Home / ECCouncil / 312-50v12

Question list

List of questions

Question 1

(0)

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

Question 2

(0)

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he i

Question 3

(0)

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

Question 4

(0)

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the R

Question 5

(0)

What is the algorithm used by LM for Windows2000 SAM?

Question 6

(0)

E-mail scams and mail fraud are regulated by which of the following?

Question 7

(0)

Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

Question 8

(0)

Which of the following is the primary objective of a rootkit?

Question 9

(0)

This kind of password cracking method uses word lists in combination with numbers and special characters:

Question 10

(0)

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Related questions

The "Gray-box testing" methodology enforces what kind of restriction?

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?

Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/ feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

In order to tailor your tests during a web-application scan, you decide to determine which webserver version is hosting the application. On using the sV flag with Nmap. you obtain the following response: 80/tcp open http-proxy Apache Server 7.1.6what Information-gathering technique does this best describe?

A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

Question 260 - 312-50v12 discussion

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's dat a. What type of attack is this?

Phishing

Vlishing

Spoofing

DDoS

Suggested answer: A

Explanation:

https://en.wikipedia.org/wiki/Phishing

Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.

An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.

Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on the scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

Incorrect answers:

Vishing https://en.wikipedia.org/wiki/Voice_phishing

Voice phishing, or vishing, is the use of telephony (often Voice over IP telephony) to conduct phishing attacks.

DDoS https://en.wikipedia.org/wiki/Denial-of-service_attack

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.

Spoofing https://en.wikipedia.org/wiki/Spoofing_attack In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.

Show Answer

asked 18/09/2024

Mark Aplacador

39 questions

Your answer: A B C D

0 comments

Sorted by