Jase. a security team member at an organization, was tasked with ensuring uninterrupted business operations under hazardous conditions. Thus, Jase implemented a deterrent control strategy to minimize the occurrence of threats, protect critical business areas, and mitigate the impact of threats. Which of the following business continuity and disaster recovery activities did Jase perform in this scenario?
A. Prevention
B. Response
C. Restoration
D. Recovery
Correct Answer: A
Explanation: Prevention is the business continuity and disaster recovery activity performed by Jase in this scenario. Prevention is an activity that involves implementing a deterrent control strategy to minimize the occurrence of threats, protect critical business areas, and mitigate the impact of threats. Prevention can include measures such as backup systems, firewalls, antivirus software, or physical security1. References: Prevention Activity in BCDR
Question 12:
Maisie. a new employee at an organization, was given an access badge with access to only the first and third floors of the organizational premises. Maisie Hied scanning her access badge against the badge reader at the second-floor entrance but was unsuccessful. Identify the short-range wireless communication technology used by the organization in this scenario.
A. RFID
B. Li-Fi
C. Bluetooth
D. Wi Fi
Correct Answer: A
Explanation: RFID (Radio Frequency Identification) is a short-range wireless communication technology that uses radio waves to identify and track objects. RFID tags are attached to objects and RFID readers scan the tags to obtain the information stored in them. RFID is commonly used for access control, inventory management, and identification3. References: What is RFID?
Question 13:
A software company develops new software products by following the best practices for secure application development. Dawson, a software analyst, is responsible for checking the performance of applications in the client's network to determine any issue faced by end users while accessing the application.
Which of the following tiers of the secure application development lifecycle involves checking the application performance?
A. Development
B. Staging
C. Testing
D. Quality assurance (QA)
Correct Answer: C
Explanation: Testing is the tier of the secure application development lifecycle that involves checking the application performance in the above scenario. Secure application development is a process that involves designing, developing, deploying, and maintaining software applications that are secure and resilient to threats and attacks. Secure application development can be based on various models or frameworks, such as SDLC (Software Development Life Cycle), OWASP (Open Web Application Security Project), etc. Secure application development consists of various tiers or stages that perform different tasks or roles. Testing is a tier of the secure application development lifecycle that involves verifying and validating the functionality and security of software applications before releasing them to end users. Testing can include various types of tests, such as unit testing, integration testing, system testing, performance testing, security testing, etc. Testing can be used to check the application performance and identify any errors, bugs, or vulnerabilities in the software applications. In the scenario, a software company develops new software products by following the best practices for secure application development. Dawson, a software analyst, is responsible for checking the performance of applications in the client's network to determine any issue faced by end users while accessing the application. This means that he performs testing for this purpose. Development is a tier of the secure application development lifecycle that involves creating and coding software applications according to the design and specifications. Staging is a tier of the secure application development lifecycle that involves deploying software applications to a simulated or pre-production environment for testing or evaluation purposes. Quality assurance (QA) is a tier of the secure application development lifecycle that involves ensuring that software applications meet the quality standards and expectations of end users and stakeholders
Question 14:
A text file containing sensitive information about the organization has been leaked and modified to bring down the reputation of the organization. As a safety measure, the organization did contain the MD5 hash of the original file. The file which has been leaked is retained for examining the integrity. A file named "Sensitiveinfo.txt" along with OriginalFileHash.txt has been stored in a folder named Hash in Documents of Attacker Machine-1. Compare the hash value of the original file with the leaked file and state whether the file has been modified or not by selecting yes or no.
A. No
B. Yes
Correct Answer: B
Explanation: Yes is the answer to whether the file has been modified or not in the above scenario. A hash is a fixed-length string that is generated by applying a mathematical function, called a hash function, to a piece of data, such as a file or a message. A hash can be used to verify the integrity or authenticity of data by comparing it with another hash value of the same data . A hash value is unique and any change in the data will result in a different hash value . To compare the hash value of the original file with the leaked file and state whether the file has been modified or not, one has to follow these steps: Navigate to Hash folder in Documents of Attacker-1 machine. Open OriginalFileHash.txt file with a text editor. Note down the MD5 hash value of the original file as 8f14e45fceea167a5a36dedd4bea2543 Open Command Prompt and change directory to Hash folder using cd command. Type certutil -hashfile Sensitiveinfo.txt MD5 and press Enter key to generate MD5 hash value of leaked file. Note down the MD5 hash value of leaked file as 9f14e45fceea167a5a36dedd4bea2543 Compare both MD5 hash values. The MD5 hash values are different , which means that the file has been modified.
