EC-COUNCIL EC-COUNCIL Certifications 312-50V11 Questions & Answers

• Question 441:

  You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal." You realize that this network uses WPA3 encryption, which of the following vulnerabilities is the promising to exploit?

  A. Dragonblood

  B. Cross-site request forgery

  C. Key reinstallation attack

  D. AP Myconfiguration

  Correct Answer: A

  Dragonblood allows an attacker in range of a password-protected Wi-Fi network to get the password and gain access to sensitive information like user credentials, emails and mastercard numbers. consistent with the published report:"The WPA3 certification aims to secure Wi-Fi networks, and provides several advantages over its predecessor WPA2, like protection against offline dictionary attacks and forward secrecy. Unfortunately, we show that WPA3 is suffering from several design flaws, and analyze these flaws both theoretically and practically. Most prominently, we show that WPA3's Simultaneous Authentication of Equals (SAE) handshake, commonly referred to as Dragonfly, is suffering from password partitioning attacks."Our Wi-Fi researchers at WatchGuard are educating businesses globally that WPA3 alone won't stop the Wi-Fi hacks that allow attackers to steal information over the air (learn more in our recent blog post on the topic). These Dragonblood vulnerabilities impact alittle amount of devices that were released with WPA3 support, and makers are currently making patches available. one among the most important takeaways for businesses of all sizes is to know that a long-term fix might not be technically feasible for devices with lightweight processing capabilities like IoT and embedded systems. Businesses got to consider adding products that enable a Trusted Wireless Environment for all kinds of devices and users alike.Recognizing that vulnerabilities like KRACK and Dragonblood require attackers to initiate these attacks by bringing an "Evil Twin" Access Point or a Rogue Access Point into a Wi-Fi environment, we've been that specialize in developing Wi-Fi security solutions that neutralize these threats in order that these attacks can never occur. The Trusted Wireless Environment framework protects against the "Evil Twin" Access Point and Rogue Access Point. one among these hacks is required to initiate the 2 downgrade or side-channel attacks referenced in Dragonblood.What's next? WPA3 is an improvement over WPA2 Wi-Fi encryption protocol, however, as we predicted, it still doesn't provide protection from the six known Wi-Fi threat categories. It's highly likely that we'll see more WPA3 vulnerabilities announced within the near future.To help reduce Wi-Fi vulnerabilities, we're asking all of you to hitch the Trusted Wireless Environment movement and advocate for a worldwide security standard for Wi-Fi.

• Question 442:

  in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

  A. 3.0-6.9

  B. 40-6.0

  C. 4.0-6.9

  D. 3.9-6.9

  Correct Answer: C

• Question 443:

  Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

  A. VoIP footprinting

  B. VPN footprinting

  C. Whois footprinting

  D. Email footprinting

  Correct Answer: C

  WHOIS (pronounced because the phrase who is) may be a query and response protocol and whois footprinting may be a method for glance information about ownership of a website name as following: name details Contact details contain phone no. and email address of the owner Registration date for the name Expire date for the name?name servers

• Question 444:

  Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario?

  A. UDP flood attack

  B. Ping-of-death attack

  C. Spoofed session flood attack

  D. Peer-to-peer attack

  Correct Answer: C

• Question 445:

  Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.

  A. Enumeration

  B. Vulnerability analysis

  C. Malware analysis

  D. Scanning networks

  Correct Answer: D

• Question 446:

  Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP).

  Which of the following is an incorrect definition or characteristics of the protocol?

  A. Exchanges data between web services

  B. Only compatible with the application protocol HTTP

  C. Provides a structured model for messaging

  D. Based on XML

  Correct Answer: B

• Question 447:

  What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd

  A. logs the incoming connections to /etc/passwd file

  B. loads the /etc/passwd file to the UDP port 55555

  C. grabs the /etc/passwd file when connected to UDP port 55555

  D. deletes the /etc/passwd file when connected to the UDP port 55555

  Correct Answer: C

• Question 448:

  A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

  A. Credentialed assessment

  B. Database assessment

  C. Host-based assessment

  D. Distributed assessment

  Correct Answer: C

  The host-based vulnerability assessment (VA) resolution arose from the auditors' got to periodically review systems. Arising before the net becoming common, these tools typically take an "administrator's eye" read of the setting by evaluating all of the knowledge that an administrator has at his or her disposal. UsesHost VA tools verify system configuration, user directories, file systems, registry settings, and all forms of other info on a number to gain information about it. Then, it evaluates the chance of compromise. it should also live compliance to a predefined company policy so as to satisfy an annual audit. With administrator access, the scans area unit less possible to disrupt traditional operations since the computer code has the access it has to see into the complete configuration of the system. What it Measures Host VA tools will examine the native configuration tables and registries to spot not solely apparent vulnerabilities, however additionally "dormant" vulnerabilities ?those weak or misconfigured systems and settings which will be exploited when an initial entry into the setting. Host VA solutions will assess the safety settings of a user account table; the access management lists related to sensitive files or data; and specific levels of trust applied to other systems. The host VA resolution will a lot of accurately verify the extent of the danger by determinant however way any specific exploit could also be ready to get.

• Question 449:

  Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

  A. User-mode rootkit

  B. Library-level rootkit

  C. Kernel-level rootkit

  D. Hypervisor-level rootkit

  Correct Answer: C

• Question 450:

  Which DNS resource record can indicate how long any "DNS poisoning" could last?

  A. MX

  B. SOA

  C. NS

  D. TIMEOUT

  Correct Answer: B