[Q172-Q196] Verified 312-50v12 dumps Q&As - Pass Guarantee or Full Refund [Dec-2024]

Verified 312-50v12 dumps Q&As - Pass Guarantee or Full Refund [Dec-2024]

312-50v12 PDF Dumps | Dec 26, 2024 Recently Updated Questions 

The ECCouncil 312-50v12 exam itself consists of 125 multiple choice questions and must be completed within four hours. The questions are designed to test a candidate's knowledge of both theoretical and practical aspects of ethical hacking. Candidates can take the exam at designated testing centers or online. 312-50v12 exam fee varies depending on the location and method of testing.

 

NEW QUESTION # 172
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.
Your peer, Peter Smith who works at the same department disagrees with you.
He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.
What is Peter Smith talking about?

• A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain
• B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
• C. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway
• D. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

Answer: A

NEW QUESTION # 173
ping-* 6 192.168.0.101
Output:
Pinging 192.168.0.101 with 32 bytes of data:
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101: bytes=32 time<1ms TTL=128
Reply from 192.168.0.101:
Ping statistics for 192.168.0101
Packets: Sent = 6, Received = 6, Lost = 0 (0% loss).
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
What does the option * indicate?

• A. a
• B. n
• C. t
• D. s

Answer: B

NEW QUESTION # 174
Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?

• A. nmap -Pn -sT -p 102 --script s7-info < Target IP >
• B. nmap -Pn -sT -p 46824 < Target IP >
• C. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
• D. nmap -Pn -sU -p 44818 --script enip-info < Target IP >

Answer: D

Explanation:
https://nmap.org/nsedoc/scripts/enip-info.html
Example Usage enip-info:
- nmap --script enip-info -sU -p 44818 <host>
This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number, Product code, Revision Number, status, state, as well as the Device IP.
This script was written based of information collected by using the the Wireshark dissector for CIP, and EtherNet/IP, The original information was collected by running a modified version of the ethernetip.py script (https://github.com/paperwork/pyenip)

NEW QUESTION # 175
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is the most likely able to handle this requirement?

• A. RADIUS
• B. DIAMETER
• C. TACACS+
• D. Kerberos

Answer: A

Explanation:
https://en.wikipedia.org/wiki/RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.
RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP. Network access servers, which control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. RADIUS is often the back-end of choice for 802.1X authentication. A RADIUS server is usually a background process running on UNIX or Microsoft Windows.
Authentication and authorization
The user or machine sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials. The credentials are passed to the NAS device via the link-layer protocol-for example, Point-to-Point Protocol (PPP) in the case of many dialup or DSL providers or posted in an HTTPS secure web form.
In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol.
This request includes access credentials, typically in the form of username and password or security certificate provided by the user. Additionally, the request may contain other information which the NAS knows about the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the NAS.
The RADIUS server checks that the information is correct using authentication schemes such as PAP, CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status, and specific network service access privileges. Historically, RADIUS servers checked the user's information against a locally stored flat-file database. Modern RADIUS servers can do this or can refer to external sources-commonly SQL, Kerberos, LDAP, or Active Directory servers-to verify the user's credentials.

The RADIUS server then returns one of three responses to the NAS:
1) Access-Reject,
2) Access-Challenge,
3) Access-Accept.
Access-Reject
The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account.
Access-Challenge
Requests additional information from the user such as a secondary password, PIN, token, or card. Access-Challenge is also used in more complex authentication dialogs where a secure tunnel is established between the user machine and the Radius Server in a way that the access credentials are hidden from the NAS.
Access-Accept
The user is granted access. Once the user is authenticated, the RADIUS server will often check that the user is authorized to use the network service requested. A given user may be allowed to use a company's wireless network, but not its VPN service, for example. Again, this information may be stored locally on the RADIUS server or may be looked up in an external source such as LDAP or Active Directory.

NEW QUESTION # 176
After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 389. Which service Is this and how can you tackle the problem?

• A. The service is LDAP. and you must change it to 636. which is LDPAPS.
• B. The service is NTP. and you have to change It from UDP to TCP in order to encrypt it
• C. The service is SMTP, and you must change it to SMIME. which is an encrypted way to send emails.
• D. The findings do not require immediate actions and are only suggestions.

Answer: A

Explanation:
https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
LDAP, the Lightweight Directory Access Protocol, is a mature, flexible, and well supported standards-based mechanism for interacting with directory servers. It's often used for authentication and storing information about users, groups, and applications, but an LDAP directory server is a fairly general-purpose data store and can be used in a wide variety of applications.
The LDAP protocol can deal in quite a bit of sensitive data: Active Directory usernames, login attempts, failed-login notifications, and more. If attackers get ahold of that data in flight, they might be able to compromise data like legitimate AD credentials and use it to poke around your network in search of valuable assets.
Encrypting LDAP traffic in flight across the network can help prevent credential theft and other malicious activity, but it's not a failsafe-and if traffic is encrypted, your own team might miss the signs of an attempted attack in progress.
While LDAP encryption isn't standard, there is a nonstandard version of LDAP called Secure LDAP, also known as "LDAPS" or "LDAP over SSL" (SSL, or Secure Socket Layer, being the now-deprecated ancestor of Transport Layer Security).
LDAPS uses its own distinct network port to connect clients and servers. The default port for LDAP is port
389, but LDAPS uses port 636 and establishes TLS/SSL upon connecting with a client.

