Best EC-Council 312-50v12 Exam Questions For Preparation

1. Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%.

Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

2. Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

3. Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

4. What is the proper response for a NULL scan if the port is closed?

5. Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

6. Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:





After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

7. What is the purpose of a demilitarized zone on a network?

8. 1.Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

9. Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

10. What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

11. The establishment of a TCP connection involves a negotiation called three-way handshake.

What type of message does the client send to the server in order to begin this negotiation?

12. Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

13. Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

14. You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

15. You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

16. The collection of potentially actionable, overt, and publicly available information is known as

17. When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration.

What type of an alert is this?

18. Which DNS resource record can indicate how long any "DNS poisoning" could last?

19. PGP, SSL, and IKE are all examples of which type of cryptography?

20. A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing C Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network.

What tool should the analyst use to perform a Blackjacking attack?

21. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

22. What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

23. You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.

What is the recommended architecture in terms of server placement?

24. Why should the security analyst disable/remove unnecessary ISAPI filters?

25. DHCP snooping is a great solution to prevent rogue DHCP servers on your network.

Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

26. Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.

He identified this when the IDS alerted for malware activities in the network.

What should Bob do to avoid this problem?

27. Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted.

What is the name of the command used by SMTP to transmit email over TLS?

28. An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site.

Which file does the attacker need to modify?

29. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the

Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]”.

Which

statement below is true?

30. Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

31. What is not a PCI compliance recommendation?

32. Which type of security feature stops vehicles from crashing through the doors of a building?

33. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

34. Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

35. Which is the first step followed by Vulnerability Scanners for scanning a network?

36. Which of the following programs is usually targeted at Microsoft Office products?

37. The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it.

Which of the following options can be useful to ensure the integrity of the data?

38. While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

39. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

40. As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

41. In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

42. A company’s policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as display filter to find unencrypted file transfers?

43. A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24.

Which of the following has occurred?

44. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network.

What are some things he can do to prevent it? Select the best answers.

45. Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

46. What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

47. You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD.

Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

48. Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor".

Here is the output of the SIDs:





From the above list identify the user account with System Administrator privileges.

49. A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.

What is the best security policy concerning this setup?

50. Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.

Which tool can be used to perform session splicing attacks?

51. Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

52. Study the snort rule given below:





From the options below, choose the exploit against which this rule applies.

53. What is correct about digital signatures?

54. What is the role of test automation in security testing?

55. Which of the following is assured by the use of a hash?

56. The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

57. A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system.

What is the first step that the bank should take before enabling the audit feature?

58. A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.

What is a possible source of this problem?

59. What is the minimum number of network connections in a multihomed firewall?

60. A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

61. Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

62. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B.

How do you prevent DNS spoofing?

63. Which system consists of a publicly available set of databases that contain domain name registration contact information?

64. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

What testing method did you use?

65. Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

66. What two conditions must a digital signature meet?

67. Which regulation defines security and privacy controls for Federal information systems and organizations?

68. env x=’(){ :;};echo exploit’ bash Cc ‘cat/etc/passwd’

What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

69. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

70. The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%).

What is the closest approximate cost of this replacement and recovery operation per year?

71. Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

What do you think Tess King is trying to accomplish? Select the best answer.

72. Under what conditions does a secondary name server request a zone transfer from a primary name server?

73. Which method of password cracking takes the most time and effort?

74. During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded.

What type of firewall is inspecting outbound traffic?

75. Which of the following tools can be used to perform a zone transfer?

76. An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML

code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines.

Which one of the following tools the hacker probably used to inject HTML code?

77. Which of the following program infects the system boot sector and the executable files at the same time?

78. To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.

What term is commonly used when referring to this type of testing?

79. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: [email protected]

To: [email protected] Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

80. Which results will be returned with the following Google search query? site:target.com C site:Marketing.target.com accounting

81. An attacker with access to the inside network of a small company launches a successful STP manipulation attack.

What will he do next?

82. You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information.

How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

83. Which of the following tools are used for enumeration? (Choose three.)

84. What is the proper response for a NULL scan if the port is open?

85. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

86. Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

87. Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

88. Which of the following describes the characteristics of a Boot Sector Virus?

89. “........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

90. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

91. Which of the following is a component of a risk assessment?

92. Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

93. The “Gray-box testing” methodology enforces what kind of restriction?

94. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

95. What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

96. Which of the following is not a Bluetooth attack?

97. Todd has been asked by the security officer to purchase a counter-based authentication system.

Which of the following best describes this type of system?

98. is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

99. You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use?

100. Peter is surfing the internet looking for information about DX Company.

Which hacking process is Peter doing?