• Home
  • Articles
  • Get Latest Dec-2023 Real 312-50v12 Exam Questions and Answers FREE [Q221-Q245]

Get Latest Dec-2023 Real 312-50v12 Exam Questions and Answers FREE [Q221-Q245]

Share

Get Latest Dec-2023 Real 312-50v12 Exam Questions and Answers FREE

Truly Beneficial For Your ECCouncil Exam (Updated 505 Questions)


ECCouncil 312-50v12: Certified Ethical Hacker exam is a highly respected certification that demonstrates a professional's knowledge and skills in the field of ethical hacking. With the increasing demand for cybersecurity professionals, obtaining this certification can help individuals stand out in the job market and advance their careers.

 

NEW QUESTION # 221
Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a Dos attack, and as a result, legitimate employees were unable to access the clients network. Which of the following attacks did Abel perform in the above scenario?

  • A. VLAN hopping
  • B. Rogue DHCP server attack
  • C. DHCP starvation
  • D. STP attack

Answer: C

Explanation:
A DHCP starvation assault is a pernicious computerized assault that objectives DHCP workers. During a DHCP assault, an unfriendly entertainer floods a DHCP worker with false DISCOVER bundles until the DHCP worker debilitates its stock of IP addresses. When that occurs, the aggressor can deny genuine organization clients administration, or even stock an other DHCP association that prompts a Man-in-the-Middle (MITM) assault.
In a DHCP Starvation assault, a threatening entertainer sends a huge load of false DISCOVER parcels until the DHCP worker thinks they've used their accessible pool. Customers searching for IP tends to find that there are no IP addresses for them, and they're refused assistance. Furthermore, they may search for an alternate DHCP worker, one which the unfriendly entertainer may give. What's more, utilizing a threatening or sham IP address, that unfriendly entertainer would now be able to peruse all the traffic that customer sends and gets.
In an unfriendly climate, where we have a malevolent machine running some sort of an instrument like Yersinia, there could be a machine that sends DHCP DISCOVER bundles. This malevolent customer doesn't send a modest bunch - it sends a great many vindictive DISCOVER bundles utilizing sham, made-up MAC addresses as the source MAC address for each solicitation.
In the event that the DHCP worker reacts to every one of these false DHCP DISCOVER parcels, the whole IP address pool could be exhausted, and that DHCP worker could trust it has no more IP delivers to bring to the table to legitimate DHCP demands.
When a DHCP worker has no more IP delivers to bring to the table, ordinarily the following thing to happen would be for the aggressor to get their own DHCP worker. This maverick DHCP worker at that point starts giving out IP addresses.
The advantage of that to the assailant is that if a false DHCP worker is distributing IP addresses, including default DNS and door data, customers who utilize those IP delivers and begin to utilize that default passage would now be able to be directed through the aggressor's machine. That is all that an unfriendly entertainer requires to play out a man-in-the-center (MITM) assault.


NEW QUESTION # 222
Based on the below log, which of the following sentences are true?
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

  • A. Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.
  • B. Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.
  • C. SSH communications are encrypted; it's impossible to know who is the client or the server.
  • D. Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Answer: D

Explanation:
Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip Let's just disassemble this entry.
Mar 1, 2016, 7:33:28 AM - time of the request
10.240.250.23 - 54373 - client's IP and port
10.249.253.15 - server IP
- 22 - SSH port


NEW QUESTION # 223
John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?

  • A. Use Marie's private key to encrypt the message.
  • B. Use his own private key to encrypt the message.
  • C. Use Marie's public key to encrypt the message.
  • D. Use his own public key to encrypt the message.

Answer: C

Explanation:
When a user encrypts plaintext with PGP, PGP first compresses the plaintext. The session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient's public key
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a username or an e-mail address.
https://en.wikipedia.org/wiki/Public-key_cryptography
Public key encryption uses two different keys. One key is used to encrypt the information and the other is used to decrypt the information. Sometimes this is referred to as asymmetric encryption because two keys are required to make the system and/or process work securely. One key is known as the public key and should be shared by the owner with anyone who will be securely communicating with the key owner. However, the owner's secret key is not to be shared and considered a private key. If the private key is shared with unauthorized recipients, the encryption mechanisms protecting the information must be considered compromised.


