EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 441:

  _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

  A. Trojan

  B. RootKit

  C. DoS tool

  D. Scanner

  E. Backdoor

  Correct Answer: B

• Question 442:

  Which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

  A. intrusion detection system

  B. Honeypot

  C. Botnet

  D. Firewall

  Correct Answer: B

  A honeypot may be a trap that an IT pro lays for a malicious hacker, hoping that they will interact with it during a way that gives useful intelligence. It's one among the oldest security measures in IT, but beware: luring hackers onto your network, even on an isolated system, are often a dangerous game.honeypot may be a good starting place: "A honeypot may be a computer or computing system intended to mimic likely targets of cyberattacks." Often a honeypot are going to be deliberately configured with known vulnerabilities in situation to form a more tempting or obvious target for attackers. A honeypot won't contain production data or participate in legitimate traffic on your network -- that's how you'll tell anything happening within it's a results of an attack. If someone's stopping by, they're up to no good.That definition covers a various array of systems, from bare-bones virtual machines that only offer a couple of vulnerable systems to ornately constructed fake networks spanning multiple servers. and therefore the goals of these who build honeypots can vary widely also , starting from defense thorough to academic research. additionally , there's now an entire marketing category of deception technology that, while not meeting the strict definition of a honeypot, is certainly within the same family. But we'll get thereto during a moment.honeypots aim to permit close analysis of how hackers do their dirty work. The team controlling the honeypot can watch the techniques hackers use to infiltrate systems, escalate privileges, and otherwise run amok through target networks. These sorts of honeypots are found out by security companies, academics, and government agencies looking to look at the threat landscape. Their creators could also be curious about learning what kind of attacks are out there, getting details on how specific sorts of attacks work, or maybe trying to lure a specific hackers within the hopes of tracing the attack back to its source. These systems are often inbuilt fully isolated lab environments, which ensures that any breaches don't end in non-honeypot machines falling prey to attacks.Production honeypots, on the opposite hand, are usually deployed in proximity to some organization's production infrastructure, though measures are taken to isolate it the maximum amount as possible. These honeypots often serve both as bait to distract hackers who could also be trying to interrupt into that organization's network, keeping them faraway from valuable data or services; they will also function a canary within the coalpit , indicating that attacks are underway and are a minimum of partially succeeding.

• Question 443:

  What is not a PCI compliance recommendation?

  A. Use a firewall between the public network and the payment card data.

  B. Use encryption to protect all transmission of card holder data over any public network.

  C. Rotate employees handling credit card transactions on a yearly basis to different departments.

  D. Limit access to card holder data to as few individuals as possible.

  Correct Answer: C

  https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security Build and Maintain a Secure Network

  1.

  Install and maintain a firewall configuration to protect cardholder data.

  2.

  Do not use vendor-supplied defaults for system passwords and other security parameters. Protect Cardholder Data

  3.

  Protect stored cardholder data.

  4.

  Encrypt transmission of cardholder data across open, public networks. Maintain a Vulnerability Management Program

  5.

  Use and regularly update anti-virus software or programs.

  6.

  Develop and maintain secure systems and applications. Implement Strong Access Control Measures

  7.

  Restrict access to cardholder data by business need-to-know.

  8.

  Assign a unique ID to each person with computer access.

  9.

  Restrict physical access to cardholder data. Regularly Monitor and Test Networks

  10.

  Track and monitor all access to network resources and cardholder data.

  11.

  Regularly test security systems and processes. Maintain an Information Security Policy

  12.

  Maintain a policy that addresses information security for employees and contractors.

• Question 444:

  Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

  A. Zero trust network

  B. Transport Layer Security (TLS)

  C. Secure Socket Layer (SSL)

  D. Web of trust (WOT)

  Correct Answer: D

• Question 445:

  Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

  A. Linux

  B. Unix

  C. OS X

  D. Windows

  Correct Answer: D

• Question 446:

  Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

  

  In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

  A. Switch then acts as hub by broadcasting packets to all machines on the network

  B. The CAM overflow table will cause the switch to crash causing Denial of Service

  C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

  D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

  Correct Answer: A

• Question 447:

  When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

  A. http-methods

  B. http enum

  C. http-headers

  D. http-git

  Correct Answer: A

• Question 448:

  What is the role of test automation in security testing?

  A. It is an option but it tends to be very expensive.

  B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

  C. Test automation is not usable in security due to the complexity of the tests.

  D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

  Correct Answer: D

• Question 449:

  You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page. What Is the best Linux pipe to achieve your milestone?

  A. dirb https://site.com | grep "site"

  B. curl -s https://sile.com | grep `'< a href-\'http" | grep "Site-com- | cut -d "V" -f 2

  C. wget https://stte.com | grep "< a href=\*http" | grep "site.com"

  D. wgethttps://site.com | cut-d"http-

  Correct Answer: C

• Question 450:

  What tool can crack Windows SMB passwords simply by listening to network traffic?

  A. This is not possible

  B. Netbus

  C. NTFSDOS

  D. L0phtcrack

  Correct Answer: D