EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 501:

  The network users are complaining because their system are slowing down. Further, every time they attempt to go a website, they receive a series of pop-ups with advertisements. What types of malware have the system been infected with?

  A. Virus

  B. Spyware

  C. Trojan

  D. Adware

  Correct Answer: D

  Adware, or advertising supported computer code, is computer code that displays unwanted advertisements on your pc. Adware programs can tend to serve you pop-up ads, will modification your browser's homepage, add spyware and simply

  bombard your device with advertisements. Adware may be a additional summary name for doubtless unwanted programs. It's roughly a virulent disease and it's going to not be as clearly malicious as a great deal of different problematic code

  floating around on the net. create no mistake concerning it, though, that adware has to return off of no matter machine it's on. Not solely will adware be extremely annoying whenever you utilize your machine, it might additionally cause

  semipermanent problems for your device.

  Adware a network users the browser to gather your internet browsing history so as to 'target' advertisements that appear tailored to your interests. At their most innocuous, adware infections square measure simply annoying. as an example,

  adware barrages you with pop-up ads that may create your net expertise markedly slower and additional labor intensive.

• Question 502:

  Scenario1:

  1.Victim opens the attacker's web site.

  2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'.

  3.Victim clicks to the interesting and attractive content URL.

  4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

  What is the name of the attack which is mentioned in the scenario?

  A. Session Fixation

  B. HTML Injection

  C. HTTP Parameter Pollution

  D. Clickjacking Attack

  Correct Answer: D

  https://en.wikipedia.org/wiki/Clickjacking Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web

  pages, provide credentials or sensitive information, transfer money, or purchase products online.

  Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the

  additional page transposed on top of it.

• Question 503:

  John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as?

  A. Cybercriminal

  B. Black hat

  C. White hat

  D. Gray hat

  Correct Answer: D

• Question 504:

  Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

  A. Time Keeper

  B. NTP

  C. PPP

  D. OSPP

  Correct Answer: B

• Question 505:

  Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities. What will you call these issues?

  A. False positives

  B. True negatives

  C. True positives

  D. False negatives

  Correct Answer: A

  False Positives occur when a scanner, Web Application Firewall (WAF), or Intrusion Prevention System (IPS) flags a security vulnerability that you do not have. A false negative is the opposite of a false positive, telling you that you don't have

  a vulnerability when, in fact, you do.

  A false positive is like a false alarm; your house alarm goes off, but there is no burglar. In web application security, a false positive is when a web application security scanner indicates that there is a vulnerability on your website, such as SQL

  Injection, when, in reality, there is not. Web security experts and penetration testers use automated web application security scanners to ease the penetration testing process. These tools help them ensure that all web application attack

  surfaces are correctly tested in a reasonable amount of time. But many false positives tend to break down this process. If the first 20 variants are false, the penetration tester assumes that all the others are false positives and ignore the rest.

  By doing so, there is a good chance that real web application vulnerabilities will be left undetected.

  When checking for false positives, you want to ensure that they are indeed false. By nature, we humans tend to start ignoring false positives rather quickly. For example, suppose a web application security scanner detects 100 SQL Injection

  vulnerabilities. If the first 20 variants are false positives, the penetration tester assumes that all the others are false positives and ignore all the rest. By doing so, there are chances that real web application vulnerabilities are left undetected.

  This is why it is crucial to check every vulnerability and deal with each false positive separately to ensure false positives.

• Question 506:

  Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

  A. OPPORTUNISTICTLS

  B. UPGRADETLS

  C. FORCETLS

  D. STARTTLS

  Correct Answer: D

• Question 507:

  Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This

  vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

  Which of the following attacks can be performed by exploiting the above vulnerability?

  A. DROWN attack

  B. Padding oracle attack

  C. Side-channel attack

  D. DUHK attack

  Correct Answer: A

  DROWN is a serious vulnerability that affects HTTPS and other services that deem SSL and TLS, some of the essential cryptographic protocols for net security. These protocols allow everyone on the net to browse the net, use email, look on-

  line, and send instant messages while not third-parties being able to browse the communication. DROWN allows attackers to break the encryption and read or steal sensitive communications, as well as passwords, credit card numbers, trade

  secrets, or financial data. At the time of public disclosure on March 2016, our measurements indicated thirty third of all HTTPS servers were vulnerable to the attack. fortuitously, the vulnerability is much less prevalent currently. As of 2019,

  SSL Labs estimates that one.2% of HTTPS servers are vulnerable.

