EC-COUNCIL EC-COUNCIL Certifications 212-82 Questions & Answers

• Question 41:

  A startup firm contains various devices connected to a wireless network across the floor. An AP with Internet connectivity is placed in a corner to allow wireless communication between devices. To support new devices connected to the network beyond the APS range, an administrator used a network device that extended the signals of the wireless AP and transmitted it to uncovered area, identify the network component employed by the administrator to extend signals in this scenario.

  A. Wireless repeater

  B. Wireless bridge

  C. wireless modem

  D. Wireless router

  Correct Answer: A

  Explanation: Wireless repeater is the network component employed by the administrator to extend signals in this scenario. A wireless network is a type of network that uses radio waves or infrared signals to transmit data between devices without using cables or wires. A wireless network can consist of various components, such as wireless access points (APs), wireless routers, wireless adapters, wireless bridges, wireless repeaters, etc. A wireless repeater is a network component that extends the range or coverage of a wireless signal by receiving it from an AP or another repeater and retransmitting it to another area . A wireless repeater can be used to support new devices connected to the network beyond the AP's range . In the scenario, a startup firm contains various devices connected to a wireless network across the floor. An AP with internet connectivity is placed in a corner to allow wireless communication between devices. To support new devices connected to the network beyond the AP's range, an administrator used a network component that extended the signals of the wireless AP and transmitted it to the uncovered area. This means that he used a wireless repeater for this purpose. A wireless bridge is a network component that connects two or more wired or wireless networks or segments together . A wireless bridge can be used to expand the network or share resources between networks . A wireless modem is a network component that modulates and demodulates wireless signals to enable data transmission over a network . A wireless modem can be used to provide internet access to devices via a cellular network or a satellite network . A wireless router is a network component that performs the functions of both a wireless AP and a router . A wireless router can be used to create a wireless network and connect it to another network, such as the internet

• Question 42:

  Desmond, a forensic officer, was investigating a compromised machine involved in various online attacks. For this purpose. Desmond employed a forensic tool to extract and analyze computer-based evidence to retrieve information related to websites accessed from the victim machine. Identify the computer-created evidence retrieved by Desmond in this scenario.

  A. Cookies

  B. Documents

  C. Address books

  D. Compressed files

  Correct Answer: A

  Explanation: Cookies are the computer-created evidence retrieved by Desmond in this scenario. Cookies are small files that are stored on a user's computer by a web browser when the user visits a website. Cookies can contain information such as user preferences, login details, browsing history, or tracking data. Cookies can be used to extract and analyze computer-based evidence to retrieve information related to websites accessed from the victim machine2. References: Cookies

• Question 43:

  Riley sent a secret message to Louis. Before sending the message, Riley digitally signed the message using his private key. Louis received the message, verified the digital signature using the corresponding key to ensure that the message was not tampered during transit.

  Which of the following keys did Louis use to verify the digital signature in the above scenario?

  A. Riley's public key

  B. Louis's public key

  C. Riley's private key

  D. Louis's private key

  Correct Answer: A

  Explanation: Riley's public key is the key that Louis used to verify the digital signature in the above scenario. A digital signature is a cryptographic technique that verifies the authenticity and integrity of a message or document. A digital signature is created by applying a hash function to the message or document and then encrypting the hash value with the sender's private key. A digital signature can be verified by decrypting the hash value with the sender's public key and comparing it with the hash value of the original message or document . Riley's public key is the key that corresponds to Riley's private key, which he used to sign the message. Louis's public key is the key that corresponds to Louis's private key, which he may use to encrypt or decrypt messages with Riley. Louis's private key is the key that only Louis knows and can use to sign or decrypt messages. Riley's private key is the key that only Riley knows and can use to sign or encrypt messages.

• Question 44:

  Wilson, a security specialist in an organization, was instructed to enhance its cloud network security. To achieve this, Wilson deployed a network routing solution that established and managed communication between the on-premises consumer network and VPCs via a centralized unit. Identity the method used by Wilson to achieve cloud network security in this scenario.

