EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 481:

  Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

  A. LDAP Injection attack

  B. Cross-Site Scripting (XSS)

  C. SQL injection attack

  D. Cross-Site Request Forgery (CSRF)

  Correct Answer: B

• Question 482:

  Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its

  firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an laaS.

  What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?

  A. Man-in-the-cloud (MITC) attack

  B. Cloud cryptojacking

  C. Cloudborne attack

  D. Metadata spoofing attack

  Correct Answer: C

• Question 483:

  What is the main security service a cryptographic hash provides?

  A. Integrity and ease of computation

  B. Message authentication and collision resistance

  C. Integrity and collision resistance

  D. Integrity and computational in-feasibility

  Correct Answer: D

• Question 484:

  What is the purpose of a demilitarized zone on a network?

  A. To scan all traffic coming through the DMZ to the internal network

  B. To only provide direct access to the nodes within the DMZ and protect the network behind it

  C. To provide a place to put the honeypot

  D. To contain the network devices you wish to protect

  Correct Answer: B

• Question 485:

  If you send a TCP ACK segment to a known closed port on a firewall, but it does not respond with an RST, what do you know about the firewall you are scanning?

  A. There is no firewall in place.

  B. This event does not tell you encrypting about the firewall.

  C. It is a stateful firewall

  D. It Is a non-stateful firewall.

  Correct Answer: B

• Question 486:

  An attacker runs netcat tool to transfer a secret file between two hosts.

  

  He is worried about information being sniffed on the network.

  How would the attacker use netcat to encrypt the information before transmitting onto the wire?

  A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat

  B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat

  C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

  D. Use cryptcat instead of netcat

  Correct Answer: D

• Question 487:

  You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have

  configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place. Your peer, Peter Smith who works at the

  same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

  What is Peter Smith talking about?

  A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

  B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

  C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

  Correct Answer: A

• Question 488:

  Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three.)

  A. Converts passwords to uppercase.

  B. Hashes are sent in clear text over the network.

  C. Makes use of only 32-bit encryption.

  D. Effective length is 7 characters.

  Correct Answer: ABD

• Question 489:

  Which of the following Linux commands will resolve a domain name into IP address?

  A. >host-t a hackeddomain.com

  B. >host-t ns hackeddomain.com

  C. >host -t soa hackeddomain.com

  D. >host -t AXFR hackeddomain.com

  Correct Answer: A

• Question 490:

  Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

  A. ophcrack

  B. Hootsuite

  C. VisualRoute

  D. HULK

  Correct Answer: B

  Hootsuite may be a social media management platform that covers virtually each side of a social media manager's role.

  With only one platform users area unit ready to do the easy stuff like reverend cool content and schedule posts on social media in all the high to managing team members and measure ROI. There area unit many totally different plans to

  decide on from, from one user set up up to a bespoken enterprise account that's appropriate for much larger organizations.