  What will the attackers gain?Any communication between users and the server. This typically includes, however isn't limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. under

  some common scenarios, an attacker can also impersonate a secure web site and intercept or change the content the user sees.

  Who is vulnerable?Websites, mail servers, and other TLS-dependent services are in danger for the DROWN attack. At the time of public disclosure, many popular sites were affected. we used Internet-wide scanning to live how many sites are

  vulnerable:

  

  SSLv2 Operators of vulnerable servers got to take action. there's nothing practical that browsers or end-users will do on their own to protect against this attack. Is my site vulnerable?Modern servers and shoppers use the TLS encryption protocol. However, because of misconfigurations, several servers also still support SSLv2, a 1990s- era precursor to TLS. This support did not matter in practice, since no up-to-date clients really use SSLv2. Therefore, despite the fact that SSLv2 is thought to be badly insecure, until now, simply supporting SSLv2 wasn't thought of a security problem, is a clients never used it. DROWN shows that merely supporting SSLv2 may be a threat to fashionable servers and clients. It modern associate degree attacker to modern fashionable TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key.

  

  SSLv2

  It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings.

  Its private key is used on any other serverthat allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports

  SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server.

  A server is vulnerable to DROWN if:

  

  SSLv2 How do I protect my server?To protect against DROWN, server operators need to ensure that their private keys software used anyplace with server computer code that enables SSLv2 connections. This includes net servers, SMTP servers, IMAP and POP servers, and the other software that supports SSL/TLS. Disabling SSLv2 is difficult and depends on the particular server software. we offer instructions here for many common products: OpenSSL: OpenSSL may be a science library employed in several server merchandise. For users of OpenSSL, the simplest and recommended solution is to upgrade to a recent OpenSSL version. OpenSSL 1.0.2 users ought to upgrade to 1.0.2g. OpenSSL 1.0.1 users ought to upgrade to one.0.1s. Users of older OpenSSL versions ought to upgrade to either one in every of these versions. (Updated March thirteenth, 16:00 UTC) Microsoft IIS (Windows Server): Support for SSLv2 on the server aspect is enabled by default only on the OS versions that correspond to IIS 7.0 and IIS seven.5, particularly Windows scene, Windows Server 2008, Windows seven and Windows Server 2008R2. This support is disabled within the appropriate SSLv2 subkey for `Server', as outlined in KB245030. albeit users haven't taken the steps to disable SSLv2, the export-grade and 56-bit ciphers that build DROWN possible don't seem to be supported by default. Network Security Services (NSS): NSS may be a common science library designed into several server merchandise. NSS versions three.13 (released back in 2012) and higher than ought to have SSLv2 disabled by default. (A little variety of users might have enabled SSLv2 manually and can got to take steps to disable it.) Users of older versions ought to upgrade to a more moderen version. we tend to still advocate checking whether or not your non-public secret is exposed elsewhere Other affected software and in operation systems: Instructions and data for: Apache, Postfix, Nginx, Debian, Red Hat Browsers and other consumers: practical nothing practical that net browsers or different client computer code will do to stop DROWN. only server operators ar ready to take action to guard against the attack.

• Question 508:

  Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used

  in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network

  resources.

  What is the attack technique used by Jude for finding loopholes in the above scenario?

  A. UDP flood attack

  B. Ping-of-death attack

  C. Spoofed session flood attack

  D. Peer-to-peer attack

  Correct Answer: C

• Question 509:

  In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

  A. 3.0-6.9

  B. 40-6.0

  C. 4.0-6.9

  D. 3.9-6.9

  Correct Answer: C

• Question 510:

  Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

  A. VoIP footprinting

  B. VPN footprinting

  C. Whois footprinting

  D. Email footprinting

  Correct Answer: D