312-50v12 Exam Questions

Total 569 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Exam Pool A

You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize
information. How long will the secondary servers attempt to contact the primary server
before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)


A.

One day


B.

One hour


C.

One week


D.

One month





C.
  

One week



Your company was hired by a small healthcare provider to perform a technical assessment
on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?


A.

Use the built-in Windows Update tool


B.

Use a scan tool like Nessus


C.

Create a disk image of a clean Windows installation


D.

Check MITRE.org for the latest list of CVE findings





B.
  

Use a scan tool like Nessus



Session splicing is an IDS evasion technique in which an attacker delivers data in multiple,
small sized packets to the target computer, making it very difficult for an IDS to detect the
attack signatures. Which tool can be used to perform session splicing attacks?


A.

tcpsplice


B.

Burp


C.

Hydra


D.

Whisker





D.
  

Whisker



Explanation:
«Many IDS reassemble communication streams; hence, if a packet is not received within a
reasonable period, many IDS stop reassembling and handling that stream. If the
application under attack keeps a session active for a longer time than that spent by the IDS
on reassembling it, the IDS will stop. As a result, any session after the IDS stops reassembling the sessions will be susceptible to malicious data theft by attackers. The IDS
will not log any attack attempt after a successful splicing attack. Attackers can use tools
such as Nessus for session splicing attacks.»
Did you know that the EC-Council exam shows how well you know their official book? So,
there is no "Whisker" in it. In the chapter "Evading IDS" -> "Session Splicing", the
recommended tool for performing a session-splicing attack is Nessus. Where Wisker came
from is not entirely clear, but I will assume the author of the question found it while copying
Wikipedia.
https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques
One basic technique is to split the attack payload into multiple small packets so that the
IDS must reassemble the packet stream to detect the attack. A simple way of splitting
packets is by fragmenting them, but an adversary can also simply craft packets with small
payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session
splicing'.
By itself, small packets will not evade any IDS that reassembles packet streams. However,
small packets can be further modified in order to complicate reassembly and detection.
One evasion technique is to pause between sending parts of the attack, hoping that the
IDS will time out before the target computer does. A second evasion technique is to send
the packets out of order, confusing simple packet re-assemblers but not the target
computer.
NOTE: Yes, I found scraps of information about the tool that existed in 2012, but I can not
give you unverified information. According to the official tutorials, the correct answer is
Nessus, but if you know anything about Wisker, please write in the QA section. Maybe this
question will be updated soon, but I'm not sure about that.

“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one
offered on the premises, but actually has been set up to eavesdrop on wireless
communications. It is the wireless version of the phishing scam. An attacker fools wireless
users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a
legitimate provider. This type of attack may be used to steal the passwords of
unsuspecting users by either snooping the communication link or by phishing, which
involves setting up a fraudulent web site and luring people there.”
Fill in the blank with appropriate choice.


Values
A

Evil Twin Attack

 



A.
  

Evil Twin Attack



Explanation:
https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that
looks like a legitimate access point to steal victims’ sensitive details. Most often, the victims
of such attacks are ordinary people like you and me.
The attack can be performed as a man-in-the-middle (MITM) attack. The fake Wi-Fi access
point is used to eavesdrop on users and steal their login credentials or other sensitive
information. Because the hacker owns the equipment being used, the victim will have no
idea that the hacker might be intercepting things like bank transactions.
An evil twin access point can also be used in a phishing scam. In this type of attack, victims
will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter
their sensitive data, such as their login details. These, of course, will be sent straight to the
hacker. Once the hacker gets them, they might simply disconnect the victim and show that
the server is temporarily unavailable.
ADDITION: It may not seem obvious what happened. The problem is in the question
statement. The attackers were not Alice and John, who were able to connect to the network
without a password, but on the contrary, they were attacked and forced to connect to a fake
network, and not to the real network belonging to Jane.

To determine if a software program properly handles a wide range of invalid input, a form of
automated testing can be used to randomly generate invalid input in an attempt to crash
the program.
What term is commonly used when referring to this type of testing?


A.

Randomizing


B.

Bounding


C.

Mutating


D.

Fuzzing





D.
  

Fuzzing



Which of the following viruses tries to hide from anti-virus programs by actively altering and
corrupting the chosen service call interruptions when they are being run?


A.

Macro virus


B.

Stealth/Tunneling virus


C.

Cavity virus


D.

Polymorphic virus





B.
  

Stealth/Tunneling virus



What is the known plaintext attack used against DES which gives the result that encrypting
plaintext with one DES key followed by encrypting it with a second DES key is no more
secure than using a single key?


A.

Man-in-the-middle attack


B.

Meet-in-the-middle attack


C.

Replay attack


D.

Traffic analysis attack





B.
  

Meet-in-the-middle attack



Explanation:
https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
The meet-in-the-middle attack (MITM), a known plaintext attack, is a generic space–time
tradeoff cryptographic attack against encryption schemes that rely on performing multiple
encryption operations in sequence. The MITM attack is the primary reason why Double
DES is not used and why a Triple DES key (168-bit) can be bruteforced by an attacker with
256 space and 2112 operations.
The intruder has to know some parts of plaintext and their ciphertexts. Using meet-in-the-middle attacks it is possible to break ciphers, which have two or more secret keys for
multiple encryption using the same algorithm. For example, the 3DES cipher works in this
way. Meet-in-the-middle attack was first presented by Diffie and Hellman for cryptanalysis
of DES algorithm.

Which of the following incident handling process phases is responsible for defining rules,
collaborating human workforce, creating a back-up plan, and testing the plans for an
organization?


A.

Preparation phase


B.

Containment phase


C.

Identification phase


D.

Recovery phase





A.
  

Preparation phase



While using your bank’s online servicing you notice the following string in the URL bar:
“http: // www. MyPersonalBank. com/
account?id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request,
that data on the web page reflects the changes.
Which type of vulnerability is present on this site?


A.

Cookie Tampering


B.

SQL Injection


C.

Web Parameter Tampering


D.

XSS Reflection





C.
  

Web Parameter Tampering



Based on the following extract from the log of a compromised machine, what is the hacker
really trying to steal?


A.

har.txt


B.

SAM file


C.

wwwroot


D.

Repair file





B.
  

SAM file




Page 3 out of 57 Pages
Previous