EC-COUNCIL EC-COUNCIL Certifications 312-50V12 Questions & Answers

• Question 511:

  You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal." You realize that this network uses WPA3 encryption, which of the following vulnerabilities is the promising to exploit?

  A. Dragonblood

  B. Cross-site request forgery

  C. Key reinstallation attack

  D. AP Myconfiguration

  Correct Answer: A

  Dragonblood allows an attacker in range of a password-protected Wi-Fi network to get the password and gain access to sensitive information like user credentials, emails and mastercard numbers. consistent with the published report:"The WPA3 certification aims to secure Wi-Fi networks, and provides several advantages over its predecessor WPA2, like protection against offline dictionary attacks and forward secrecy. Unfortunately, we show that WPA3 is suffering from several design flaws, and analyze these flaws both theoretically and practically. Most prominently, we show that WPA3's Simultaneous Authentication of Equals (SAE) handshake, commonly referred to as Dragonfly, is suffering from password partitioning attacks."Our Wi-Fi researchers at WatchGuard are educating businesses globally that WPA3 alone won't stop the Wi-Fi hacks that allow attackers to steal information over the air (learn more in our recent blog post on the topic). These Dragonblood vulnerabilities impact alittle amount of devices that were released with WPA3 support, and makers are currently making patches available. one among the most important takeaways for businesses of all sizes is to know that a long-term fix might not be technically feasible for devices with lightweight processing capabilities like IoT and embedded systems. Businesses got to consider adding products that enable a Trusted Wireless Environment for all kinds of devices and users alike.Recognizing that vulnerabilities like KRACK and Dragonblood require attackers to initiate these attacks by bringing an "Evil Twin" Access Point or a Rogue Access Point into a Wi-Fi environment, we've been that specialize in developing Wi-Fi security solutions that neutralize these threats in order that these attacks can never occur. The Trusted Wireless Environment framework protects against the "Evil Twin" Access Point and Rogue Access Point. one among these hacks is required to initiate the 2 downgrade or side-channel attacks referenced in Dragonblood.What's next? WPA3 is an improvement over WPA2 Wi-Fi encryption protocol, however, as we predicted, it still doesn't provide protection from the six known Wi-Fi threat categories. It's highly likely that we'll see more WPA3 vulnerabilities announced within the near future.To help reduce Wi-Fi vulnerabilities, we're asking all of you to hitch the Trusted Wireless Environment movement and advocate for a worldwide security standard for Wi-Fi.

• Question 512:

  An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

  A. Reverse Social Engineering

  B. Tailgating

  C. Piggybacking

  D. Announced

  Correct Answer: B

  Identifying operating systems, services, protocols and devices,

  Collecting unencrypted information about usernames and passwords,

  Capturing network traffic for further analysis are passive network sniffing methods since with the help of them we only receive information and do not make any changes to the target network.

  When modifying and replaying the captured network traffic, we are already starting to make changes and actively interact with it.

• Question 513:

  Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

  A. Error-based injection

  B. Boolean-based blind SQL injection

  C. Blind SQL injection

  D. Union SQL injection

  Correct Answer: D

• Question 514:

  Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

  A. internal assessment

  B. Passive assessment

  C. External assessment

  D. Credentialed assessment

  Correct Answer: B

  Passive Assessment Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently accessing the network.

• Question 515:

  Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

  A. Protect the payload and the headers

  B. Encrypt

  C. Work at the Data Link Layer

  D. Authenticate

  Correct Answer: D

• Question 516:

  Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and

  authorized visitors but not for students.

  He identified this when the IDS alerted for malware activities in the network. What should Bob do to avoid this problem?

  A. Disable unused ports in the switches

  B. Separate students in a different VLAN

  C. Use the 802.1x protocol

  D. Ask students to use the wireless network

  Correct Answer: C

• Question 517:

  An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct;

  if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how

  many characters entered are correct.

  What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

  A. Side-channel attack

  B. Denial-of-service attack

  C. HMI-based attack

  D. Buffer overflow attack

  Correct Answer: C

• Question 518:

  Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

  A. User-mode rootkit

  B. Library-level rootkit

  C. Kernel-level rootkit

  D. Hypervisor-level rootkit

  Correct Answer: C

• Question 519:

  Which DNS resource record can indicate how long any "DNS poisoning" could last?

  A. MX

  B. SOA

  C. NS

  D. TIMEOUT

  Correct Answer: B

• Question 520:

  A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

  A. Credentialed assessment

  B. Database assessment

  C. Host-based assessment

  D. Distributed assessment

  Correct Answer: C

  The host-based vulnerability assessment (VA) resolution arose from the auditors' got to periodically review systems. Arising before the net becoming common, these tools typically take an "administrator's eye" read of the setting by evaluating all of the knowledge that an administrator has at his or her disposal. UsesHost VA tools verify system configuration, user directories, file systems, registry settings, and all forms of other info on a number to gain information about it. Then, it evaluates the chance of compromise. it should also live compliance to a predefined company policy so as to satisfy an annual audit. With administrator access, the scans area unit less possible to disrupt traditional operations since the computer code has the access it has to see into the complete configuration of the system. What it Measures Host VA tools will examine the native configuration tables and registries to spot not solely apparent vulnerabilities, however additionally "dormant" vulnerabilities ?those weak or misconfigured systems and settings which will be exploited when an initial entry into the setting. Host VA solutions will assess the safety settings of a user account table; the access management lists related to sensitive files or data; and specific levels of trust applied to other systems. The host VA resolution will a lot of accurately verify the extent of the danger by determinant however way any specific exploit could also be ready to get.