EC-Council 312-50v10 Vce 2021

NEW QUESTION 1

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?

• A. Burpsuite
• B. Maskgen
• C. Dimitry
• D. Proxychains

Answer: A

Explanation:
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
References: https://portswigger.net/burp/

NEW QUESTION 2

What is the best defense against privilege escalation vulnerability?

• A. Patch systems regularly and upgrade interactive login privileges at the system administrator level.
• B. Run administrator and applications on least privileges and use a content registry for tracking.
• C. Run services with least privileged accounts and implement multi-factor authentication and authorization.
• D. Review user roles and administrator privileges for maximum utilization of automation services.

Answer: C

NEW QUESTION 3

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.
Based on this information, what should be one of your key recommendations to the bank?

• A. Place a front-end web server in a demilitarized zone that only handles external web traffic
• B. Require all employees to change their passwords immediately
• C. Move the financial data to another server on the same IP subnet
• D. Issue new certificates to the web servers from the root certificate authority

Answer: A

Explanation:
A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.
References: https://en.wikipedia.org/wiki/DMZ_(computing)

NEW QUESTION 4

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

• A. Use a scan tool like Nessus
• B. Use the built-in Windows Update tool
• C. Check MITRE.org for the latest list of CVE findings
• D. Create a disk image of a clean Windows installation

Answer: A

Explanation:
Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools.
The Nessus server is currently available for Unix, Linux and FreeBSD. The client is available for Unix- or Windows-based operating systems.
Note: Significant capabilities of Nessus include: References: http://searchnetworking.techtarget.com/definition/Nessus

NEW QUESTION 5

The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and

• A. non-repudiation.
• B. operability.
• C. security.
• D. usability.

Answer: A

NEW QUESTION 6

What is a successful method for protecting a router from potential smurf attacks?

• A. Placing the router in broadcast mode
• B. Enabling port forwarding on the router
• C. Installing the router outside of the network's firewall
• D. Disabling the router from accepting broadcast ping messages

Answer: D

NEW QUESTION 7

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

• A. Asymmetric
• B. Confidential
• C. Symmetric
• D. Non-confidential

Answer: A

NEW QUESTION 8

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

• A. Sender's public key
• B. Receiver's private key
• C. Receiver's public key
• D. Sender's private key

Answer: D

NEW QUESTION 9

Which element of Public Key Infrastructure (PKI) verifies the applicant?

• A. Certificate authority
• B. Validation authority
• C. Registration authority
• D. Verification authority

Answer: C

NEW QUESTION 10

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

• A. The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
• B. The root CA stores the user's hash value for safekeeping.
• C. The CA is the trusted root that issues certificates.
• D. The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Answer: C

NEW QUESTION 11

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?

• A. CHNTPW
• B. Cain & Abel
• C. SET
• D. John the Ripper

Answer: A

Explanation:
chntpw is a software utility for resetting or blanking local passwords used by Windows NT, 2000, XP, Vista, 7, 8 and 8.1. It does this by editing the SAM database where Windows stores password hashes.
References: https://en.wikipedia.org/wiki/Chntpw

NEW QUESTION 12

What is not a PCI compliance recommendation?

• A. Limit access to card holder data to as few individuals as possible.
• B. Use encryption to protect all transmission of card holder data over any public network.
• C. Rotate employees handling credit card transactions on a yearly basis to different departments.
• D. Use a firewall between the public network and the payment card data.

Answer: C

NEW QUESTION 13

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

• A. Chosen-plaintext attack
• B. Ciphertext-only attack
• C. Adaptive chosen-plaintext attack
• D. Known-plaintext attack

Answer: A

NEW QUESTION 14

Which of the following items is unique to the N-tier architecture method of designing software applications?

