Year End Sale - Special Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 44314956B5

Good News !!! 312-50v12 Certified Ethical Hacker Exam (CEHv12) is now Stable and Pass

312-50v12 Certified Ethical Hacker Exam (CEHv12) Question and Answers

Certified Ethical Hacker Exam (CEHv12)

Last Update 13 hours ago
Total Questions : 504

312-50v12 Exam is stable now with all latest questions are added 13 hours ago. Just download our Full package and start your journey with ECCouncil Certified Ethical Hacker Exam (CEHv12) certification. All these ECCouncil Exam 312-50v12 questions are real and verified by our Experts in the related industry fields.

312-50v12 PDF

312-50v12 PDF (Printable)
$54
$119.99

312-50v12 Testing Engine

312-50v12 PDF (Printable)
$63
$139.99

312-50v12 PDF + Testing Engine

312-50v12 PDF (Printable)
$79.65
$176.99
Question # 1

which of the following information security controls creates an appealing isolated environment for hackers to prevent them from compromising critical targets while simultaneously gathering information about the hacker?

Options:

A.  

intrusion detection system

B.  

Honeypot

C.  

Botnet

D Firewall

Discussion 0
Question # 2

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

Options:

A.  

Preparation

B.  

Cleanup

C.  

Persistence

D.  

initial intrusion

Discussion 0
Question # 3

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.  

Trojan

B.  

RootKit

C.  

DoS tool

D.  

Scanner

E.  

Backdoor

Discussion 0
Question # 4

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Options:

A.  

Cross-site scripting

B.  

Denial of service

C.  

SQL injection

D.  

Directory traversal

Discussion 0
Question # 5

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

Options:

A.  

Leave it as it Is and contact the incident response te3m right away

B.  

Block the connection to the suspicious IP Address from the firewall

C.  

Disconnect the email server from the network

D.  

Migrate the connection to the backup email server

Discussion 0
Question # 6

Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the target and extracts information such as sender identities, mall servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario?

Options:

A.  

Factiva

B.  

Netcraft

C.  

infoga

D.  

Zoominfo

Discussion 0
Question # 7

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

Options:

A.  

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

B.  

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

C.  

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

D.  

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Discussion 0
Question # 8

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

Options:

A.  

Block port 25 at the firewall.

B.  

Shut off the SMTP service on the server.

C.  

Force all connections to use a username and password.

D.  

Switch from Windows Exchange to UNIX Sendmail.

E.  

None of the above.

Discussion 0
Question # 9

This kind of password cracking method uses word lists in combination with numbers and special characters:

Options:

A.  

Hybrid

B.  

Linear

C.  

Symmetric

D.  

Brute Force

Discussion 0
Question # 10

Ricardo has discovered the username for an application in his targets environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application, what type of attack is Ricardo performing?

Options:

A.  

Known plaintext

B.  

Password spraying

C.  

Brute force

D.  

Dictionary

Discussion 0
Question # 11

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

Options:

A.  

Knative

B.  

zANTI

C.  

Towelroot

D.  

Bluto

Discussion 0
Question # 12

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfilltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company's application whitelisting?

Options:

A.  

Phishing malware

B.  

Zero-day malware

C.  

File-less malware

D.  

Logic bomb malware

Discussion 0
Question # 13

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

Options:

A.  

ophcrack

B.  

Hootsuite

C.  

VisualRoute

D.  

HULK

Discussion 0
Question # 14

Fingerprinting an Operating System helps a cracker because:

Options:

A.  

It defines exactly what software you have installed

B.  

It opens a security-delayed window based on the port being scanned

C.  

It doesn't depend on the patches that have been applied to fix existing security holes

D.  

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Discussion 0
Question # 15

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

Options:

A.  

httpd.conf

B.  

administration.config

C.  

idq.dll

D.  

php.ini

Discussion 0
Question # 16

There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution Is for a customer to Join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called?

Options:

A.  

Hybrid

B.  

Community

C.  

Public

D.  

Private

Discussion 0
Question # 17

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL’s _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

Options:

A.  

Relational, Hierarchical

B.  

Strict, Abstract

C.  