Question 15:
Thomas, an employee of an organization, is restricted from accessing specific websites from his office system. He is trying to obtain admin credentials to remove the restrictions. While waiting for an opportunity, he sniffed communication between the administrator and an application server to retrieve the admin credentials. Identify the type of attack performed by Thomas in the above scenario.
A. Vishing
B. Eavesdropping
C. Phishing
D. Dumpster diving
Correct Answer: B
Explanation: The correct answer is B, as it identifies the type of attack performed by Thomas in the above scenario. Eavesdropping is a type of attack that involves intercepting and listening to the communication between two parties without their knowledge or consent. Thomas performed eavesdropping by sniffing communication between the administrator and an application server to retrieve the admin credentials. Option A is incorrect, as it does not identify the type of attack performed by Thomas in the above scenario. Vishing is a type of attack that involves using voice calls to trick people into revealing sensitive information or performing malicious actions. Thomas did not use voice calls but sniffed network traffic. Option C is incorrect, as it does not identify the type of attack performed by Thomas in the above scenario. Phishing is a type of attack that involves sending fraudulent emails or messages that appear to be from legitimate sources to lure people into revealing sensitive information or performing malicious actions. Thomas did not send any emails or messages but sniffed network traffic. Option D is incorrect, as it does not identify the type of attack performed by Thomas in the above scenario. Dumpster diving is a type of attack that involves searching through trash or discarded items to find valuable information or resources. Thomas did not search through trash or discarded items but sniffed network traffic. References: Section 2.2
Question 16:
Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.
A. 64
B. 128
C. 255
D. 138
Correct Answer: B
Explanation: 128 is the TTL value that Henry obtained, which indicates that the target OS is Windows. TTL (Time to Live) is a field in the IP (Internet Protocol) header that specifies how long a packet can remain in a network before it is discarded or dropped. TTL is usually expressed in seconds or hops (the number of routers or gateways that a packet passes through). TTL is used to prevent packets from looping endlessly in a network or consuming network resources . Different operating systems have different default TTL values for their packets. By observing the TTL value of a packet from a target system or network, one can infer the operating system of the target . Some common TTL values and their corresponding operating systems are:
64: Linux, Unix, Android
128: Windows
255: Cisco IOS
60: Mac OS
In the scenario, Henry used Nmap tool to discover the OS of the target system. Nmap (Network Mapper) is a tool that can perform various network scanning and enumeration tasks, such as port scanning, OS detection, service identification,
etc . Nmap can use various techniques to detect the OS of a target system, such as TCP/IP fingerprinting, which involves analyzing various TCP/IP characteristics of packets from the target system, such as TTL value. In the scenario, Henry
obtained a TTL value of 128 , which indicates that the target OS is Windows.
Question 17:
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?
A. Quid pro quo
B. Diversion theft
C. Elicitation
D. Phishing
Correct Answer: A
Explanation: Quid pro quo is the social engineering technique that Johnson employed in the above scenario. Quid pro quo is a social engineering method that involves offering a service or a benefit in exchange for information or access. Quid pro quo can be used to trick victims into believing that they are receiving help or assistance from a legitimate source, while in fact they are compromising their security or privacy. In the scenario, Johnson performed quid pro quo by claiming himself to represent a technical support team from a vendor and offering to help sibertech.org with a server issue, while in fact he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson's machine. If you want to learn more about social engineering techniques, you can check out these resources:
[1] A guide to different types of social engineering attacks and how to prevent them: [https://www.csoonline.com/article/2124681/what-is-social-engineering.html] [2] A video that explains how quid pro quo works and how to avoid falling for it: [https://www.youtube.com/watch?v=3Yy0gZ9xw8g]
[3] A quiz that tests your knowledge of social engineering techniques and scenarios: [https://www.proprofs.com/quiz-school/story.php?title=social- engineering-quiz]
Question 18:
Juan, a safety officer at an organization, installed a physical lock at the entrance of each floor. All employees in the organization were allotted a smart card embedded in their ID cards, which had to be swiped to unlock doors and Access any floor. Which of the following types of physical locks did Juan install In this scenario?