NEW QUESTION # 224
Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

  • A. -A
  • B. -O
  • C. -T5
  • D. -T0

Answer: C


NEW QUESTION # 225
Which of these is capable of searching for and locating rogue access points?

  • A. HIDS
  • B. NIDS
  • C. WIPS
  • D. WISS

Answer: C

Explanation:
A Wireless Intrusion Prevention System (WIPS) is a network device that monitors the radio spectrum for the presence of unauthorized access points (intrusion detection), and can automatically take countermeasures (intrusion prevention).


NEW QUESTION # 226
Which of the following statements is FALSE with respect to Intrusion Detection Systems?

  • A. Intrusion Detection Systems can be configured to distinguish specific content in network packets
  • B. Intrusion Detection Systems require constant update of the signature library
  • C. Intrusion Detection Systems can examine the contents of the data n context of the network protocol
  • D. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

Answer: D


NEW QUESTION # 227
Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages.
Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

  • A. WSDL
  • B. WS Work Processes
  • C. WS-Security
  • D. WS-Policy

Answer: C


NEW QUESTION # 228
Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?

  • A. getsystem
  • B. keylogrecorder
  • C. autoroute
  • D. getuid

Answer: A


NEW QUESTION # 229
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those dat a. Which of the following regulations is mostly violated?

  • A. HIPPA/PHl
  • B. Pll
  • C. ISO 2002
  • D. PCIDSS

Answer: A

Explanation:
PHI stands for Protected Health info. The HIPAA Privacy Rule provides federal protections for private health info held by lined entities and provides patients an array of rights with regard to that info. under HIPAA phi is considered to be any identifiable health info that's used, maintained, stored, or transmitted by a HIPAA-covered entity - a healthcare provider, health plan or health insurer, or a aid clearinghouse - or a business associate of a HIPAA-covered entity, in relation to the availability of aid or payment for aid services.
It is not only past and current medical info that's considered letter under HIPAA Rules, however also future info concerning medical conditions or physical and mental health related to the provision of care or payment for care. phi is health info in any kind, together with physical records, electronic records, or spoken info.
Therefore, letter includes health records, medical histories, lab check results, and medical bills. basically, all health info is considered letter once it includes individual identifiers. Demographic info is additionally thought of phi underneath HIPAA Rules, as square measure several common identifiers like patient names, Social Security numbers, Driver's license numbers, insurance details, and birth dates, once they square measure connected with health info.
The eighteen identifiers that create health info letter are:
Names
Dates, except year
phonephone numbers
Geographic information
FAX numbers
Social Security numbers
Email addresses
case history numbers
Account numbers
Health arrange beneficiary numbers
Certificate/license numbers
Vehicle identifiers and serial numbers together with license plates
Web URLs
Device identifiers and serial numbers
net protocol addresses
Full face photos and comparable pictures
Biometric identifiers (i.e. retinal scan, fingerprints)
Any distinctive identifying variety or code
One or a lot of of those identifiers turns health info into letter, and phi HIPAA Privacy Rule restrictions can then apply that limit uses and disclosures of the data. HIPAA lined entities and their business associates will ought to guarantee applicable technical, physical, and body safeguards are enforced to make sure the confidentiality, integrity, and availability of phi as stipulated within the HIPAA Security Rule.


NEW QUESTION # 230
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

  • A. There is no way to tell because a hash cannot be reversed
  • B. The hash always starts with AB923D
  • C. A portion of the hash will be all 0's
  • D. The right most portion of the hash is always the same
  • E. The left most portion of the hash is always the same

Answer: D


NEW QUESTION # 231
You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use?

