ExamGecko
Login
Home / ECCouncil / 312-50v12 / List of questions
Ask Question

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 9

Add to Whishlist

List of questions

Question 81

Report Export Collapse

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the provider's environment?

Behavioral based
Behavioral based
Heuristics based
Heuristics based
Honeypot based
Honeypot based
Cloud based
Cloud based
Suggested answer: D
asked 18/09/2024
Ruben Munilla Hernandez
49 questions

Question 82

Report Export Collapse

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

tcptrace
tcptrace
Nessus
Nessus
OpenVAS
OpenVAS
tcptraceroute
tcptraceroute
Suggested answer: A
asked 18/09/2024
Carl James Carampot
44 questions

Question 83

Report Export Collapse

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

Session hijacking
Session hijacking
Firewalking
Firewalking
Man-in-the middle attack
Man-in-the middle attack
Network sniffing
Network sniffing
Suggested answer: B
asked 18/09/2024
nosh shah
50 questions

Question 84

Report Export Collapse

Which of the following is not a Bluetooth attack?

Bluedriving
Bluedriving
Bluesmacking
Bluesmacking
Bluejacking
Bluejacking
Bluesnarfing
Bluesnarfing
Suggested answer: A
Explanation:

https://github.com/verovaleros/bluedriving

Bluedriving is a bluetooth wardriving utility. It can capture bluetooth devices, lookup their services, get GPS information and present everything in a nice web page. It can search for and show a lot of information about the device, the GPS address and the historic location of devices on a map. The main motivation of this tool is to research about the targeted surveillance of people by means of its cellular phone or car. With this tool you can capture information about bluetooth devices and show, on a map, the points where you have seen the same device in the past.

asked 18/09/2024
Sergio Guerra
48 questions

Question 85

Report Export Collapse

What is the role of test automation in security testing?

It is an option but it tends to be very expensive.
It is an option but it tends to be very expensive.
It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
Test automation is not usable in security due to the complexity of the tests.
Test automation is not usable in security due to the complexity of the tests.
It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
Suggested answer: D
asked 18/09/2024
Javier Escobar
39 questions

Question 86

Report Export Collapse

Your company performs penetration tests and security assessments for small and medium-sized business in the local are a. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Confront the client in a respectful manner and ask her about the data.
Confront the client in a respectful manner and ask her about the data.
Copy the data to removable media and keep it in case you need it.
Copy the data to removable media and keep it in case you need it.
Ignore the data and continue the assessment until completed as agreed.
Ignore the data and continue the assessment until completed as agreed.
Immediately stop work and contact the proper legal authorities.
Immediately stop work and contact the proper legal authorities.
Suggested answer: D
asked 18/09/2024
HW Yan
51 questions

Question 87

Report Export Collapse

While using your bank's online servicing you notice the following string in the URL bar:

"http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21" You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

Cookie Tampering
Cookie Tampering
SQL Injection
SQL Injection
Web Parameter Tampering
Web Parameter Tampering
XSS Reflection
XSS Reflection
Suggested answer: C
asked 18/09/2024
Bob Tole
53 questions

Question 88

Report Export Collapse

The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

ACK
ACK
SYN
SYN
RST
RST
SYN-ACK
SYN-ACK
Suggested answer: B
asked 18/09/2024
Joshua Paffen
37 questions

Question 89

Report Export Collapse

Which type of security feature stops vehicles from crashing through the doors of a building?

Bollards
Bollards
Receptionist
Receptionist
Mantrap
Mantrap
Turnstile
Turnstile
Suggested answer: A
asked 18/09/2024
Michal Mordarski
47 questions

Question 90

Report Export Collapse

The company PLUS recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

The CFO can use a hash algorithm in the document once he approved the financial statements
The CFO can use a hash algorithm in the document once he approved the financial statements
The CFO can use an excel file with a password
The CFO can use an excel file with a password
The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
The document can be sent to the accountant using an exclusive USB for that document
The document can be sent to the accountant using an exclusive USB for that document
Suggested answer: A
asked 18/09/2024
Arnaud DUTEL
37 questions
Total 573 questions
Go to page: of 58
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
What is correct about digital signatures?
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for live hosts, open ports, and services on a target network. He used Nmap for network inventory and Hping3 for network security auditing. However, he wanted to spoof IP addresses for anonymity during probing. Which command should the CEH use to perform this task?
Which file is a rich target to discover the structure of a website during web-server footprinting?
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?
The "Gray-box testing" methodology enforces what kind of restriction?
A company's security policy states that all Web browsers must automatically delete their HTTPbrowser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?