312-50v12 EC-Council Exam Questions and Free Practice Test

Jonnie Karnath2023-04-02T00:53:09+00:00

If you’re looking to pass the EC-Council 312-50v12 exam, Certspot 312-50v12 EC-Council exam questions and free practice test are an excellent choice. These 312-50v12 questions and answers are designed to help you prepare for the exam by providing you with up-to-date and accurate information on the exam topics. One of the best things about Certspot 312-50v12 EC-Council exam questions and free practice test is that it’s designed to be user-friendly and easy to understand. Whether you’re a beginner or an experienced professional, their preparation material will help you gain a better understanding of the subject matter and allow you to test your knowledge before the actual exam.

Page 1 of 16

1. David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities.

Which phase of the vulnerability-management life cycle is David currently in?

verification

Risk assessment

Vulnerability scan

Remediation

2. An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password.

What kind of attack is this?

MAC spoofing attack

Evil-twin attack

War driving attack

Phishing attack

3. In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Do not reply to email messages or popup ads asking for personal or financial information

Do not trust telephone numbers in e-mails or popup ads

Review credit card and bank account statements regularly

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

Do not send credit card numbers, and personal or financial information via e-mail

4. Bill has been hired as a penetration tester and cyber security auditor for a major credit card company.

Which information security standard is most applicable to his role?

FISMA

HITECH

PCI-DSS

Sarbanes-OxleyAct

5. Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network.

Which of the following tools was employed by Lewis in the above scenario?

Censys

Wapiti

NeuVector

Lacework

6. What tool can crack Windows SMB passwords simply by listening to network traffic?

This is not possible

Netbus

NTFSDOS

L0phtcrack

7. Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

DROWN attack

Padding oracle attack

Side-channel attack

DUHK attack

8. Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Wireshark

Maltego

Metasploit

Nessus

9. To hide the file on a Linux system, you have to start the filename with a specific character.

What is the character?

Exclamation mark (!)

Underscore (_)

Tilde H

Period (.)

10. The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

Public

Private

Shared

Root

Page 2 of 16

11. When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

What proxy tool will help you find web vulnerabilities?

Maskgen

Dimitry

Burpsuite

Proxychains

12. Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

BA810DBA98995F1817306D272A9441BB

44EFCE164AB921CQAAD3B435B51404EE

0182BD0BD4444BF836077A718CCDF409

CEC52EB9C8E3455DC2265B23734E0DAC

B757BF5C0D87772FAAD3B435B51404EE

E52CAC67419A9A224A3B108F3FA6CB6D

13. Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted.

What is the name of the command used by SMTP to transmit email over TLS?

OPPORTUNISTICTLS

UPGRADETLS

FORCETLS

STARTTLS

14. During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.

What is this type of DNS configuration commonly called?

DynDNS

DNS Scheme

DNSSEC

Split DNS

15. Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘'or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

Null byte

IP fragmentation

Char encoding

Variation

16. An attacker scans a host with the below command.

Which three flags are set?

# nmap -sX host.domain.com

This is SYN scan. SYN flag is set.

This is Xmas scan. URG, PUSH and FIN are set.

This is ACK scan. ACK flag is set.

This is Xmas scan. SYN and ACK flags are set.

17. 1.Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Nikto

John the Ripper

Dsniff

Snort

18. What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

Reveals the daily outgoing message limits before mailboxes are locked

The internal command RCPT provides a list of ports open to message traffic.

A list of all mail proxy server addresses used by the targeted host

19. If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

Criminal

International

Common

Civil

20. A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24.

Which of the following has occurred?

The computer is not using a private IP address.

The gateway is not routing to a public IP address.

The gateway and the computer are not on the same network.

The computer is using an invalid IP address.

Page 3 of 16

21. When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration.

What type of an alert is this?

False negative

True negative

True positive

False positive

22. During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

Server Message Block (SMB)

Network File System (NFS)

Remote procedure call (RPC)

Telnet

23. Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

To determine who is the holder of the root account

To perform a DoS

To create needless SPAM

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

To test for virus protection

24. Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.

Which type of virus detection method did Chandler use in this context?

Heuristic Analysis

Code Emulation

Scanning

Integrity checking

25. Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?

