

A.
Authentication
A.
Authentication
Answers
B.
Confidentiality
B.
Confidentiality
Answers
C.
Availability
C.
Availability
Answers
D.
Integrity
D.
Integrity
Answers
Suggested answer: D

Question 62

Report
Export
Collapse

Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting

A.
Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
A.
Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
Answers
B.
Results matching all words in the query.
B.
Results matching all words in the query.
Answers
C.
Results for matches on target.com and Marketing.target.com that include the word "accounting"
C.
Results for matches on target.com and Marketing.target.com that include the word "accounting"
Answers
D.
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
D.
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
Answers
Suggested answer: D

Question 63

Report
Export
Collapse

Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

A.
OPPORTUNISTICTLS
A.
OPPORTUNISTICTLS
Answers
B.
UPGRADETLS
B.
UPGRADETLS
Answers
C.
FORCETLS
C.
FORCETLS
Answers
D.
STARTTLS
D.
STARTTLS
Answers
Suggested answer: D

Question 64

Report
Export
Collapse

In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

A.
Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
A.
Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
Answers
B.
A backdoor placed into a cryptographic algorithm by its creator.
B.
A backdoor placed into a cryptographic algorithm by its creator.
Answers
C.
Extraction of cryptographic secrets through coercion or torture.
C.
Extraction of cryptographic secrets through coercion or torture.
Answers
D.
Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.
D.
Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.
Answers
Suggested answer: C

Explanation:

A powerful and often the most effective cryptanalysis method in which the attack is directed at the most vulnerable link in the cryptosystem - the person. In this attack, the cryptanalyst uses blackmail, threats, torture, extortion, bribery, etc.

This method's main advantage is the decryption time's fundamental independence from the volume of secret information, the length of the key, and the cipher's mathematical strength.

The method can reduce the time to guess a password, for example, for AES, to an acceptable level; however, it requires special authorization from the relevant regulatory authorities. Therefore, it is outside the scope of this course and is not considered in its practical part.

Question 65

Report
Export
Collapse

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort.

You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

A.
tcp.srcport= = 514 && ip.src= = 192.168.0.99
A.
tcp.srcport= = 514 && ip.src= = 192.168.0.99
Answers
B.
tcp.srcport= = 514 && ip.src= = 192.168.150
B.
tcp.srcport= = 514 && ip.src= = 192.168.150
Answers
C.
tcp.dstport= = 514 && ip.dst= = 192.168.0.99
C.
tcp.dstport= = 514 && ip.dst= = 192.168.0.99
Answers
D.
tcp.dstport= = 514 && ip.dst= = 192.168.0.150
D.
tcp.dstport= = 514 && ip.dst= = 192.168.0.150
Answers
Suggested answer: D

Question 66

Report
Export
Collapse

What two conditions must a digital signature meet?

A.
Has to be the same number of characters as a physical signature and must be unique.
A.
Has to be the same number of characters as a physical signature and must be unique.
Answers
B.
Has to be unforgeable, and has to be authentic.
B.
Has to be unforgeable, and has to be authentic.
Answers
C.
Must be unique and have special characters.
C.
Must be unique and have special characters.
Answers
D.
Has to be legible and neat.
D.
Has to be legible and neat.
Answers
Suggested answer: B

Question 67

Report
Export
Collapse

A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A.
Attempts by attackers to access the user and password information stored in the company's SQL database.
A.
Attempts by attackers to access the user and password information stored in the company's SQL database.
Answers
B.
Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
B.
Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.
Answers
C.
Attempts by attackers to access password stored on the user's computer without the user's knowledge.
C.
Attempts by attackers to access password stored on the user's computer without the user's knowledge.
Answers
D.
Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
D.
Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.
Answers
Suggested answer: B

Question 68

Report
Export
Collapse

What is correct about digital signatures?

A.
A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
A.
A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
Answers
B.
Digital signatures may be used in different documents of the same type.
B.
Digital signatures may be used in different documents of the same type.
Answers
C.
A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
C.
A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
Answers
D.
Digital signatures are issued once for each user and can be used everywhere until they expire.
D.
Digital signatures are issued once for each user and can be used everywhere until they expire.
Answers
Suggested answer: A

Question 69

Report
Export
Collapse

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

A.
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
A.
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
Answers
B.
He will activate OSPF on the spoofed root bridge.
B.
He will activate OSPF on the spoofed root bridge.
Answers
C.
He will repeat this action so that it escalates to a DoS attack.
C.
He will repeat this action so that it escalates to a DoS attack.
Answers
D.
He will repeat the same attack against all L2 switches of the network.
D.
He will repeat the same attack against all L2 switches of the network.
Answers
Suggested answer: A

Question 70

Report
Export
Collapse

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive.

When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user's password or activate disabled Windows accounts?

A.
John the Ripper
A.
John the Ripper
Answers
B.
SET
B.
SET
Answers
C.
CHNTPW
C.
CHNTPW
Answers
D.
Cain & Abel
D.
Cain & Abel
Answers
Suggested answer: C
Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms