EC-COUNCIL EC-COUNCIL Certifications 212-82 Questions & Answers

• Question 71:

  A software company has implemented a wireless technology to track the employees' attendance by recording their in and out timings. Each employee in the company will have an entry card that is embedded with a tag. Whenever an employee enters the office premises, he/she is required to swipe the card at the entrance. The wireless technology uses radio-frequency electromagnetic waves to transfer data for automatic identification and for tracking tags attached to objects.

  Which of the following technologies has the software company implemented in the above scenario?

  A. WiMAX

  B. RFID

  C. Bluetooth

  D. Wi-Fi

  Correct Answer: B

  Explanation: RFID (Radio Frequency Identification) is the wireless technology that the software company has implemented in the above scenario. RFID uses radio-frequency electromagnetic waves to transfer data for automatic identification and for tracking tags attached to objects1112. WiMAX (Worldwide Interoperability for Microwave Access) is a wireless technology that provides high-speed broadband access over long distances13. Bluetooth is a wireless technology that enables short-range data communication between devices, such as phones, laptops, printers, etc.14. Wi-Fi (Wireless Fidelity) is a wireless technology that allows devices to connect to a local area network or the internet using radio waves

• Question 72:

  You are Harris working for a web development company. You have been assigned to perform a task for vulnerability assessment on the given IP address 20.20.10.26. Select the vulnerability that may affect the website according to the severity factor.

  Hint: Greenbone web credentials: admin/password

  A. TCP timestamps

  B. Anonymous FTP Login Reporting

  C. FTP Unencrypted Cleartext Login

  D. UDP timestamps

  Correct Answer: C

  Explanation: FTP Unencrypted Cleartext Login is the vulnerability that may affect the website according to the severity factor in the above scenario. A vulnerability is a weakness or flaw in a system or network that can be exploited by an

  attacker to compromise its security or functionality. A vulnerability assessment is a process that involves identifying, analyzing, and evaluating vulnerabilities in a system or network using various tools and techniques. Greenbone is a tool that

  can perform vulnerability assessment on various targets using various tests and scans. To perform a vulnerability assessment on the given IP address 20.20.10.26, one has to follow these steps:

  Open a web browser and type 20.20.10.26:9392

  Press Enter key to access the Greenbone web interface.

  Enter admin as username and password as password.

  Click on Login button.

  Click on Scans menu and select Tasks option.

  Click on Start Scan icon next to IP Address Scan task. Wait for the scan to complete and click on Report icon next to IP Address Scan task.

  Observe the vulnerabilities found by the scan.

  The vulnerabilities found by the scan are:

  

  The vulnerability that may affect the website according to the severity factor is FTP Unencrypted Cleartext Login, which has a medium severity level. FTP Unencrypted Cleartext Login is a vulnerability that allows an attacker to intercept or sniff FTP login credentials that are sent in cleartext over an unencrypted connection. An attacker can use these credentials to access or modify files or data on the FTP server. TCP timestamps and UDP timestamps are vulnerabilities that allow an attacker to estimate the uptime of a system or network by analyzing the timestamp values in TCP or UDP packets. Anonymous FTP Login Reporting is a vulnerability that allows an attacker to access an FTP server anonymously without providing any username or password.

• Question 73:

  In an organization, all the servers and database systems are guarded in a sealed room with a single-entry point. The entrance is protected with a physical lock system that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs.

  Which of the following types of physical locks is used by the organization in the above scenario?

  A. Digital locks

  B. Combination locks

  C. Mechanical locks

  D. Electromagnetic locks

  Correct Answer: B

  Explanation: It identifies the type of physical lock used by the organization in the above scenario. A physical lock is a device that prevents unauthorized access to a door, gate, cabinet, or other enclosure by using a mechanism that requires a key, code, or biometric factor to open or close it. There are different types of physical locks, such as: Combination lock: This type of lock requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs. This type of lock is suitable for securing safes, lockers, or cabinets that store valuable items or documents. Digital lock: This type of lock requires entering a numeric or alphanumeric code by using a keypad or touchscreen. This type of lock is suitable for securing doors or gates that require frequent access or multiple users. Mechanical lock: This type of lock requires inserting and turning a metal key that matches the shape and size of the lock. This type of lock is suitable for securing doors or gates that require simple and reliable access or single users. Electromagnetic lock: This type of lock requires applying an electric current to a magnet that attracts a metal plate attached to the door or gate. This type of lock is suitable for securing doors or gates that require remote control or integration with other security systems. In the above scenario, the organization used a combination lock that requires typing a sequence of numbers and letters by using a rotating dial that intermingles with several other rotating discs. Option A is incorrect, as it does not identify the type of physical lock used by the organization in the above scenario. A digital lock requires entering a numeric or alphanumeric code by using a keypad or touchscreen. In the above scenario, the organization did not use a digital lock, but a combination lock. Option C is incorrect, as it does not identify the type of physical lock used by the organization in the above scenario. A mechanical lock requires inserting and turning a metal key that matches the shape and size of the lock. In the above scenario, the organization did not use a mechanical lock, but a combination lock. Option D is incorrect, as it does not identify the type of physical lock used by the organization in the above scenario. An electromagnetic lock requires applying an electric current to a magnet that attracts a metal plate attached to the door or gate. In the above scenario, the organization did not use an electromagnetic lock, but a combination lock. References: , Section 7.2