[inurl:]

[related:]

[info:]

[site:]

26. While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

Cookie Tampering

SQL Injection

Web Parameter Tampering

XSS Reflection

27. One of your team members has asked you to analyze the following SOA record.

What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

200303028

3600

604800

2400

4800

28. A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

tcp.port = = 21

tcp.port = 23

tcp.port = = 21 | | tcp.port = =22

tcp.port ! = 21

29. Mirai malware targets loT devices.

After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

MITM attack

Birthday attack

DDoS attack

Password attack

30. Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company.

What is the social engineering technique Steve employed in the above scenario?

Diversion theft

Baiting

Honey trap

Piggybacking

Page 4 of 16

31. Which among the following is the best example of the third step (delivery) in the cyber kill chain?

An intruder sends a malicious attachment via email to a target.

An intruder creates malware to be used as a malicious attachment to an email.

An intruder's malware is triggered when a target opens a malicious email attachment.

An intruder's malware is installed on a target's machine.

32. An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data.

What type of attack is this?

Phishing

Vlishing

Spoofing

DDoS

33. Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics:

- Verifies success or failure of an attack

- Monitors system activities Detects attacks that a network-based IDS fails to detect

- Near real-time detection and response

- Does not require additional hardware

- Lower entry cost.

Which type of IDS is best suited for Tremp's requirements?

Gateway-based IDS

Network-based IDS

Host-based IDS

Open source-based

34. On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

Emergency Plan Response (EPR)

Business Impact Analysis (BIA)

Risk Mitigation

Disaster Recovery Planning (DRP)

35. An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop

for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Side-channel attack

Denial-of-service attack

HMI-based attack

Buffer overflow attack

36. Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine.

Which of the following techniques is used by Joel in the above scenario?

DNS rebinding attack

Clickjacking attack

MarioNet attack

Watering hole attack

37. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Residual risk

Impact risk

Deferred risk

Inherent risk

38. Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network.

What type of footprinting technique is employed by Richard?

VoIP footprinting

VPN footprinting

Whois footprinting

Email footprinting

39. Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization.

Which of the following cloud attacks did Alice perform in the above scenario?

Cloud hopper attack

Cloud cryptojacking

Cloudborne attack

Man-in-the-cloud (MITC) attack

40. John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server.

What is the technique employed by John to bypass the firewall?

DNS cache snooping

DNSSEC zone walking

DNS tunneling method

DNS enumeration

Page 5 of 16

41. Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0.

What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

Medium

Low

Critical

High

42. Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network.

What should Bob do to avoid this problem?

Disable unused ports in the switches

Separate students in a different VLAN

Use the 802.1x protocol

Ask students to use the wireless network

43. Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system.

What is the tool employed by Miley to perform the above attack?

Gobbler

KDerpNSpoof

BetterCAP

Wireshark

44. What is GINA?

Gateway Interface Network Application

GUI Installed Network Application CLASS

Global Internet National Authority (G-USA)

Graphical Identification and Authentication DLL

45. When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open” but sets the SSID to a 32-character string of random letters and numbers.

What is an accurate assessment of this scenario from a security perspective?

Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.

Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.

It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

Javik’s router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

46. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

nessus

tcpdump

ethereal

jack the ripper

47. How does a denial-of-service attack work?

A hacker prevents a legitimate user (or group of users) from accessing a service

A hacker uses every character, word, or letter he or she can think of to defeat authentication

A hacker tries to decipher a password by using a system, which subsequently crashes the network

A hacker attempts to imitate a legitimate user by confusing a computer or even another person

48. Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Presentation tier

Application Layer

Logic tier

Data tier

49. You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation.

Which of the following is appropriate to analyze?

IDS log

Event logs on domain controller

Internet Firewall/Proxy log.

Event logs on the PC

50. Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

ESP transport mode

ESP confidential

AH permiscuous

AH Tunnel mode

Page 6 of 16

51. User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email.

At what layer of the OSI layer does the encryption and decryption of the message take place?

Application

Transport

Session

Presentation

52. Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack.

What is the type of vulnerability assessment performed by johnson in the above scenario?

Host-based assessment

Wireless network assessment

Application assessment

Distributed assessment

53. Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

Preparation phase

Containment phase

Identification phase

Recovery phase

54. Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same

structure as the original one?

Error-based injection

Boolean-based blind SQL injection

Blind SQL injection

Union SQL injection

55. Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.

