Free EC-COUNCIL (312-50v11) Certification Sample Questions with Online Practice Test [Q16-Q37]

Free EC-COUNCIL (312-50v11) Certification Sample Questions with Online Practice Test

312-50v11  Certification Study Guide Pass 312-50v11 Fast

NEW QUESTION # 16
Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

• A. -T0
• B. -A
• C. -T5
• D. -O

Answer: C

Explanation:
Explanation/Reference:

NEW QUESTION # 17
Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.
What is the technique employed by Eric to secure cloud resources?

• A. Zero trust network
• B. Container technology
• C. Demilitarized zone
• D. Serverless computing

Answer: A

NEW QUESTION # 18
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop.
Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.
What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

• A. Buffer overflow attack
• B. Denial-of-service attack
• C. Side-channel attack
• D. HMI-based attack

Answer: D

NEW QUESTION # 19
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?
TCP port 21 no response
TCP port 22 no response
TCP port 23 Time-to-live exceeded

• A. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
• B. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host
• C. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
• D. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error

Answer: A

NEW QUESTION # 20
Bob, an attacker, has managed to access a target IoT device. He employed an online tool to gather information related to the model of the IoT device and the certifications granted to it.
Which of the following tools did Bob employ to gather the above information?

• A. search.com
• B. EarthExplorer
• C. FCC ID search
• D. Google image search

Answer: C

NEW QUESTION # 21
An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
< iframe src=""http://www.vulnweb.com/updateif.php"" style=""display:none"" > < /iframe > What is this type of attack (that can use either HTTP GET or HTTP POST) called?

• A. SQL Injection
• B. Browser Hacking
• C. Cross-Site Request Forgery
• D. Cross-Site Scripting

Answer: C

NEW QUESTION # 22
Why is a penetration test considered to be more thorough than vulnerability scan?

• A. Vulnerability scans only do host discovery and port scanning by default.
• B. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
• C. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
• D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Answer: C

NEW QUESTION # 23
jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes.
In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

• A. website mirroring
• B. Web cache poisoning
• C. Website defacement
• D. Session hijacking

Answer: B

Explanation:
Explanation
Web cache poisoning is a complicated technique whereby an attacker exploits the behavior of an internet server and cache in order that a harmful HTTP response is served to other users.Fundamentally, web cache poisoning involves two phases. First, the attacker must compute the way to elicit a response from the back-end server that inadvertently contains some quite dangerous payload. Once successful, they have to form sure that their response is cached and subsequently served to the intended victims.A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities like XSS, JavaScript injection, open redirection, and so on.
How does an internet cache work?To understand how web cache poisoning vulnerabilities arise, it's important to possess a basic understanding of how web caches work.If a server had to send a replacement response to each single HTTP request separately, this is able to likely overload the server, leading to latency issues and a poor user experience, especially during busy periods. Caching is primarily a way of reducing such issues.The cache sits between the server and therefore the user, where it saves (caches) the responses to particular requests, usually for a hard and fast amount of your time . If another user then sends the same request, the cache simply serves a replica of the cached response on to the user, with none interaction from the back-end.
This greatly eases the load on the server by reducing the amount of duplicate requests it's to handle.
Cache keysWhen the cache receives an HTTP request, it first has got to determine whether there's a cached response that it can serve directly, or whether it's to forward the request for handling by the back-end server.
Caches identify equivalent requests by comparing a predefined subset of the request's components, known collectively because the "cache key". Typically, this is able to contain the request line and Host header.
Components of the request that aren't included within the cache key are said to be "unkeyed".If the cache key of an incoming request matches the key of a previous request, then the cache considers them to be equivalent.
As a result, it'll serve a replica of the cached response that was generated for the first request. this is applicable to all or any subsequent requests with the matching cache key, until the cached response expires.Crucially, the opposite components of the request are ignored altogether by the cache. We'll explore the impact of this behavior in additional detail later.
What is the impact of an internet cache poisoning attack?The impact of web cache poisoning is heavily hooked in to two key factors:* What precisely the attacker can successfully get cachedAs the poisoned cache is more a way of distribution than a standalone attack, the impact of web cache poisoning is inextricably linked to how harmful the injected payload is. like most sorts of attack, web cache poisoning also can be utilized in combination with other attacks to escalate the potential impact even further.* The quantity of traffic on the affected pageThe poisoned response will only be served to users who visit the affected page while the cache is poisoned. As a result, the impact can range from non-existent to massive counting on whether the page is popular or not. If an attacker managed to poison a cached response on the house page of a serious website, for instance , the attack could affect thousands of users with none subsequent interaction from the attacker.Note that the duration of a cache entry doesn't necessarily affect the impact of web cache poisoning. An attack can usually be scripted in such how that it re-poisons the cache indefinitely.

NEW QUESTION # 24
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application.
What is the type of web-service API mentioned in the above scenario?