  • A. filetype
  • B. site
  • C. ext
  • D. inurl

Answer: A

Explanation:
Restrict results to those of a certain filetype. E.g., PDF, DOCX, TXT, PPT, etc. Note: The "ext:" operator can also be used-the results are identical.
Example: apple filetype:pdf / apple ext:pdf


NEW QUESTION # 232
Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

  • A. Identification phase
  • B. Containment phase
  • C. Recovery phase
  • D. Preparation phase

Answer: D


NEW QUESTION # 233
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences. He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com www.riaa.com. kiosk.adobe.com is the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

  • A. Conduct IDLE scan
  • B. Conduct ICMP scan
  • C. Conduct stealth scan
  • D. Conduct silent scan

Answer: A

Explanation:
Once a suitable zombie has been found, performing a scan is easy. Simply specify the zombie hostname to the -sI option and Nmap does the rest. Example 5.19 shows an example of Ereet scanning the Recording Industry Association of America by bouncing an idle scan off an Adobe machine named Kiosk.
Example 5.19. An idle scan against the RIAA
# nmap -Pn -p- -sI kiosk.adobe.com www.riaa.com
Starting Nmap ( http://nmap.org )
Idlescan using zombie kiosk.adobe.com (192.150.13.111:80); Class: Incremental Nmap scan report for 208.225.90.120 (The 65522 ports scanned but not shown below are in state: closed) Port State Service
21/tcp open ftp
25/tcp open smtp
80/tcp open http
111/tcp open sunrpc
135/tcp open loc-srv
443/tcp open https
1027/tcp open IIS
1030/tcp open iad1
2306/tcp open unknown
5631/tcp open pcanywheredata
7937/tcp open unknown
7938/tcp open unknown
36890/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 2594.47 seconds
https://nmap.org/book/idlescan.html


NEW QUESTION # 234
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

  • A. Phishing
  • B. Quid pro quo
  • C. Diversion theft
  • D. Elicitation

Answer: B

Explanation:
https://www.eccouncil.org/what-is-social-engineering/
This Social Engineering scam involves an exchange of information that can benefit both the victim and the trickster. Scammers would make the prey believe that a fair exchange will be present between both sides, but in reality, only the fraudster stands to benefit, leaving the victim hanging on to nothing. An example of a Quid Pro Quo is a scammer pretending to be an IT support technician. The con artist asks for the login credentials of the company's computer saying that the company is going to receive technical support in return. Once the victim has provided the credentials, the scammer now has control over the company's computer and may possibly load malware or steal personal information that can be a motive to commit identity theft.
"A quid pro quo attack (aka something for something" attack) is a variant of baiting. Instead of baiting a target with the promise of a good, a quid pro quo attack promises a service or a benefit based on the execution of a specific action." https://resources.infosecinstitute.com/topic/common-social-engineering-attacks/#:~:text=A%20quid%20pro%20quo%20attack,execution%20of%20a%20specific%20action.


NEW QUESTION # 235
When considering how an attacker may exploit a web server, what is web server footprinting?

  • A. When an attacker creates a complete profile of the site's external links and file structures
  • B. When an attacker implements a vulnerability scanner to identify weaknesses
  • C. When an attacker gathers system-level data, including account details and server names
  • D. When an attacker uses a brute-force attack to crack a web-server password

Answer: C


NEW QUESTION # 236
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?

  • A. Brute force login
  • B. Privilege escalation
  • C. Directory traversal
  • D. File system permissions

Answer: D

Explanation:
File system permissions
Processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself, are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Adversaries may use this technique to replace legitimate binaries with malicious ones as a means of executing code at a higher permissions level. If the executing process is set to run at a specific time or during a certain event (e.g., system bootup) then this technique can also be used for persistence.


NEW QUESTION # 237
Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ''or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