Identify the behavior of the adversary In the above scenario.

use of command-line interface

Data staging

Unspecified proxy activities

Use of DNS tunneling

56. Which definition among those given below best describes a covert channel?

A server program using a port that is not well known.

Making use of a protocol in a way it is not intended to be used.

It is the multiplexing taking place on a communication link.

It is one of the weak channels used by WEP which makes it insecure

57. Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

Bryan’s public key; Bryan’s public key

Alice’s public key; Alice’s public key

Bryan’s private key; Alice’s public key

Bryan’s public key; Alice’s public key

58. An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.

What is the best example of a scareware attack?

A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"

A banner appears to a user stating, "Your account has been locked. Click here to reset your password and unlock your account."

A banner appears to a user stating, "Your Amazon order has been delayed. Click here to find out your new delivery date."

A pop-up appears to a user stating, "Your computer may have been infected with spyware. Click here to install an anti-spyware tool to resolve this issue."

59. A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library

are required to allow the NIC to work in promiscuous mode?

Libpcap

Awinpcap

Winprom

Winpcap

60. Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring.

Which of the following is this type of solution?

SaaS

IaaS

CaaS

PasS

Page 7 of 16

61. Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

Honeypots

Firewalls

Network-based intrusion detection system (NIDS)

Host-based intrusion detection system (HIDS)

62. Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request.

Which of the following techniques is employed by Dayn to detect honeypots?

Detecting honeypots running on VMware

Detecting the presence of Honeyd honeypots

Detecting the presence of Snort_inline honeypots

Detecting the presence of Sebek-based honeypots

63. Which of the following tools are used for enumeration? (Choose three.)

SolarWinds

USER2SID

Cheops

SID2USER

DumpSec

64. Dorian Is sending a digitally signed email to Polly, with which key is Dorian signing this message and how is Poly validating It?

Dorian is signing the message with his public key. and Poly will verify that the message came from Dorian by using Dorian's private key.

Dorian Is signing the message with Polys public key. and Poly will verify that the message came from Dorian by using Dorian's public key.

Dorian is signing the message with his private key. and Poly will verify that the message came from Dorian by using Dorian's public key.

Dorian is signing the message with Polys private key. and Poly will verify mat the message came from Dorian by using Dorian's public key.

65. You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

Nmap

Cain & Abel

Nessus

Snort

66. Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intelligence into the security devices in a digital format to block and identify inbound and outbound malicious traffic entering the organization's network.

Which type of threat intelligence is used by Roma to secure the internal network?

Technical threat intelligence

Operational threat intelligence

Tactical threat intelligence

Strategic threat intelligence

67. Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries.

Which of the following tiers of the container technology architecture Is Abel currently working in?

Tier-1: Developer machines

Tier-4: Orchestrators

Tier-3: Registries

Tier-2: Testing and accreditation systems

68. Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives.

What is the tool employed by Mason in the above scenario?

NetPass.exe

Outlook scraper

WebBrowserPassView

Credential enumerator

69. Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

Role Based Access Control (RBAC)

Discretionary Access Control (DAC)

Single sign-on

Windows authentication

70. Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail.

What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

Authentication

Confidentiality

Integrity

Non-Repudiation

Page 8 of 16

71. What type of a vulnerability/attack is it when the malicious person forces the user’s browser

to send an authenticated request to a server?

Session hijacking

Server side request forgery

Cross-site request forgery

Cross-site scripting

72. The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it.

Which of the following options can be useful to ensure the integrity of the data?

The CFO can use a hash algorithm in the document once he approved the financial statements

The CFO can use an excel file with a password

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

The document can be sent to the accountant using an exclusive USB for that document

73. Which of the following tools can be used for passive OS fingerprinting?

nmap

tcpdump

tracert

ping

74. Which tool can be used to silently copy files from USB devices?

USB Grabber

USB Snoopy

USB Sniffer

Use Dumper

75. What would you enter if you wanted to perform a stealth scan using Nmap?

nmap -sM

nmap -sU

nmap -sS

nmap -sT

76. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing

research to locate this information about a company is known as?

Exploration

Investigation

Reconnaissance

Enumeration

77. Study the following log extract and identify the attack.

Hexcode Attack

Cross Site Scripting

Multiple Domain Traversal Attack

Unicode Directory Traversal Attack

78. This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information.

What type of attack is this?