• A. JSON-RPC
• B. RESTful API
• C. SOAP API
• D. REST API

Answer: B

NEW QUESTION # 25
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

• A. Brute force login
• B. Privilege escalation
• C. Directory traversal
• D. File system permissions

Answer: D

NEW QUESTION # 26
Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request. Which of the following techniques is employed by Dayn to detect honeypots?

• A. A Detecting the presence of Snort_inline honeypots
• B. Detecting honeypots running on VMware
• C. Detecting the presence of Honeyd honeypots
• D. Detecting the presence of Sebek-based honeypots

Answer: A

NEW QUESTION # 27
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated?

• A. ISO 2002
• B. HIPPA/PHl
• C. Pll
• D. PCIDSS

Answer: C

NEW QUESTION # 28
Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

• A. Containment phase
• B. Identification phase
• C. Recovery phase
• D. Preparation phase

Answer: D

NEW QUESTION # 29
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SVN ping scan?

• A. nmap -sn -pp < target ip address >
• B. Anmap -sn -PS < target IP address >
• C. nmap -sn -PA < target IP address >
• D. nmap -sn -PO < target IP address >

Answer: B

NEW QUESTION # 30
You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

• A. site
• B. filetype
• C. inurl
• D. ext

Answer: B

Explanation:
Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Note: The "ext:" operator can also be used-the results are identical.
Example: apple filetype:pdf / apple ext:pdf

NEW QUESTION # 31
in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

• A. AES
• B. Triple Data Encryption standard
• C. MDS encryption algorithm
• D. IDEA

Answer: B

Explanation:
Explanation
Triple DES is another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits.
In Stealth, you merely type within the entire 192-bit (24 character) key instead of entering each of the three keys individually. The Triple DES DLL then breaks the user-provided key into three subkeys, padding the keys if necessary in order that they are each 64 bits long. The procedure for encryption is strictly an equivalent as regular DES, but it's repeated 3 times , hence the name Triple DES. the info is encrypted with the primary key, decrypted with the second key, and eventually encrypted again with the third key.Triple DES runs 3 times slower than DES, but is far safer if used properly. The procedure for decrypting something is that the same because the procedure for encryption, except it's executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Although the input key for DES is 64 bits long, the particular key employed by DES is merely 56 bits long . the smallest amount significant (right-most) bit in each byte may be a parity , and will be set in order that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most vital bits of every byte are used, leading to a key length of 56 bits. this suggests that the effective key strength for Triple DES is really 168 bits because each of the three keys contains 8 parity bits that aren't used during the encryption process.Triple DES ModesTriple ECB (Electronic Code Book)* This variant of Triple DES works precisely the same way because the ECB mode of DES.* this is often the foremost commonly used mode of operation.Triple CBC (Cipher Block Chaining)* This method is extremely almost like the quality DES CBC mode.* like Triple ECB, the effective key length is 168 bits and keys are utilized in an equivalent manner, as described above, but the chaining features of CBC mode also are employed.* the primary 64-bit key acts because the Initialization Vector to DES.* Triple ECB is then executed for one 64-bit block of plaintext.* The resulting ciphertext is then XORed with subsequent plaintext block to be encrypted, and therefore the procedure is repeated.* This method adds an additional layer of security to Triple DES and is therefore safer than Triple ECB, although it's not used as widely as Triple ECB.

NEW QUESTION # 32
in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

• A. 40-6.0
• B. 3.0-6.9
• C. 3.9-6.9
• D. 4.0-6.9

Answer: D

Explanation:

NEW QUESTION # 33
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the following commands was used by Clark to hijack the connections?

• A. btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff
• B. btlejack -c any
• C. btlejack-f 0x129f3244-j
• D. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s

Answer: D

NEW QUESTION # 34
To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

• A. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
• B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
• C. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
• D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Answer: B

NEW QUESTION # 35
Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

• A. Enable unused default user accounts created during the installation of an OS.
• B. Enable all non-interactive accounts that should exist but do not require interactive login.
• C. Limit the administrator or root-level access to the minimum number of users.
• D. Retain all unused modules and application extensions.

Answer: C

NEW QUESTION # 36
Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities In the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?

• A. Wardriving
• B. Pharming
• C. Pretexting
• D. Skimming

Answer: B

Explanation:
Explanation
A pharming attacker tries to send a web site's traffic to a faux website controlled by the offender, typically for the aim of collection sensitive data from victims or putting in malware on their machines. Attacker tend to specialize in making look-alike ecommerce and digital banking websites to reap credentials and payment card data.
Though they share similar goals, pharming uses a special technique from phishing. "Pharming attacker are targeted on manipulating a system, instead of tricking people into reaching to a dangerous web site," explains David Emm, principal security man of science at Kaspersky. "When either a phishing or pharming attacker is completed by a criminal, they need a similar driving issue to induce victims onto a corrupt location, however the mechanisms during which this is often undertaken are completely different."

NEW QUESTION # 37
......

Get Perfect Results with Premium 312-50v11 Dumps Updated 525 Questions: https://prep4sure.dumpexams.com/312-50v11-vce-torrent.html