A. Mechanical locks
B. Digital locks
C. Combination locks
D. Electromagnetic locks
Correct Answer: B
Explanation: Digital locks are the types of physical locks that Juan installed in this scenario. A physical lock is a device that prevents or restricts access to a physical location or environment, such as a door, a cabinet, a drawer, etc. A physical lock can have different types based on its mechanism or technology. A digital lock is a type of physical lock that uses electronic or digital components, such as a keypad, a card reader, a fingerprint scanner, etc., to unlock or lock . A digital lock can be used to provide enhanced security and convenience to users, but it can also be vulnerable to hacking or tampering. In the scenario, Juan installed a physical lock at the entrance of each floor. All employees in the organization were allotted a smart card embedded in their ID cards, which had to be swiped to unlock doors and access any floor. This means that he installed digital locks for those doors. A mechanical lock is a type of physical lock that uses mechanical components, such as a key, a bolt, a latch, etc., to unlock or lock. A combination lock is a type of physical lock that uses a sequence of numbers or symbols, such as a dial, a wheel, or a keypad, to unlock or lock. An electromagnetic lock is a type of physical lock that uses an electromagnet and an armature plate to unlock or lock.
Question 19:
Myles, a security professional at an organization, provided laptops for all the employees to carry out the business processes from remote locations. While installing necessary applications required for the business, Myles has also installed antivirus software on each laptop following the company's policy to detect and protect the machines from external malicious events over the Internet.
Identify the PCI-DSS requirement followed by Myles in the above scenario.
A. PCI-DSS requirement no 1.3.2
B. PCI-DSS requirement no 1.3.5
C. PCI-DSS requirement no 5.1
D. PCI-DSS requirement no 1.3.1
Correct Answer: C
Explanation: The correct answer is C, as it identifies the PCI-DSS requirement followed by Myles in the above scenario. PCI-DSS is a set of standards that aims to protect cardholder data and ensure secure payment transactions. PCI-DSS has 12 requirements that cover various aspects of security such as network configuration, data encryption, access control, vulnerability management, monitoring, and testing. PCI-DSS requirement no 5.1 states that "Protect all systems against malware and regularly update anti-virus software or programs". In the above scenario, Myles followed this requirement by installing antivirus software on each laptop to detect and protect the machines from external malicious events over the Internet. Option A is incorrect, as it does not identify the PCI-DSS requirement followed by Myles in the above scenario. PCI-DSS requirement no 1.3.2 states that "Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet". In the above scenario, Myles did not follow this requirement, as there was no mention of outbound traffic or cardholder data environment. Option B is incorrect, as it does not identify the PCI-DSS requirement followed by Myles in the above scenario. PCI-DSS requirement no 1.3.5 states that "Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment". In the above scenario, Myles did not follow this requirement, as there was no mention of inbound or outbound traffic or cardholder data environment. Option D is incorrect, as it does not identify the PCI-DSS requirement followed by Myles in the above scenario. PCI-DSS requirement no
1.3.1 states that "Implement a firewall configuration that restricts connections between publicly accessible servers and any system component storing cardholder data". In the above scenario, Myles did not follow this requirement, as there was no mention of firewall configuration or publicly accessible servers or system components storing cardholder data. References: Section 5.2
Question 20:
Zayn, a network specialist at an organization, used Wireshark to perform network analysis. He selected a Wireshark menu that provided a summary ol captured packets, IO graphs, and flow graphs. Identify the Wireshark menu selected by Zayn in this scenario.
A. Status bar
B. Analyze
C. Statistics
D. Packet list panel
Correct Answer: C
Explanation: Statistics is the Wireshark menu selected by Zayn in this scenario. Statistics is a Wireshark menu that provides a summary of captured packets, IO graphs, and flow graphs. Statistics can be used to analyze various aspects of network traffic, such as protocols, endpoints, conversations, or packet lengths3. References: Wireshark Statistics Menu
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-82 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.