Time-based SQL injection

Union SQL injection

Error-based SQL injection

Blind SQL injection

79. Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?

“GET /restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”

“GET /restricted/r
%00account%00Ned%00access HTTP/1.1 Host: westbank.com”

“GET /restricted/accounts/?name=Ned HTTP/1.1 Host westbank.com”

“GET /restricted/ HTTP/1.1 Host: westbank.com

80. Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address.

Which of the following Nmap commands helped Jim retrieve the required information?

nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >

nmap -Pn -sU -p 44818 --script enip-info < Target IP >

nmap -Pn -sT -p 46824 < Target IP >

nmap -Pn -sT -p 102 --script s7-info < Target IP >

Page 9 of 16

81. _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Trojan

RootKit

DoS tool

Scanner

Backdoor

82. The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access the Internet.

According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

The ACL 104 needs to be first because is UDP

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

The ACL for FTP must be before the ACL 110

The ACL 110 needs to be changed to port 80

83. Which of the following program infects the system boot sector and the executable files at the same time?

Polymorphic virus

Stealth virus

Multipartite Virus

Macro virus

84. Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes.

Which of the following footprinting techniques did Rachel use to finish her task?

Reverse image search

Meta search engines

Advanced image search

Google advanced search

85. #!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100:

buffer.append (““A””*counter)

counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN .”’,““TRUN .””,““GMON

.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command commands: for

buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring))

s=socket.socket(socket.AF_INET,

socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50)

s.send(command+buffstring) s.close()

What is the code written for?

Denial-of-service (DOS)

Buffer Overflow

Bruteforce

Encryption

86. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

0x60

0x80

0x70

0x90

87. Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail.

What do you want to ““know”” to prove yourself that it was Bob who had send a mail?

Non-Repudiation

Integrity

Authentication

Confidentiality

88. Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

tcptrace

Nessus

OpenVAS

tcptraceroute

89. During the process of encryption and decryption, what keys are shared?

Private keys

User passwords

Public keys

Public and private keys

90. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: [email protected]

To: [email protected] Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

Email Masquerading

Email Harvesting

Email Phishing

Email Spoofing

Page 10 of 16

91. What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

Performing content enumeration using the bruteforce mode and 10 threads

Shipping SSL certificate verification

Performing content enumeration using a wordlist

Performing content enumeration using the bruteforce mode and random file extensions

92. In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

Full Blown

Thorough

Hybrid

BruteDics

93. John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization.

Which of the following attack techniques is used by John?

Advanced persistent theft

threat Diversion theft

Spear-phishing sites

insider threat

94. A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Man-in-the-middle attack

Brute-force attack

Dictionary attack

Session hijacking

95. The network administrator at Spears Technology, Inc has configured the default gateway

Cisco router's access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router.

How would you proceed?

Use the Cisco's TFTP default password to connect and download the configuration file

Run a network sniffer and capture the returned traffic with the configuration file from the router

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

Send a customized SNMP set request with a spoofed source IP address in the range - 192.168.1.0

96. You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan.

What flag will you use to satisfy this requirement?

The -A flag

The -g flag

The -f flag

The -D flag

97. George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all his online activities.

Which of the following anonymizers helps George hide his activities?

https://www.baidu.com

https://www.guardster.com

https://www.wolframalpha.com

https://karmadecay.com

98. Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet.

He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?

Known plaintext

Password spraying

Brute force

Dictionary

99. An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML

code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines.

Which one of the following tools the hacker probably used to inject HTML code?

Wireshark

Ettercap

Aircrack-ng

Tcpdump

100. Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

ACK flag probe scanning

ICMP Echo scanning

SYN/FIN scanning using IP fragments

IPID scanning

Page 11 of 16

101. Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequently susceptible to internal users. He decides to draft an email, spoof the sender as the internal IT team, and attach a malicious file disguised as a financial spreadsheet. Before Josh sends the email, he decides to investigate other methods of getting the file onto the system. For this particular attempt, what was the last stage of the cyber kill chain that Josh performed?

Exploitation

Weaponization

Delivery

Reconnaissance

102. What is the following command used for?

net use targetipc$ "" /u:""

Grabbing the etc/passwd file

Grabbing the SAM

Connecting to a Linux computer through Samba.