  A. Virtual private cloud (VPC)

  B. Public and private subnets

  C. Transit gateways

  D. VPC endpoint

  Correct Answer: C

  Explanation: Transit gateways are the method used by Wilson to achieve cloud network security in this scenario. Cloud network security is a branch of cybersecurity that focuses on protecting and securing the network infrastructure and traffic in a cloud environment. Cloud network security can involve various methods or techniques, such as encryption, firewall, VPN, IDS/IPS, etc. Transit gateways are a method of cloud network security that provide a network routing solution that establishes and manages communication between on-premises consumer networks and VPCs (Virtual Private Clouds) via a centralized unit . Transit gateways can be used to simplify and secure the connectivity between different networks or VPCs in a cloud environment . In the scenario, Wilson was instructed to enhance its cloud network security. To achieve this, Wilson deployed a network routing solution that established and managed communication between the on-premises consumer network and VPCs via a centralized unit. This means that he used transit gateways for this purpose. A virtual private cloud (VPC) is not a method of cloud network security, but a term that describes an isolated and private section of a public cloud that provides exclusive access to cloud resources to a single organization or entity . A VPC can be used to create and configure virtual networks in a cloud environment . Public and private subnets are not methods of cloud network security, but terms that describe segments of a VPC that have different levels of accessibility or visibility . A public subnet is a segment of a VPC that can be accessed from the internet or other networks . A private subnet is a segment of a VPC that cannot be accessed from the internet or other networks . A VPC endpoint is not a method of cloud network security, but a term that describes an interface that allows private connectivity between a VPC and other AWS (Amazon Web Services) services or resources .

• Question 45:

  Miguel, a professional hacker, targeted an organization to gain illegitimate access to its critical information. He identified a flaw in the end-point communication that can disclose the target application's data.

  Which of the following secure application design principles was not met by the application in the above scenario?

  A. Secure the weakest link

  B. Do not trust user input

  C. Exception handling

  D. Fault tolerance

  Correct Answer: C

  Explanation: Exception handling is a secure application design principle that states that the application should handle errors and exceptions gracefully and securely, without exposing sensitive information or compromising the system's functionality. Exception handling can help prevent attackers from exploiting errors or exceptions to gain access to data or resources or cause denial-of-service attacks. In the scenario, Miguel identified a flaw in the end-point communication that can disclose the target application's data, which means that the application did not meet the exception handling principle.

• Question 46:

  Matias, a network security administrator at an organization, was tasked with the implementation of secure wireless network encryption for their network. For this purpose, Matias employed a security solution that uses 256-bit Galois/Counter Mode Protocol (GCMP-256) to maintain the authenticity and confidentiality of data.

  Identify the type of wireless encryption used by the security solution employed by Matias in the above scenario.

  A. WPA2 encryption

  B. WPA3 encryption

  C. WEP encryption

  D. WPA encryption

  Correct Answer: B

  Explanation: WPA3 encryption is the type of wireless encryption used by the security solution employed by Matias in the above scenario. WPA3 encryption is the latest and most secure version of Wi-Fi Protected Access, a protocol that provides authentication and encryption for wireless networks. WPA3 encryption uses 256-bit Galois/Counter Mode Protocol (GCMP-256) to maintain the authenticity and confidentiality of data. WPA3 encryption also provides enhanced protection against offline dictionary attacks, forward secrecy, and secure public Wi-Fi access . WPA2 encryption is the previous version of Wi-Fi Protected Access, which uses Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP) for data encryption. WEP encryption is an outdated and insecure version of Wi-Fi security, which uses RC4 stream cipher for data encryption. WPA encryption is an intermediate version of Wi-Fi security, which uses TKIP for data encryption.

• Question 47:

  Elliott, a security professional, was tasked with implementing and deploying firewalls in the corporate network of an organization. After planning and deploying firewalls in the network, Elliott monitored the firewall logs to

  detect evolving threats And attacks; this helped in ensuring firewall security and addressing network issues beforehand.

  in which of the following phases of firewall implementation and deployment did Elliott monitor the firewall logs?

  A. Deploying

  B. Managing and maintaining

  C. Testing

  D. Configuring

  Correct Answer: B

  Explanation: Managing and maintaining is the phase of firewall implementation and deployment in which Elliott monitored the firewall logs in the above scenario. A firewall is a system or device that controls and filters the incoming and outgoing traffic between different networks or systems based on predefined rules or policies. A firewall can be used to protect a network or system from unauthorized access, use, disclosure, modification, or destruction . Firewall implementation and deployment is a process that involves planning, installing, configuring, testing, managing, and maintaining firewalls in a network or system . Managing and maintaining is the phase of firewall implementation and deployment that involves monitoring and reviewing the performance and effectiveness of firewalls over time . Managing and maintaining can include tasks such as updating firewall rules or policies, analyzing firewall logs , detecting evolving threats or attacks , ensuring firewall security , addressing network issues , etc. In the scenario, Elliott was tasked with implementing and deploying firewalls in the corporate network of an organization. After planning and deploying firewalls in the network, Elliott monitored the firewall logs to detect evolving threats and attacks; this helped in ensuring firewall security and addressing network issues beforehand. This means that he performed managing and maintaining phase for this purpose. Deploying is the phase of firewall implementation and deployment that involves installing and activating firewalls in the network or system according to the plan. Testing is the phase of firewall implementation and deployment that involves verifying and validating the functionality and security of firewalls before putting them into operation. Configuring is the phase of firewall implementation and deployment that involves setting up and customizing firewalls according to the requirements and specifications.