• A. Application layers can be separated, allowing each layer to be upgraded independently from other layers.
• B. It is compatible with various databases including Access, Oracle, and SQL.
• C. Data security is tied into each layer and must be updated for all layers when any upgrade is performed.
• D. Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

Answer: A

NEW QUESTION 15

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

• A. Hardware, Software, and Sniffing.
• B. Hardware and Software Keyloggers.
• C. Passwords are always best obtained using Hardware key loggers.
• D. Software only, they are the most effective.

Answer: A

NEW QUESTION 16

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

• A. har.txt
• B. SAM file
• C. wwwroot
• D. Repair file

Answer: B

NEW QUESTION 17

What does the -oX flag do in an Nmap scan?

• A. Perform an express scan
• B. Output the results in truncated format to the screen
• C. Perform an Xmas scan
• D. Output the results in XML format to a file

Answer: D

NEW QUESTION 18

Which of the following types of firewall inspects only header information in network traffic?

• A. Packet filter
• B. Stateful inspection
• C. Circuit-level gateway
• D. Application-level gateway

Answer: A

NEW QUESTION 19

Which component of IPsec performs protocol-level functions that are required to encrypt and decrypt the packets?

• A. Internet Key Exchange (IKE)
• B. Oakley
• C. IPsec Policy Agent
• D. IPsec driver

Answer: A

NEW QUESTION 20

Which definition among those given below best describes a covert channel?

• A. A server program using a port that is not well known.
• B. Making use of a protocol in a way it is not intended to be used.
• C. It is the multiplexing taking place on a communication link.
• D. It is one of the weak channels used by WEP which makes it insecure

Answer: B

NEW QUESTION 21

Which of the following is a low-tech way of gaining unauthorized access to systems?

• A. Social Engineering
• B. Sniffing
• C. Eavesdropping
• D. Scanning

Answer: A

Explanation:
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access.
References: https://en.wikipedia.org/wiki/Social_engineering_(security)

NEW QUESTION 22

Which of the following is a component of a risk assessment?

• A. Administrative safeguards
• B. Physical security
• C. DMZ
• D. Logical interface

Answer: A

Explanation:
Risk assessment include:
References: https://en.wikipedia.org/wiki/IT_risk_management#Risk_assessment

NEW QUESTION 23

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the configuration of this Windows system you find two static routes.
route add 10.0.0.0 mask 255.0.0.0 10.0.0.1
route add 0.0.0.0 mask 255.0.0.0 199.168.0.1 What is the main purpose of those static routes?

• A. Both static routes indicate that the traffic is external with different gateway.
• B. The first static route indicates that the internal traffic will use an external gateway and the second static route indicates that the traffic will be rerouted.
• C. Both static routes indicate that the traffic is internal with different gateway.
• D. The first static route indicates that the internal addresses are using the internal gateway and the second static route indicates that all the traffic that is not internal must go to an external gateway.

Answer: D

NEW QUESTION 24

Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)

• A. Converts passwords to uppercase.
• B. Hashes are sent in clear text over the network.
• C. Makes use of only 32-bit encryption.
• D. Effective length is 7 characters.

Answer: ABD

NEW QUESTION 25

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

• A. Unplug the network connection on the company’s web server.
• B. Determine the origin of the attack and launch a counterattack.
• C. Record as much information as possible from the attack.
• D. Perform a system restart on the company’s web server.

Answer: C

NEW QUESTION 26

Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?

• A. NET FILE
• B. NET USE
• C. NET CONFIG
• D. NET VIEW

Answer: B

NEW QUESTION 27

Which of the following lists are valid data-gathering activities associated with a risk assessment?

• A. Threat identification, vulnerability identification, control analysis
• B. Threat identification, response identification, mitigation identification
• C. Attack profile, defense profile, loss profile
• D. System profile, vulnerability identification, security determination

Answer: A

NEW QUESTION 28

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

• A. Eve is trying to connect as a user with Administrator privileges
• B. Eve is trying to enumerate all users with Administrative privileges
• C. Eve is trying to carry out a password crack for user Administrator
• D. Eve is trying to escalate privilege of the null user to that of Administrator

Answer: C

NEW QUESTION 29
......