Best Quality EC-Council 312-50v12 Questions Pool Online

NEW QUESTION 1

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

• A. Behavioral based
• B. Heuristics based
• C. Honeypot based
• D. Cloud based

Answer: D

NEW QUESTION 2

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

• A. Data items and vulnerability scanning
• B. Interviewing employees and network engineers
• C. Reviewing the firewalls configuration
• D. Source code review

Answer: A

NEW QUESTION 3

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

• A. Use the same machines for DNS and other applications
• B. Harden DNS servers
• C. Use split-horizon operation for DNS servers
• D. Restrict Zone transfers
• E. Have subnet diversity between DNS servers

Answer: BCDE

NEW QUESTION 4

George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all his online activities. Which of the following anonymizers helps George hide his activities?

• A. https://www.baidu.com
• B. https://www.guardster.com
• C. https://www.wolframalpha.com
• D. https://karmadecay.com

Answer: B

NEW QUESTION 5

Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

• A. MITM attack
• B. Birthday attack
• C. DDoS attack
• D. Password attack

Answer: C

NEW QUESTION 6

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

• A. Tier-1: Developer machines
• B. Tier-4: Orchestrators
• C. Tier-3: Registries
• D. Tier-2: Testing and accreditation systems

Answer: D

Explanation:
The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
formal declaration by a designated accrediting authority (DAA) or principal accrediting authority (PAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. See authorization to operate (ATO). Rationale: The Risk Management Framework uses a new term to refer to this concept, and it is called authorization.
Identifies the information resources covered by an accreditation decision, as distinguished from separately accredited information resources that are interconnected or with which information is exchanged via messaging. Synonymous with Security Perimeter.
For the purposes of identifying the Protection Level for confidentiality of a system to be accredited, the system has a conceptual boundary that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system. See authorization boundary. Rationale: The Risk Management Framework uses a new term to refer to the concept of accreditation, and it is called authorization. Extrapolating, the accreditation boundary would then be referred to as the authorization boundary.

NEW QUESTION 7

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

• A. $1320
• B. $440
• C. $100
• D. $146

Answer: D

Explanation:
* 1. AV (Asset value) = $300 + (14 * $10) = $440 - the cost of a hard drive plus the work of a recovery person, i.e.how much would it take to replace 1 asset? 10 hours for resorting the OS and soft + 4 hours for DB restore multiplies by hourly rate of the recovery person.
* 2. SLE (Single Loss Expectancy) = AV * EF (Exposure Factor) = $440 * 1 = $440
* 3. ARO (Annual rate of occurrence) = 1/3 (every three years, meaning the probability of occurring during 1
years is 1/3)
* 4. ALE (Annual Loss Expectancy) = SLE * ARO = 0.33 * $440 = $145.2

NEW QUESTION 8

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

• A. NetPass.exe
• B. Outlook scraper
• C. WebBrowserPassView
• D. Credential enumerator

Answer: D

NEW QUESTION 9

An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

• A. AlienVault®OSSIM™
• B. Syhunt Hybrid
• C. Saleae Logic Analyzer
• D. Cisco ASA

Answer: B

NEW QUESTION 10

What did the following commands determine?

• A. That the Joe account has a SID of 500
• B. These commands demonstrate that the guest account has NOT been disabled
• C. These commands demonstrate that the guest account has been disabled
• D. That the true administrator is Joe
• E. Issued alone, these commands prove nothing

Answer: D

NEW QUESTION 11

An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization deckled to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure?

• A. Robotium
• B. BalenaCloud
• C. Flowmon
• D. IntentFuzzer

Answer: C

Explanation:
Source: https://www.flowmon.com
Flowmon empowers manufacturers and utility companies to ensure the reliability of their industrial networks confidently to avoid downtime and disruption of service continuity. This can be achieved by continuous monitoring and anomaly detection so that malfunctioning devices or security incidents, such as cyber espionage, zero-days, or malware, can be reported and remedied as quickly as possible.

NEW QUESTION 12

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical Information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario?

• A. Quid pro quo
• B. Diversion theft
• C. Elicitation
• D. Phishing

Answer: A

Explanation:
https://www.eccouncil.org/what-is-social-engineering/
This Social Engineering scam involves an exchange of information that can benefit both the victim and the trickster. Scammers would make the prey believe that a fair exchange will be present between both sides, but in reality, only the fraudster stands to benefit, leaving the victim hanging on to nothing. An example of a Quid Pro Quo is a scammer pretending to be an IT support technician. The con artist asks for the login credentials of the company’s computer saying that the company is going to receive technical support in return. Once the victim has provided the credentials, the scammer now has control over the company’s computer and may possibly load malware or steal personal information that can be a motive to commit identity theft.
"A quid pro quo attack (aka something for something” attack) is a variant of baiting. Instead of baiting a target with the promise of a good, a quid pro quo attack promises a service or a benefit based on the execution of a specific action."
https://resources.infosecinstitute.com/topic/common-social-engineering-attacks/#:~:text=A%20quid%20pro%20

NEW QUESTION 13

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

• A. 210.1.55.200
• B. 10.1.4.254
• C. 10..1.5.200
• D. 10.1.4.156

Answer: C

NEW QUESTION 14

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in. What do you think is the most likely reason behind this?

• A. There is a NIDS present on that segment.
• B. Kerberos is preventing it.
• C. Windows logons cannot be sniffed.
• D. L0phtcrack only sniffs logons to web servers.

Answer: B

NEW QUESTION 15

Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?

• A. LLMNR/NBT-NS poisoning
• B. Internal monologue attack
• C. Pass the ticket
• D. Pass the hash

Answer: D

NEW QUESTION 16

Which among the following is the best example of the hacking concept called "clearing tracks"?

• A. After a system is breached, a hacker creates a backdoor to allow re-entry into a system.
• B. During a cyberattack, a hacker injects a rootkit into a server.
• C. An attacker gains access to a server through an exploitable vulnerability.
• D. During a cyberattack, a hacker corrupts the event logs on all machines.

Answer: D

NEW QUESTION 17

On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?

• A. Emergency Plan Response (EPR)
• B. Business Impact Analysis (BIA)
• C. Risk Mitigation
• D. Disaster Recovery Planning (DRP)

Answer: B

NEW QUESTION 18

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx
xc. QUITTING!
What seems to be wrong?

• A. The nmap syntax is wrong.
• B. This is a common behavior for a corrupted nmap application.
• C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
• D. OS Scan requires root privileges.

Answer: D

NEW QUESTION 19

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

• A. ARP spoofing
• B. SQL injection
• C. DNS poisoning
• D. Routing table injection

Answer: C

NEW QUESTION 20

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be
performed by the passive network sniffing?

• A. Identifying operating systems, services, protocols and devices
• B. Modifying and replaying captured network traffic
• C. Collecting unencrypted information about usernames and passwords
• D. Capturing a network traffic for further analysis

Answer: B

NEW QUESTION 21
......