Hierarchical, Relational

D.  

Simple, Complex

Discussion 0
Question # 18

Which of the following statements about a zone transfer is correct? (Choose three.)

Options:

A.  

A zone transfer is accomplished with the DNS

B.  

A zone transfer is accomplished with the nslookup service

C.  

A zone transfer passes all zone information that a DNS server maintains

D.  

A zone transfer passes all zone information that a nslookup server maintains

E.  

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.  

Zone transfers cannot occur on the Internet

Discussion 0
Question # 19

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.  

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.  

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.  

Intrusion Detection Systems require constant update of the signature library

D.  

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Discussion 0
Question # 20

Which definition among those given below best describes a covert channel?

Options:

A.  

A server program using a port that is not well known.

B.  

Making use of a protocol in a way it is not intended to be used.

C.  

It is the multiplexing taking place on a communication link.

D.  

It is one of the weak channels used by WEP which makes it insecure

Discussion 0
Question # 21

Which of the following tools can be used for passive OS fingerprinting?

Options:

A.  

nmap

B.  

tcpdump

C.  

tracert

D.  

ping

Discussion 0
Question # 22

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.  

Traceroute

B.  

Hping

C.  

TCP ping

D.  

Broadcast ping

Discussion 0
Question # 23

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.  

Nikto

B.  

John the Ripper

C.  

Dsniff

D.  

Snort

Discussion 0
Question # 24

Scenario1:

1.Victim opens the attacker's web site.

2.Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make

$1000 in a day?'.

3.Victim clicks to the interesting and attractive content URL.

4.Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

Options:

A.  

Session Fixation

B.  

HTML Injection

C.  

HTTP Parameter Pollution

D.  

Clickjacking Attack

Discussion 0
Question # 25

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveC

D.  

Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

Options:

A.  

John the Ripper

B.  

SET

C.  

CHNTPW

D.  

Cain & Abel

Discussion 0
Question # 26

Study the snort rule given below:

Question # 26

From the options below, choose the exploit against which this rule applies.

Options:

A.  

WebDav

B.  

SQL Slammer

C.  

MS Blaster

D.  

MyDoom

Discussion 0
Question # 27

Why should the security analyst disable/remove unnecessary ISAPI filters?

Options:

A.  

To defend against social engineering attacks

B.  

To defend against webserver attacks

C.  

To defend against jailbreaking

D.  

To defend against wireless attacks

Discussion 0
Question # 28

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.  

Macro virus

B.  

Stealth/Tunneling virus

C.  

Cavity virus

D.  

Polymorphic virus

Discussion 0
Question # 29

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Options:

A.  

ESP transport mode

B.  

ESP confidential

C.  

AH permiscuous

D.  

AH Tunnel mode

Discussion 0
Question # 30

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.  

Traffic is Blocked on UDP Port 53

B.  

Traffic is Blocked on TCP Port 80

C.  

Traffic is Blocked on TCP Port 54

D.  

Traffic is Blocked on UDP Port 80

Discussion 0
Question # 31

Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)

Options:

A.  

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.  

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.  

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.  

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Discussion 0
Question # 32

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.  

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.  

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.  

Symmetric encryption allows the server to security transmit the session keys out-of-band.

D.  

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Discussion 0
Question # 33

MX record priority increases as the number increases. (True/False.)

Options:

A.  

True

B.  

False

Discussion 0
Question # 34

“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of

unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”

Fill in the blank with appropriate choice.

Options:

A.  

Evil Twin Attack

B.  

Sinkhole Attack

C.  

Collision Attack

D.  

Signal Jamming Attack

Discussion 0
Question # 35

A zone file consists of which of the following Resource Records (RRs)?

Options:

A.  

DNS, NS, AXFR, and MX records

B.  

DNS, NS, PTR, and MX records

C.  

SOA, NS, AXFR, and MX records

D.  

SOA, NS, A, and MX records

Discussion 0
Question # 36

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options:

A.  

200303028

B.  

3600

C.  

604800

D.  

2400

E.  

60

F.  

4800

Discussion 0
Question # 37

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.  

Although the approach has two phases, it actually implements just one authentication factor

B.  