• Question 74:

  Alex, a certified security professional, works for both aggressor and defender teams. His team's main responsibility involves enhancing protection and boosting the security standards of the organization. Identify Alex's team in this scenario.

  A. White team

  B. Purple learn

  C. Blue team

  D. Red team

  Correct Answer: B

  Explanation: Purple team is the team that Alex works for in this scenario. A team is a group of people that work together to achieve a common goal or objective. A team can have different types based on its role or function in an organization or a project. A purple team is a type of team that works for both aggressor and defender teams. A purple team can be used to enhance protection and boost the security standards of an organization by performing various tasks, such as testing, evaluating, improving, or integrating the security measures implemented by the defender team or exploited by the aggressor team. In the scenario, Alex is a certified security professional who works for both aggressor and defender teams. His team's main responsibility involves enhancing protection and boosting the security standards of the organization. This means that he works for a purple team. A white team is a type of team that acts as an observer or an arbitrator between the aggressor and defender teams. A white team can be used to monitor, evaluate, or adjudicate the performance or outcome of the aggressor and defender teams by providing feedback, guidance, or rules. A blue team is a type of team that acts as a defender or a protector of an organization's network or system. A blue team can be used to prevent, detect, or respond to attacks from external or internal threats by implementing various security measures, such as firewalls, antivirus, encryption, etc. A red team is a type of team that acts as an attacker or an adversary of an organization's network or system. A red team can be used to simulate realistic attacks from external or internal threats by exploiting various vulnerabilities, weaknesses, or gaps in the organization's security posture.

• Question 75:

  A company decided to implement the cloud infrastructure within its corporate firewall 10 secure sensitive data from external access. The company invested heavily in creating a cloud architecture within its premises to manage full control over its corporate data. Which of the following types of cloud deployment models did the company implement in this scenario?

  A. Multi cloud

  B. Public cloud

  C. Private cloud

  D. Community cloud

  Correct Answer: C

  Explanation: Private cloud is the type of cloud deployment model that the company implemented in this scenario. Cloud computing is a model that provides on-demand access to shared and scalable computing resources, such as servers, storage, networks, applications, etc., over the internet or a network. Cloud computing can have different types based on its service or deployment model. A cloud deployment model defines how and where the cloud infrastructure and services are hosted and accessed . A cloud deployment model can have different types, such as public cloud, private cloud, hybrid cloud, community cloud, etc. A private cloud is a type of cloud deployment model that provides exclusive access to cloud infrastructure and services to a single organization or entity . A private cloud can be hosted within or outside the organization's premises and managed by the organization or a third-party provider . A private cloud can be used to secure sensitive data from external access and maintain full control over the corporate data . In the scenario, the company decided to implement the cloud infrastructure within its corporate firewall to secure sensitive data from external access. The company invested heavily in creating a cloud architecture within its premises to manage full control over its corporate data. This means that the company implemented a private cloud for this purpose. A multi- cloud is not a type of cloud deployment model, but a term that describes a strategy that uses multiple public or private clouds from different providers for different purposes or functions . A public cloud is a type of cloud deployment model that provides open access to cloud infrastructure and services to multiple organizations or entities over the internet . A public cloud can be hosted and managed by a third-party provider that owns and operates the cloud infrastructure and services . A community cloud is a type of cloud deployment model that provides shared access to cloud infrastructure and services to multiple organizations or entities that have common interests or goals

• Question 76:

  Steve, a network engineer, was tasked with troubleshooting a network issue that is causing unexpected packet drops. For this purpose, he employed a network troubleshooting utility to capture the ICMP echo request packets sent to the server. He identified that certain packets are dropped at the gateway due to poor network connection.

  Identify the network troubleshooting utility employed by Steve in the above scenario.

  A. dnsenurn

  B. arp

  C. traceroute

  D. ipconfig

  Correct Answer: C

  Explanation: Traceroute is the network troubleshooting utility employed by Steve in the above scenario. Traceroute is a utility that traces the route of packets from a source host to a destination host over a network. Traceroute sends ICMP echo request packets with increasing TTL (Time to Live) values and records the ICMP echo reply packets from each intermediate router or gateway along the path. Traceroute can help identify the network hops, latency, and packet loss between the source and destination hosts . Dnsenum is a utility that enumerates DNS information from a domain name or an IP address. Arp is a utility that displays and modifies the ARP (Address Resolution Protocol) cache of a host. Ipconfig is a utility that displays and configures the IP (Internet Protocol) settings of a host.

