EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 131:

  Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?

  A. Evil twin attack

  B. DNS cache flooding

  C. MAC flooding

  D. DDoS attack

  Correct Answer: C

• Question 132:

  CORRECT TEXT

  Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. B/ enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.

  identify the NetBIOS code used for obtaining the messenger service running for the logged- in user?

  A. <1B>

  B. <00>

  C. <03>

  D. <20>

  Correct Answer: C

  <03>Windows Messenger administrationCourier administration is an organization based framework notice Windows administration by Microsoft that was remembered for some prior forms of Microsoft Windows. This resigned innovation, despite the fact that it has a comparable name, isn't connected in any capacity to the later, Internet-based Microsoft Messenger administration for texting or to Windows Messenger and Windows Live Messenger (earlier named MSN Messenger) customer programming. The Messenger Service was initially intended for use by framework managers to tell Windows clients about their networks.[1] It has been utilized malevolently to introduce spring up commercials to clients over the Internet (by utilizing mass- informing frameworks which sent an ideal message to a predetermined scope of IP addresses). Despite the fact that Windows XP incorporates a firewall, it isn't empowered naturally. Along these lines, numerous clients got such messages. Because of this maltreatment, the Messenger Service has been debilitated as a matter of course in Windows XP Service Pack 2.

• Question 133:

  Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

  Which of the following design flaws in the authentication mechanism is exploited by Calvin?

  A. Insecure transmission of credentials

  B. Verbose failure messages

  C. User impersonation

  D. Password reset mechanism

  Correct Answer: D

• Question 134:

  In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

  A. Privilege Escalation

  B. Shoulder-Surfing

  C. Hacking Active Directory

  D. Port Scanning

  Correct Answer: A

• Question 135:

  Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregory uses a tool to test for any security loopholes by hijacking a session between a client and server. This tool has a feature of intercepting proxy that can be used to inspect and modify the traffic between the browser and target application. This tool can also perform customized attacks and can be used to test the randomness of session tokens. Which of the following tools is used by Gregory in the above scenario?

  A. Nmap

  B. Burp Suite

  C. CxSAST

  D. Wireshark

  Correct Answer: B

• Question 136:

  Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network.

  Which of the following host discovery techniques must he use to perform the given task?

  A. UDP scan

  B. TCP Maimon scan

  C. arp ping scan

  D. ACK flag probe scan

  Correct Answer: C

  One of the most common Nmap usage scenarios is scanning an Ethernet LAN. Most LANs, especially those that use the private address range granted by RFC 1918, do not always use the overwhelming majority of IP addresses. When Nmap attempts to send a raw IP packet, such as an ICMP echo request, the OS must determine a destination hardware (ARP) address, such as the target IP, so that the Ethernet frame can be properly addressed. .. This is required to issue a series of ARP requests. This is best illustrated by an example where a ping scan is attempted against an Area Ethernet host. The -send-ip option tells Nmap to send IP-level packets (rather than raw Ethernet), even on area networks. The Wireshark output of the three ARP requests and their timing have been pasted into the session. Raw IP ping scan example for offline targetsThis example took quite a couple of seconds to finish because the (Linux) OS sent three ARP requests at 1 second intervals before abandoning the host. Waiting for a few seconds is excessive, as long as the ARP response usually arrives within a few milliseconds. Reducing this timeout period is not a priority for OS vendors, as the overwhelming majority of packets are sent to the host that actually exists. Nmap, on the other hand, needs to send packets to 16 million IP s given a target like 10.0.0.0/8. Many targets are pinged in parallel, but waiting 2 seconds each is very delayed. There is another problem with raw IP ping scans on the LAN. If the destination host turns out to be unresponsive, as in the previous example, the source host usually adds an incomplete entry for that destination IP to the kernel ARP table. ARP tablespaces are finite and some operating systems become unresponsive when full. If Nmap is used in rawIP mode (-send-ip), Nmap may have to wait a few minutes for the ARP cache entry to expire before continuing host discovery. ARP scans solve both problems by giving Nmap the highest priority. Nmap issues raw ARP requests and handles retransmissions and timeout periods in its sole discretion. The system ARP cache is bypassed. The example shows the difference. This ARP scan takes just over a tenth of the time it takes for an equivalent IP.

  Example b ARP ping scan of offline target In example b, neither the -PR option nor the -send-eth option has any effect. This is often because ARP has a default scan type on the Area Ethernet network when scanning Ethernet hosts that Nmap discovers. This includes traditional wired Ethernet as 802.11 wireless networks. As mentioned above, ARP scanning is not only more efficient, but also more accurate. Hosts frequently block IP-based ping packets, but usually cannot block ARP requests or responses and communicate over the network.Nmap uses ARP instead of all targets on equivalent targets, even if different ping types (such as -PE and -PS) are specified. LAN.. If you do not need to attempt an ARP scan at all, specify end-ip as shown in Example a "Raw IP Ping Scan for Offline Targets".

  

  If you give Nmap control to send raw Ethernet frames, Nmap can also adjust the source MAC address. If you have the only PowerBook in your security conference room and a large ARP scan is initiated from an Apple-registered MAC address, your head may turn to you. Use the -spoof-mac option to spoof the MAC address as described in the MAC Address Spoofing section.

• Question 137:

  Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

  A. MITM attack

  B. Birthday attack

  C. DDoS attack

  D. Password attack

  Correct Answer: C

• Question 138:

  Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

  A.SOA

  B. biometrics

  C. single sign on

  D. PKI

  Correct Answer: D

• Question 139:

  An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

  What is the most likely cause?

  A. The network devices are not all synchronized.

  B. Proper chain of custody was not observed while collecting the logs.

  C. The attacker altered or erased events from the logs.

  D. The security breach was a false positive.

  Correct Answer: A

• Question 140:

  A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

  Which cryptography attack is the student attempting?

  A. Man-in-the-middle attack

  B. Brute-force attack

  C. Dictionary attack

  D. Session hijacking

  Correct Answer: C