The solution implements the two authentication factors: physical object and physical characteristic

C.  

The solution will have a high level of false positives

D.  

Biological motion cannot be used to identify people

Discussion 0
Question # 38

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.  

This is not possible

B.  

Netbus

C.  

NTFSDOS

D.  

L0phtcrack

Discussion 0
Question # 39

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options:

A.  

To determine who is the holder of the root account

B.  

To perform a DoS

C.  

To create needless SPAM

D.  

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.  

To test for virus protection

Discussion 0
Question # 40

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.  

A sniffing attack

B.  

A spoofing attack

C.  

A man in the middle attack

D.  

A denial of service attack

Discussion 0
Question # 41

Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting

Options:

A.  

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

B.  

Results matching all words in the query.

C.  

Results for matches on target.com and Marketing.target.com that include the word “accounting”

D.  

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

Discussion 0
Question # 42

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

Options:

A.  

110

B.  

135

C.  

139

D.  

161

E.  

445

F.  

1024

Discussion 0
Question # 43

Why is a penetration test considered to be more thorough than vulnerability scan?

Options:

A.  

Vulnerability scans only do host discovery and port scanning by default.

B.  

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

C.  

It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

D.  

The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Discussion 0
Question # 44

If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

Options:

A.  

Criminal

B.  

International

C.  

Common

D.  

Civil

Discussion 0
Question # 45

A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.

Which attack is being described here?

Options:

A.  

Desynchronization

B.  

Slowloris attack

C.  

Session splicing

D.  

Phlashing

Discussion 0
Question # 46

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

Options:

A.  

Use Alternate Data Streams to hide the outgoing packets from this server.

B.  

Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

C.  

Install Cryptcat and encrypt outgoing packets from this server.

D.  

Install and use Telnet to encrypt all outgoing traffic from this server.

Discussion 0
Question # 47

What is the following command used for?

sqlmap.py-u ,,http://10.10.1.20/?p=1 &forumaction=search" -dbs

Options:

A.  

Creating backdoors using SQL injection

B.  

A Enumerating the databases in the DBMS for the URL

C.  

Retrieving SQL statements being executed on the database

D.  

Searching database statements at the IP address given

Discussion 0
Question # 48

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

Options:

A.  

User-mode rootkit

B.  

Library-level rootkit

C.  

Kernel-level rootkit

D.  

Hypervisor-level rootkit

Discussion 0
Question # 49

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:

TTL: 64 Window Size: 5840

What is the OS running on the target machine?

Options:

A.  

Solaris OS

B.  

Windows OS

C.  

Mac OS

D.  

Linux OS

Discussion 0
Question # 50

Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

Options:

A.  

MITM attack

B.  

Birthday attack

C.  

DDoS attack

D.  

Password attack

Discussion 0
Question # 51

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can you tackle the problem?

Options:

A.  

The service is LDAP. and you must change it to 636. which is LDPAPS.

B.  

The service is NTP. and you have to change It from UDP to TCP in order to encrypt it

C.  

The findings do not require immediate actions and are only suggestions.

D.  

The service is SMTP, and you must change it to SMIM

E.  

which is an encrypted way to send emails.

Discussion 0
Question # 52

A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?

Options:

A.  

vendor risk management

B.  

Security awareness training

C.  

Secure deployment lifecycle

D.  

Patch management

Discussion 0
Question # 53

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

Options:

A.  

Timing-based attack

B.  

Side-channel attack

C.  

Downgrade security attack

D.  

Cache-based attack

Discussion 0
Question # 54

You want to analyze packets on your wireless network. Which program would you use?

Options:

A.  

Wireshark with Airpcap

B.  

Airsnort with Airpcap

C.  

Wireshark with Winpcap

D.  

Ethereal with Winpcap

Discussion 0
Question # 55

Which of the following tactics uses malicious code to redirect users' web traffic?

Options:

A.  

Spimming

B.  

Pharming

C.  

Phishing

D.  

Spear-phishing

Discussion 0
Question # 56

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?

Options:

A.  

XML injection

B.  

WS-Address spoofing

C.  

SOAPAction spoofing

D.  

