EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 471:

  One of your team members has asked you to analyze the following SOA record.

  What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

  A. 200303028

  B. 3600

  C. 604800

  D. 2400

  E. 60

  F. 4800

  Correct Answer: D

• Question 472:

  Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection?

  A. DMZ

  B. SMB signing

  C. VPN

  D. Switch network

  Correct Answer: C

• Question 473:

  Study the snort rule given below and interpret the rule.

  alert tcp any any --> 192.168.1.0/24 (content:"|00 01 86 a5|"; msG. "mountd access";)

  A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

  B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

  C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

  D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

  Correct Answer: D

• Question 474:

  To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?

  A. Exclamation mark (!)

  B. Underscore (_)

  C. Tilde H

  D. Period (.)

  Correct Answer: D

• Question 475:

  User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

  A. Application

  B. Transport

  C. Session

  D. Presentation

  Correct Answer: D

  https://en.wikipedia.org/wiki/Presentation_layer

  In the seven-layer OSI model of computer networking, the presentation layer is layer 6 and serves as the data translator for the network. It is sometimes called the syntax layer. The presentation layer is responsible for the formatting and delivery of information to the application layer for further processing or display. Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages. Decryption is also handled at the presentation layer. For example, when logging on to bank account sites the presentation layer will decrypt the data as it is received.

• Question 476:

  An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

  A. Product-based solutions

  B. Tree-based assessment

  C. Service-based solutions

  D. inference-based assessment

  Correct Answer: D

  In an inference-based assessment, scanning starts by building an inventory of the protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those relevant tests.

• Question 477:

  You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

  A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

  B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer

  C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

  D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

  Correct Answer: C

• Question 478:

  Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server? The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

  A. My Doom

  B. Astacheldraht

  C. R-U-Dead-Yet?(RUDY)

  D. LOIC

  Correct Answer: C

• Question 479:

  During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario?

  A. Server Message Block (SMB)

  B. Network File System (NFS)

  C. Remote procedure call (RPC)

  D. Telnet

  Correct Answer: A

  Worker Message Block (SMB) is an organization document sharing and information texture convention. SMB is utilized by billions of gadgets in a different arrangement of working frameworks, including Windows, MacOS, iOS , Linux, and Android. Customers use SMB to get to information on workers. This permits sharing of records, unified information the board, and brought down capacity limit needs for cell phones. Workers additionally use SMB as a feature of the Software-characterized Data Center for outstanding burdens like grouping and replication. Since SMB is a far off record framework, it requires security from assaults where a Windows PC may be fooled into reaching a pernicious worker running inside a confided in organization or to a far off worker outside the organization edge. Firewall best practices and arrangements can upgrade security keeping malevolent traffic from leaving the PC or its organization. For Windows customers and workers that don't have SMB shares, you can obstruct all inbound SMB traffic utilizing the Windows Defender Firewall to keep far off associations from malignant or bargained gadgets. In the Windows Defender Firewall, this incorporates the accompanying inbound principles.

  

  You should also create a new blocking rule to override any other inbound firewall rules. Use the following suggested settings for any Windows clients or servers that do not host SMB Shares: Name: Block all inbound SMB 445 Description: Blocks all inbound SMB TCP 445 traffic. Not to be applied to domain controllers or computers that host SMB shares. Action: Block the connection Programs: All Remote Computers: Any Protocol Type: TCP Local Port: 445 Remote Port: Any Profiles: All Scope (Local IP Address): Any Scope (Remote IP Address): Any Edge Traversal: Block edge traversal You must not globally block inbound SMB traffic to domain controllers or file servers. However, you can restrict access to them from trusted IP ranges and devices to lower their attack surface. They should also be restricted to Domain or Private firewall profiles and not allow Guest/Public traffic.

• Question 480:

  In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

  A. Full Blown

  B. Thorough

  C. Hybrid

  D. BruteDics

  Correct Answer: C