This command is used to connect as a null session

Enumeration of Cisco routers

103. This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

What is this attack?

Cross-site-scripting attack

SQL Injection

URL Traversal attack

Buffer Overflow attack

104. Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.

Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

WSDL

WS Work Processes

WS-Policy

WS-Security

105. Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23

- 54373 10.249.253.15

- 22 tcp_ip

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

106. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

The switches will drop into hub mode if the ARP cache is successfully flooded.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

The switches will route all traffic to the broadcast address created collisions.

107. Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine.

What is the social engineering technique Steve employed in the above scenario?

Quid pro quo

Diversion theft

Elicitation

Phishing

108. You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Traffic is Blocked on UDP Port 53

Traffic is Blocked on TCP Port 80

Traffic is Blocked on TCP Port 54

Traffic is Blocked on UDP Port 80

109. Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages.

What is the type of spyware that Jake used to infect the target device?

DroidSheep

Androrat

Zscaler

Trident

110. You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.

What is the recommended architecture in terms of server placement?

All three servers need to be placed internally

A web server facing the Internet, an application server on the internal network, a database server on the internal network

A web server and the database server facing the Internet, an application server on the internal network

All three servers need to face the Internet so that they can communicate between themselves

Page 12 of 16

111. Mary found a high vulnerability during a vulnerability scan and notified her server team. After analysis, they sent her proof that a fix to that issue had already been applied. The vulnerability that Marry found is called what?

False-negative

False-positive

Brute force attack

Backdoor

112. Password cracking programs reverse the hashing process to recover passwords. (True/False.)

True

False

113. The establishment of a TCP connection involves a negotiation called three-way handshake.

What type of message does the client send to the server in order to begin this negotiation?

ACK

SYN

RST

SYN-ACK

114. John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later.

What would John be considered as?

Cybercriminal

Black hat

White hat

Gray hat

115. Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports.

What happens when the CAM table becomes full?

Switch then acts as hub by broadcasting packets to all machines on the network

The CAM overflow table will cause the switch to crash causing Denial of Service

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

116. CORRECT TEXT

Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. B/enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.

identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

<1B>

<00>

<03>

<20>

117. Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities.

During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

False positives

True negatives

True positives

False negatives

118. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.

What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

tcp.srcport= = 514 && ip.src= = 192.168.0.99

tcp.srcport= = 514 && ip.src= = 192.168.150

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

119. While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed.

What most likely happened?

Matt inadvertently provided the answers to his security questions when responding to the post.

Matt's bank-account login information was brute forced.

Matt Inadvertently provided his password when responding to the post.

Matt's computer was infected with a keylogger.

120. You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan)

xxxxxxx xxxxxx xxxxxxxxx. QUITTING! What seems to be wrong?

The nmap syntax is wrong.

This is a common behavior for a corrupted nmap application.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

OS Scan requires root privileges.

Page 13 of 16

121. If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP.

Which other option could the tester use to get a response from a host using TCP?

Traceroute

Hping

TCP ping

Broadcast ping

122. Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.

What is the API vulnerability revealed in the above scenario?

Code injections

Improper use of CORS

No ABAC validation

Business logic flaws

123. By using a smart card and pin, you are using a two-factor authentication that satisfies

Something you are and something you remember

Something you have and something you know

Something you know and something you are

Something you have and something you are

124. Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

msfpayload

msfcli

msfd

msfencode

125. Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account.

What is the technique used by Sam to compromise the AWS IAM credentials?

Social engineering

insider threat

Password reuse

Reverse engineering

126. Given below are different steps involved in the vulnerability-management life cycle.

1) Remediation

2) Identify assets and create a baseline

3) Verification

4) Monitor

5) Vulnerability scan

6) Risk assessment

Identify the correct sequence of steps involved in vulnerability management.

2-->5-->6-->1-->3-->4

2-->1-->5-->6-->4-->3

2-->4-->5-->3-->6--> 1

1-->2-->3-->4-->5-->6

127. Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

Enumeration

Vulnerability analysis

Malware analysis

Scanning networks

128. This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-2S6. MMAC-SHA384, and ECDSA using a 384-bit elliptic curve.

Which is this wireless security protocol?

WPA2 Personal

WPA3-Personal

WPA2-Enterprise

WPA3-Enterprise

129. An attacker with access to the inside network of a small company launches a successful STP manipulation attack.

What will he do next?