Web services parsing attacks

Discussion 0
Question # 57

Which tool can be used to silently copy files from USB devices?

Options:

A.  

USB Grabber

B.  

USB Snoopy

C.  

USB Sniffer

D.  

Use Dumper

Discussion 0
Question # 58

Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

Options:

A.  

Rootkit

B.  

Trojan

C.  

Worm

D.  

Adware

Discussion 0
Question # 59

From the following table, identify the wrong answer in terms of Range (ft).

Standard Range (ft)

802.11a 150-150

802.11b 150-150

802.11g 150-150

802.16 (WiMax) 30 miles

Options:

A.  

802.16 (WiMax)

B.  

802.11g

C.  

802.11b

D.  

802.11a

Discussion 0
Question # 60

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

Options:

A.  

DNS cache snooping

B.  

DNSSEC zone walking

C.  

DNS tunneling method

D.  

DNS enumeration

Discussion 0
Question # 61

George, an employee of an organization, is attempting to access restricted websites from an official computer. For this purpose, he used an anonymizer that masked his real IP address and ensured complete and continuous anonymity for all his online activities. Which of the following anonymizers helps George hide his activities?

Options:

A.  

https://www.baidu.com

B.  

https://www.guardster.com

C.  

https://www.wolframalpha.com

D.  

https://karmadecay.com

Discussion 0
Question # 62

Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks?

Options:

A.  

WPA3-Personal

B.  

WPA2-Enterprise

C.  

Bluetooth

D.  

ZigBee

Discussion 0
Question # 63

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

Options:

A.  

False positives

B.  

True negatives

C.  

True positives

D.  

False negatives

Discussion 0
Question # 64

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open” but sets the SSID to a 32-character string of random letters and numbers.

What is an accurate assessment of this scenario from a security perspective?

Options:

A.  

Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.

B.  

Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.

C.  

It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

D.  

Javik’s router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

Discussion 0
Question # 65

What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

Options:

A.  

The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

B.  

Reveals the daily outgoing message limits before mailboxes are locked

C.  

The internal command RCPT provides a list of ports open to message traffic.

D.  

A list of all mail proxy server addresses used by the targeted host

Discussion 0
Question # 66

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.  

VPN footprinting

B.  

Email footprinting

C.  

VoIP footprinting

D.  

Whois footprinting

Discussion 0
Question # 67

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Options:

A.  

Presentation tier

B.  

Application Layer

C.  

Logic tier

D.  

Data tier

Discussion 0
Question # 68

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

Options:

A.  

WebSploit Framework

B.  

Browser Exploitation Framework

C.  

OSINT framework

D.  

SpeedPhish Framework

Discussion 0
Question # 69

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

Question # 69

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Options:

A.  

Switch then acts as hub by broadcasting packets to all machines on the network

B.  

The CAM overflow table will cause the switch to crash causing Denial of Service

C.  

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.  

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Discussion 0
Question # 70

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options:

A.  

Data items and vulnerability scanning

B.  

Interviewing employees and network engineers

C.  

Reviewing the firewalls configuration

D.  

Source code review

Discussion 0
Question # 71

Which of the following steps for risk assessment methodology refers to vulnerability identification?

Options:

A.  

Determines if any flaws exist in systems, policies, or procedures

B.  

Assigns values to risk probabilities; Impact values.

C.  

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

D.  

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

Discussion 0
Question # 72

During the process of encryption and decryption, what keys are shared?

Options:

A.  

Private keys

B.  

User passwords

C.  

Public keys

D.  

Public and private keys

Discussion 0
Question # 73

Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

Options:

A.  

Social engineering

B.  

insider threat

C.  

Password reuse

D.  

Reverse engineering

Discussion 0
Question # 74

Which of the following are well known password-cracking programs?

Options:

A.  

L0phtcrack

B.  

NetCat

C.  

Jack the Ripper

D.  

Netbus

E.  

John the Ripper

Discussion 0
Question # 75

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?

Options:

A.  

Create an incident checklist.

B.  

Select someone else to check the procedures.

C.  

Increase his technical skills.

D.  

Read the incident manual every time it occurs.

Discussion 0