• Question 48:

  An FTP server has been hosted in one of the machines in the network. Using Cain and Abel the attacker was able to poison the machine and fetch the FTP credentials used by the admin. You're given a task to validate the credentials that were stolen using Cain and Abel and read the file flag.txt

  A. white@hat

  B. red@hat

  C. hat@red

  D. blue@hat

  Correct Answer: C

  Explanation: hat@red is the FTP credential that was stolen using Cain and Abel in the above scenario. FTP (File Transfer Protocol) is a protocol that allows transferring files between a client and a server over a network. FTP requires a

  username and a password to authenticate the client and grant access to the server . Cain and Abel is a tool that can perform various network attacks, such as ARP poisoning, password cracking, sniffing, etc. Cain and Abel can poison the

  machine and fetch the FTP credentials used by the admin by intercepting and analyzing the network traffic . To validate the credentials that were stolen using Cain and Abel and read the file flag.txt, one has to follow these steps:

  Navigate to the Documents folder of Attacker-1 machine. Double-click on Cain.exe file to launch Cain and Abel tool.

  Click on Sniffer tab.

  Click on Start/Stop Sniffer icon.

  Click on Configure icon.

  Select the network adapter and click on OK button.

  Click on + icon to add hosts to scan.

  Select All hosts in my subnet option and click on OK button.

  Wait for the hosts to appear in the list.

  Right-click on 20.20.10.26 (FTP server) and select Resolve Host Name option.

  Note down the host name as ftpserver.movieabc.com

  Click on Passwords tab.

  Click on + icon to add items to list.

  Select Network Passwords option.

  Select FTP option from Protocol drop-down list.

  Click on OK button.

  Wait for the FTP credentials to appear in the list. Note down the username as hat and the password as red Open a web browser and type ftp://hat:[email protected] Press Enter key to access the FTP server using the stolen

  credentials.

  Navigate to flag.txt file and open it.

  Read the file content.

• Question 49:

  Jordan, a network administrator in an organization, was instructed to identify network- related issues and improve network performance. While troubleshooting the network, he received a message indicating that the datagram could not be forwarded owing to the unavailability of IP-related services (such as FTP or web services) on the target host, which of the following network issues did Jordan find in this scenario?

  A. Time exceeded message

  B. Destination unreachable message

  C. Unreachable networks

  D. Network cable is unplugged

  Correct Answer: B

  Explanation: Destination unreachable message is the network issue that Jordan found in this scenario. Destination unreachable message is a type of ICMP message that indicates that the datagram could not be forwarded owing to the unavailability of IP-related services (such as FTP or web services) on the target host. Destination unreachable message can be caused by various reasons, such as incorrect routing, firewall blocking, or host configuration problems1. References: Destination Unreachable Message

• Question 50:

  Karter, a security professional, deployed a honeypot on the organization's network for luring attackers who attempt to breach the network. For this purpose, he configured a type of honeypot that simulates a real OS as well as the applications and services of a target network. Furthermore, the honeypot deployed by Karter only responds to pre-configured commands.

  Identify the type of Honeypot deployed by Karter in the above scenario.

  A. Low-interaction honeypot

  B. Pure honeypot

  C. Medium-interaction honeypot

  D. High-interaction honeypot

  Correct Answer: A

  Explanation: A low-interaction honeypot is a type of honeypot that simulates a real OS as well as the applications and services of a target network, but only responds to pre- configured commands. It is designed to capture basic information about the attacker, such as their IP address, tools, and techniques. A low-interaction honeypot is easier to deploy and maintain than a high-interaction honeypot, which fully emulates a real system and allows the attacker to interact with it. A pure honeypot is a real system that is intentionally vulnerable and exposed to attackers. A medium-interaction honeypot is a type of honeypot that offers more functionality and interactivity than a low-interaction honeypot, but less than a high-interaction honeypot.