  • A. Char encoding
  • B. IP fragmentation
  • C. Variation
  • D. Null byte

Answer: C

Explanation:
One may append the comment "-" operator along with the String for the username and whole avoid executing the password segment of the SQL query. Everything when the - operator would be considered as comment and not dead.
To launch such an attack, the value passed for name could be 'OR '1'='1' ; - Statement = "SELECT * FROM 'CustomerDB' WHERE 'name' = ' "+ userName + " ' AND 'password' = ' " + passwd + " ' ; " Statement = "SELECT * FROM 'CustomerDB' WHERE 'name' = ' ' OR '1'='1';- + " ' AND 'password' = ' " + passwd + " ' ; " All the records from the customer database would be listed.
Yet, another variation of the SQL Injection Attack can be conducted in dbms systems that allow multiple SQL injection statements. Here, we will also create use of the vulnerability in sure dbms whereby a user provided field isn't strongly used in or isn't checked for sort constraints.
This could take place once a numeric field is to be employed in a SQL statement; but, the programmer makes no checks to validate that the user supplied input is numeric.
Variation is an evasion technique whereby the attacker can easily evade any comparison statement. The attacker does this by placing characters such as "' or '1'='1'" in any basic injection statement such as "or 1=1" or with other accepted SQL comments.
Evasion Technique: Variation Variation is an evasion technique whereby the attacker can easily evade any comparison statement. The attacker does this by placing characters such as "' or '1'='1'" in any basic injection statement such as "or 1=1" or with other accepted SQL comments. The SQL interprets this as a comparison between two strings or characters instead of two numeric values. As the evaluation of two strings yields a true statement, similarly, the evaluation of two numeric values yields a true statement, thus rendering the evaluation of the complete query unaffected. It is also possible to write many other signatures; thus, there are infinite possibilities of variation as well. The main aim of the attacker is to have a WHERE statement that is always evaluated as "true" so that any mathematical or string comparison can be used, where the SQL can perform the same.


NEW QUESTION # 238
Which of the following program infects the system boot sector and the executable files at the same time?

  • A. Polymorphic virus
  • B. Macro virus
  • C. Multipartite Virus
  • D. Stealth virus

Answer: C


NEW QUESTION # 239
Identify the correct terminology that defines the above statement.

  • A. Security Policy Implementation
  • B. Designing Network Security
  • C. Penetration Testing
  • D. Vulnerability Scanning

Answer: C


NEW QUESTION # 240
Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

  • A. OpenVAS
  • B. Kismet
  • C. tshark
  • D. Burp Suite

Answer: C


NEW QUESTION # 241
In both pharming and phishing attacks, an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims.
What is the difference between pharming and phishing attacks?

  • A. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering
  • B. Both pharming and phishing attacks are identical
  • C. In a phishing attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name
  • D. In a pharming attack, a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

Answer: D


NEW QUESTION # 242
What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

  • A. Using wget to perform banner grabbing on the webserver
  • B. Flooding the web server with requests to perform a DoS attack
  • C. Performing content enumeration on the web server to discover hidden folders
  • D. Downloading all the contents of the web page locally for further examination

Answer: A

Explanation:
-q, --quiet quiet (no output)
-S, --server-response print server response


NEW QUESTION # 243
Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.
Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

  • A. DNS poisoning attack
  • B. STP attack
  • C. ARP spoofing attack
  • D. VLAN hopping attack

Answer: B

Explanation:
STP prevents bridging loops in a redundant switched network environment. By avoiding loops, you can ensure that broadcast traffic does not become a traffic storm.
STP is a hierarchical tree-like topology with a "root" switch at the top. A switch is elected as root based on the lowest configured priority of any switch (0 through 65,535). When a switch boots up, it begins a process of identifying other switches and determining the root bridge. After a root bridge is elected, the topology is established from its perspective of the connectivity. The switches determine the path to the root bridge, and all redundant paths are blocked. STP sends configuration and topology change notifications and acknowledgments (TCN/TCA) using bridge protocol data units (BPDU).
An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an attempt to force an STP recalculation. The BPDU sent out announces that the attacker's system has a lower bridge priority. The attacker can then see a variety of frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to 45 seconds each time the root bridge changes. An attacker using STP network topology changes to force its host to be elected as the root bridge.


NEW QUESTION # 244
Which regulation defines security and privacy controls for Federal information systems and organizations?

  • A. EU Safe Harbor
  • B. PCI-DSS
  • C. NIST-800-53
  • D. HIPAA

Answer: C

Explanation:
NIST Special Publication 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA) and to help with managing cost-effective programs to protect their information and information systems.


NEW QUESTION # 245
......

312-50v12 dumps Free Test Engine Verified By It Certified Experts: https://www.passleadervce.com/CEH-v12/reliable-312-50v12-exam-learning-guide.html

View All 312-50v12 Actual Exam Questions, Answers and Explanations for Free: https://drive.google.com/open?id=1ZUnki3jfvEkIuBqLBFa5BTvQ-Nprr2eF

Related Articles

more
ECCouncil 312-50v12 Certification Practice Exam