EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 371:

  Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

  A camera captures people walking and identifies the individuals using Steve's approach.

  After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

  A. Although the approach has two phases, it actually implements just one authentication factor

  B. The solution implements the two authentication factors: physical object and physical characteristic

  C. The solution will have a high level of false positives

  D. Biological motion cannot be used to identify people

  Correct Answer: B

• Question 372:

  John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and CandC server. What is the technique employed by John to bypass the firewall?

  A. DNS cache snooping

  B. DNSSEC zone walking

  C. DNS tunneling method

  D. DNS enumeration

  Correct Answer: C

  DNS tunneling may be a method wont to send data over the DNS protocol, a protocol which has never been intended for data transfer. due to that, people tend to overlook it and it's become a well-liked but effective tool in many attacks.Most popular use case for DNS tunneling is obtaining free internet through bypassing captive portals at airports, hotels, or if you are feeling patient the not-so-cheap on the wing Wi-Fi.On those shared internet hotspots HTTP traffic is blocked until a username/password is provided, however DNS traffic is usually still allowed within the background: we will encode our HTTP traffic over DNS and voil? we've internet access.This sounds fun but reality is, browsing anything on DNS tunneling is slow. Like, back to 1998 slow.Another more dangerous use of DNS tunneling would be bypassing network security devices (Firewalls, DLP appliances...) to line up an immediate and unmonitored communications channel on an organisation's network. Possibilities here are endless: Data exfiltration, fixing another penetration testing tool... you name it.To make it even more worrying, there's an outsized amount of easy to use DNS tunneling tools out there.There's even a minimum of one VPN over DNS protocol provider (warning: the planning of the web site is hideous, making me doubt on the legitimacy of it).As a pentester all this is often great, as a network admin not such a lot . How does it work:For those that ignoramus about DNS protocol but still made it here, i feel you deserve a really brief explanation on what DNS does: DNS is sort of a phonebook for the web , it translates URLs (human-friendly language, the person's name), into an IP address (machine-friendly language, the phone number). That helps us remember many websites, same as we will remember many people's names.For those that know what DNS is i might suggest looking here for a fast refresh on DNS protocol, but briefly what you would like to understand is:?A Record: Maps a website name to an IP address.example.com ? 12.34.52.67?NS Record (a.k.a. Nameserver record): Maps a website name to an inventory of DNS servers, just in case our website is hosted in multiple servers.example.com ? server1.example.com, server2.example.comWho is involved in DNS tunneling?? Client. Will launch DNS requests with data in them to a website .?One Domain that we will configure. So DNS servers will redirect its requests to an outlined server of our own.?Server. this is often the defined nameserver which can ultimately receive the DNS requests.The 6 Steps in DNS tunneling (simplified):1. The client encodes data during a DNS request. The way it does this is often by prepending a bit of knowledge within the domain of the request. for instance : mypieceofdata.server1.example.com2. The DNS request goes bent a DNS server.3. The DNS server finds out the A register of your domain with the IP address of your server.4. The request for mypieceofdata.server1.example.com is forwarded to the server.5. The server processes regardless of the mypieceofdata was alleged to do. Let's assume it had been an HTTP request.6. The server replies back over DNS and woop woop, we've got signal.

• Question 373:

  If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

  A. Traceroute

  B. Hping

  C. TCP ping

  D. Broadcast ping

  Correct Answer: B

  https://tools.kali.org/information-gathering/hping3

• Question 374:

  which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

  A. intrusion detection system

  B. Honeypot

  C. Botnet

  D. Firewall

  Correct Answer: B

  A honeypot may be a trap that an IT pro lays for a malicious hacker, hoping that they will interact with it during a way that gives useful intelligence. It's one among the oldest security measures in IT, but beware: luring hackers onto your network, even on an isolated system, are often a dangerous game.honeypot may be a good starting place: "A honeypot may be a computer or computing system intended to mimic likely targets of cyberattacks." Often a honeypot are going to be deliberately configured with known vulnerabilities in situation to form a more tempting or obvious target for attackers. A honeypot won't contain production data or participate in legitimate traffic on your network -- that's how you'll tell anything happening within it's a results of an attack. If someone's stopping by, they're up to no good.That definition covers a various array of systems, from bare-bones virtual machines that only offer a couple of vulnerable systems to ornately constructed fake networks spanning multiple servers. and therefore the goals of these who build honeypots can vary widely also , starting from defense thorough to academic research. additionally , there's now an entire marketing category of deception technology that, while not meeting the strict definition of a honeypot, is certainly within the same family. But we'll get thereto during a moment.honeypots aim to permit close analysis of how hackers do their dirty work. The team controlling the honeypot can watch the techniques hackers use to infiltrate systems, escalate privileges, and otherwise run amok through target networks. These sorts of honeypots are found out by security companies, academics, and government agencies looking to look at the threat landscape. Their creators could also be curious about learning what kind of attacks are out there, getting details on how specific sorts of attacks work, or maybe trying to lure a specific hackers within the hopes of tracing the attack back to its source. These systems are often inbuilt fully isolated lab environments, which ensures that any breaches don't end in non-honeypot machines falling prey to attacks.Production honeypots, on the opposite hand, are usually deployed in proximity to some organization's production infrastructure, though measures are taken to isolate it the maximum amount as possible. These honeypots often serve both as bait to distract hackers who could also be trying to interrupt into that organization's network, keeping them faraway from valuable data or services; they will also function a canary within the coalpit , indicating that attacks are underway and are a minimum of partially succeeding.

• Question 375:

  _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

  A. Trojan

  B. RootKit

  C. DoS tool

  D. Scanner

  E. Backdoor

  Correct Answer: B

• Question 376:

  Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

  

  In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

  A. Switch then acts as hub by broadcasting packets to all machines on the network

  B. The CAM overflow table will cause the switch to crash causing Denial of Service

  C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

  D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

  Correct Answer: A

• Question 377:

  Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

  A. Linux

  B. Unix

  C. OS X

  D. Windows

  Correct Answer: D

• Question 378:

  What is not a PCI compliance recommendation?

  A. Use a firewall between the public network and the payment card data.

  B. Use encryption to protect all transmission of card holder data over any public network.

  C. Rotate employees handling credit card transactions on a yearly basis to different departments.

  D. Limit access to card holder data to as few individuals as possible.

  Correct Answer: C

• Question 379:

  Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

  A. Zero trust network

  B. Transport Layer Security (TLS)

  C. Secure Socket Layer (SSL)

  D. Web of trust (WOT)

  Correct Answer: D

• Question 380:

  Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications.

  He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby

  used this virtual tower to interrupt the data transmission between the user and real tower, attempting to

  hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual

  tower and redirected the victim to a malicious website.

  What is the attack performed by Bobby in the above scenario?

  A. Wardriving

  B. KRACK attack

  C. jamming signal attack

  D. aLTEr attack

  Correct Answer: D