EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 381:

  When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation.

  What command will help you to search files using Google as a search engine?

  A. site: target.com filetype:xls username password email

  B. inurl: target.com filename:xls username password email

  C. domain: target.com archive:xls username password email

  D. site: target.com file:xls username password email

  Correct Answer: A

  If you include site: in your query, Google will restrict your search results to the site or domain you specify. If you include filetype:suffix in your query, Google will restrict the results to pages whose names end in suffix. For example, [ web page evaluation checklist filetype:pdf ] will return Adobe Acrobat pdf files that match the terms "web," "page," "evaluation," and "checklist."

  References: http://www.googleguide.com/advanced_operators_reference.html

• Question 382:

  Your company performs penetration tests and security assessments for small and medium- sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

  What should you do?

  A. Immediately stop work and contact the proper legal authorities.

  B. Copy the data to removable media and keep it in case you need it.

  C. Confront the client in a respectful manner and ask her about the data.

  D. Ignore the data and continue the assessment until completed as agreed.

  Correct Answer: A

• Question 383:

  An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.

  What is this type of attack (that can use either HTTP GET or HTTP POST) called?

  A. Cross-Site Request Forgery

  B. Cross-Site Scripting

  C. SQL Injection

  D. Browser Hacking

  Correct Answer: A

  Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Different HTTP request methods, such as GET and POST, have different level of susceptibility to CSRF attacks and require different levels of protection due to their different handling by web browsers.

  References: https://en.wikipedia.org/wiki/Cross-site_request_forgery

• Question 384:

  When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.

  What proxy tool will help you find web vulnerabilities?

  A. Burpsuite

  B. Maskgen

  C. Dimitry

  D. Proxychains

  Correct Answer: A

  Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

  References: https://portswigger.net/burp/

• Question 385:

  A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

  Based on this information, what should be one of your key recommendations to the bank?

  A. Place a front-end web server in a demilitarized zone that only handles external web traffic

  B. Require all employees to change their passwords immediately

  C. Move the financial data to another server on the same IP subnet

  D. Issue new certificates to the web servers from the root certificate authority

  Correct Answer: A

  A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.

  References: https://en.wikipedia.org/wiki/DMZ_(computing)

• Question 386:

  It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short- range wireless connection.

  Which of the following terms best matches the definition?

  A. Bluetooth

  B. Radio-Frequency Identification

  C. WLAN

  D. InfraRed

  Correct Answer: A

  Bluetooth is a standard for the short-range wireless interconnection of mobile phones, computers, and other electronic devices.

  References: http://www.bbc.co.uk/webwise/guides/about-bluetooth

• Question 387:

  Perspective clients want to see sample reports from previous penetration tests.

  What should you do next?

  A. Decline but, provide references.

  B. Share full reports, not redacted.

  C. Share full reports with redactions.

  D. Share reports, after NDA is signed.

  Correct Answer: A

  Penetration tests data should not be disclosed to third parties.

• Question 388:

  Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

  A. Height and Weight

  B. Voice

  C. Fingerprints

  D. Iris patterns

  Correct Answer: A

  There are two main types of biometric identifiers:

  Examples of physiological characteristics used for biometric authentication include fingerprints; DNA; face, hand, retina or ear features; and odor. Behavioral characteristics are related to the pattern of the behavior of a person, such as typing rhythm, gait, gestures and voice.

  References: http://searchsecurity.techtarget.com/definition/biometrics

• Question 389:

  This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

  Which of the following organizations is being described?

  A. Payment Card Industry (PCI)

  B. Center for Disease Control (CDC)

  C. Institute of Electrical and Electronics Engineers (IEEE)

  D. International Security Industry Organization (ISIO)

  Correct Answer: A

  The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. The PCI DSS standards are very explicit about the requirements for the back end storage and access of PII (personally identifiable information). References: https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

• Question 390:

  Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file is a file named "Court_Notice_21206.docx.exe" disguised as a word document. Upon execution, a window appears stating, "This word document is corrupt." In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.

  What type of malware has Jesse encountered?

  A. Trojan

  B. Worm

  C. Macro Virus

  D. Key-Logger

  Correct Answer: A

  In computing, Trojan horse, or Trojan, is any malicious computer program which is used to hack into a computer by misleading users of its true intent. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.

  References: https://en.wikipedia.org/wiki/Trojan_horse_(computing)