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

He will activate OSPF on the spoofed root bridge.

He will repeat this action so that it escalates to a DoS attack.

He will repeat the same attack against all L2 switches of the network.

130. By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext.

Which file do you have to clean to clear the password?

.X session-log

.bashrc

.profile

.bash_history

Page 14 of 16

131. Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data.

Which of the following regulations is mostly violated?

HIPPA/PHl

Pll

PCIDSS

ISO 2002

132. What is the role of test automation in security testing?

It is an option but it tends to be very expensive.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

Test automation is not usable in security due to the complexity of the tests.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

133. You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD.

Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

John the Ripper

SET

CHNTPW

Cain & Abel

134. Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Converts passwords to uppercase.

Hashes are sent in clear text over the network.

Makes use of only 32-bit encryption.

Effective length is 7 characters.

135. Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website.

What is the attack performed by Bobby in the above scenario?

Wardriving

KRACK attack

jamming signal attack

aLTEr attack

136. Which of the following is not a Bluetooth attack?

Bluedriving

Bluesmacking

Bluejacking

Bluesnarfing

137. Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials.

Which of the following tools is employed by Clark to create the spoofed email?

PyLoris

Slowloris

Evilginx

PLCinject

138. BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory.

What is this mechanism called in cryptography?

Key archival

Key escrow.

Certificate rollover

Key renewal

139. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the

Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]”.

Which

statement below is true?

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

This is a scam because Bob does not know Scott.

Bob should write to [email protected] to verify the identity of Scott.

This is probably a legitimate message as it comes from a respectable organization.

140. Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1) for performing its functions.

What is the algorithm employed by Harper to secure the email messages?

CAST-128

AES

GOST block cipher

DES

Page 15 of 16

141. in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits.

Which is this encryption algorithm?

IDEA

Triple Data Encryption standard

MDS encryption algorithm

AES

142. E-mail scams and mail fraud are regulated by which of the following?

par. 1030 Fraud and Related activity in connection with Computers

par. 1029 Fraud and Related activity in connection with Access Devices

par. 1362 Communication Lines, Stations, or Systems

par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

143. Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

User-mode rootkit

Library-level rootkit

Kernel-level rootkit

Hypervisor-level rootkit

144. ping-* 6 192.168.0.101

Output:

Pinging 192.168.0.101 with 32 bytes of data:

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101: bytes=32 time<1ms TTL=128

Reply from 192.168.0.101:

Ping statistics for 192.168.0101

Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

What does the option * indicate?

145. Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

Evil twin attack

DNS cache flooding

MAC flooding

DDoS attack

146. While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence.

What is the purpose of using "-si" with Nmap?

Conduct stealth scan

Conduct ICMP scan

Conduct IDLE scan

Conduct silent scan

147. Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Overloading Port Address Translation

Dynamic Port Address Translation

Dynamic Network Address Translation

Static Network Address Translation

148. When a security analyst prepares for the formal security assessment

- what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Data items and vulnerability scanning

Interviewing employees and network engineers

Reviewing the firewalls configuration

Source code review

149. What is the following command used for?

sqlmap.py-u ,,http://10.10.1.20/?p=1&forumaction=search" -dbs

Creating backdoors using SQL injection

A Enumerating the databases in the DBMS for the URL

Retrieving SQL statements being executed on the database

Searching database statements at the IP address given

150. A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine.

Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan?

-PY

-PU

-PP

-Pn

Page 16 of 16

151. Which of the following tactics uses malicious code to redirect users' web traffic?

Spimming

Pharming

Phishing

Spear-phishing

152. Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.

Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

SNMPUtil

SNScan

SNMPScan

Solarwinds IP Network Browser

NMap

Facebook Twitter LinkedIn Google + Email

312-50v12 EC-Council Exam Questions and Free Practice Test

312-50v12 EC-Council Exam Questions and Free Practice Test

Author

LEAVE A COMMENT Cancel reply

Related Posts

Get Latest and Valid Ec-council 312-38 Exam Questions [2023]

Get ECCouncil CASE JAVA 312-96 Dumps Questions For Best Preparation

Latest EC-Council 312-85 Dumps Questions – Pass Exam With Ease [2023]

Best EC-Council 212-82 Dumps [2023] With Real Exam Questions