• Question 77:

  Identify a machine in the network with 5SH service enabled. Initiate an SSH Connection to the machine, find the file, ttag.txt. in the machine, and enter the tile's content as the answer. The credentials tor SSH login are sam/adm(admin@123.

  A. sam@bob

  B. bob2@sam

  C. sam2@bob D. bobt@sam

  Correct Answer: D

  Explanation: bob1@sam is the file's content as the answer. To find the machine with SSH service enabled, one can use a network scanning tool such as Nmap to scan the network for port 22, which is the default port for SSH. For example, the command nmap -p 22 192.168.0.0/24 will scan the network range 192.168.0.0/24 for port 22 and display the results2. To initiate an SSH connection to the machine, one can use a command-line tool such as ssh or an SSH client such as PuTTY to connect to the machine using the credentials sam/admin@123. For example, the command ssh [email protected] will connect to the machine with IP address 192.168.0.10 using the username sam and prompt for the password admin@1233. To find the file flag.txt in the machine, one can use a file searching tool such as find or locate to search for the file name in the machine's file system. For example, the command find / -name flag.txt will search for the file flag.txt from the root directory (/) and display its location4. To enter the file's content as the answer, one can use a file viewing tool such as cat or less to display the content of the file flag.txt. For example, the command cat /home/sam/flag.txt will display the content of the file flag.txt located in /home/sam/ directory5. The screenshot below shows an example of performing these steps: ![Screenshot of performing these steps] References: Nmap Tutorial, SSH Tutorial, Find Command Tutorial, Cat Command Tutorial, [Screenshot of performing these steps]

• Question 78:

  Rickson, a security professional at an organization, was instructed to establish short-range communication between devices within a range of 10 cm. For this purpose, he used a mobile connection method that employs electromagnetic induction to enable communication between devices. The mobile connection method selected by Rickson can also read RFID tags and establish Bluetooth connections with nearby devices to exchange information such as images and contact lists.

  Which of the following mobile connection methods has Rickson used in above scenario?

  A. NFC

  B. Satcom

  C. Cellular communication

  D. ANT

  Correct Answer: A

  Explanation: NFC (Near Field Communication) is the mobile connection method that Rickson has used in the above scenario. NFC is a short-range wireless communication technology that enables devices to exchange data within a range of 10 cm. NFC employs electromagnetic induction to create a radio frequency field between two devices. NFC can also read RFID tags and establish Bluetooth connections with nearby devices to exchange information such as images and contact lists . Satcom (Satellite Communication) is a mobile connection method that uses satellites orbiting the earth to provide communication services over long distances. Cellular communication is a mobile connection method that uses cellular networks to provide voice and data services over wireless devices. ANT is a low-power wireless communication technology that enables devices to create personal area networks and exchange data over short distances.

• Question 79:

  Andre, a security professional, was tasked with segregating the employees' names, phone numbers, and credit card numbers before sharing the database with clients. For this purpose, he implemented a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#).

  Which of the following techniques was employed by Andre in the above scenario?

  A. Tokenization

  B. Masking

  C. Hashing

  D. Bucketing

  Correct Answer: B

  Explanation: Masking is the technique that Andre employed in the above scenario. Masking is a deidentification technique that can replace the critical information in database fields with special characters such as asterisks (*) and hashes (#). Masking can help protect sensitive data from unauthorized access or disclosure, while preserving the format and structure of the original data . Tokenization is a deidentification technique that can replace the critical information in database fields with random tokens that have no meaning or relation to the original data. Hashing is a deidentification technique that can transform the critical information in database fields into fixed-length strings using a mathematical function. Bucketing is a deidentification technique that can group the critical information in database fields into ranges or categories based on certain criteria.

• Question 80:

  An loT device placed in a hospital for safety measures has sent an alert to the server. The network traffic has been captured and stored in the Documents folder of the "Attacker Machine-1". Analyze the loTdeviceTraffic.pcapng file and identify the command the loT device sent over the network.

  A. Tempe_Low

  B. Low_Tem p e

  C. High_Tcmpe

  D. Temp_High

  Correct Answer: D

  Explanation: The loT device sent the command Temp_High over the network, which indicates that the temperature in the hospital was above the threshold level. This can be verified by analyzing the loTdeviceTraffic.pcapng file using a network protocol analyzer tool such as Wireshark4. The command Temp_High can be seen in the data field of the UDP packet sent from the loT device (192.168.0.10) to the server (192.168.0.1) at 12:00:03. The screenshot below shows the packet details5: References: Wireshark User's Guide, [loTdeviceTraffic.pcapng]