NEW QUESTION # 177
Which of the following describes the characteristics of a Boot Sector Virus?

• A. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.
• B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
• C. Overwrites the original MBR and only executes the new virus code.
• D. Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

Answer: A

NEW QUESTION # 178
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario?

• A. UDP flood attack
• B. Ping-of-death attack
• C. Peer-to-peer attack
• D. Spoofed session flood attack

Answer: D

NEW QUESTION # 179
During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

• A. Temporal metric represents the inherent qualities of a vulnerability
• B. Environmental metric involves the features that change during the lifetime of the vulnerability
• C. Base metric represents the inherent qualities of a vulnerability
• D. Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation

Answer: C

Explanation:
The base metric represents the inherent qualities of a vulnerability, according to the Common Vulnerability Scoring System (CVSS). CVSS is a framework that numerically characterizes the severity of software vulnerabilities between the range of 0-10. CVSS consists of three metric groups: Base, Temporal, and Environmental. The base metric group captures the characteristics of a vulnerability that are constant over time and across user environments. The base metric group consists of six sub-metrics: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, and Impact. The impact sub-metric further consists of three sub-metrics: Confidentiality, Integrity, and Availability. The base metric group produces a score ranging from 0 to 10, which reflects the intrinsic and fundamental properties of a vulnerability12.
The other options are not correct for the following reasons:
* A. Temporal metric represents the inherent qualities of a vulnerability: This option is incorrect because the temporal metric group captures the characteristics of a vulnerability that change over time due to events external to the vulnerability. The temporal metric group consists of three sub-metrics: Exploit Code Maturity, Remediation Level, and Report Confidence. The temporal metric group modifies the
* base score to reflect the current state of the vulnerability, such as the availability of exploit code, the existence of patches or workarounds, and the degree of verification of the vulnerability report12.
* C. Environmental metric involves the features that change during the lifetime of the vulnerability: This option is incorrect because the environmental metric group captures the characteristics of a vulnerability that are relevant and unique to a user's environment. The environmental metric group consists of three sub-metrics: Modified Attack Vector, Modified Attack Complexity, and Modified Privileges Required.
The environmental metric group also allows the user to assign importance values to the impact sub-metrics: Confidentiality Requirement, Integrity Requirement, and Availability Requirement. The environmental metric group modifies the base and temporal scores to reflect the impact of the vulnerability on the user's specific environment, such as the network configuration, the security objectives, and the asset value12.
* D. Temporal metric involves measuring vulnerabilities based on a specific environment or implementation: This option is incorrect because the temporal metric group does not involve measuring vulnerabilities based on a specific environment or implementation, but rather on the factors that change over time due to events external to the vulnerability. The environmental metric group, not the temporal metric group, involves measuring vulnerabilities based on a specific environment or implementation, as explained in option C.
References:
* 1: What is CVSS - Common Vulnerability Scoring System - SANS Institute
* 2: Common Vulnerability Scoring System - Wikipedia

NEW QUESTION # 180
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

• A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
• B. Extraction of cryptographic secrets through coercion or torture.
• C. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.
• D. A backdoor placed into a cryptographic algorithm by its creator.

Answer: B

Explanation:
A powerful and often the most effective cryptanalysis method in which the attack is directed at the most vulnerable link in the cryptosystem - the person. In this attack, the cryptanalyst uses blackmail, threats, torture, extortion, bribery, etc. This method's main advantage is the decryption time's fundamental independence from the volume of secret information, the length of the key, and the cipher's mathematical strength.
The method can reduce the time to guess a password, for example, for AES, to an acceptable level; however, it requires special authorization from the relevant regulatory authorities. Therefore, it is outside the scope of this course and is not considered in its practical part.

NEW QUESTION # 181
What is correct about digital signatures?

• A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
• B. Digital signatures may be used in different documents of the same type.
• C. Digital signatures are issued once for each user and can be used everywhere until they expire.
• D. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

Answer: A

NEW QUESTION # 182
What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

• A. APK.info
• B. AndroidManifest.xml
• C. resources.asrc
• D. classes.dex

Answer: B

Explanation:
The AndroidManifest.xml file contains information of your package, including components of the appliance like activities, services, broadcast receivers, content providers etc. It performs another tasks also: * it's responsible to guard the appliance to access any protected parts by providing the permissions. * It also declares the android api that the appliance goes to use. * It lists the instrumentation classes. The instrumentation classes provides profiling and other informations. These informations are removed just before the appliance is published etc. This is the specified xml file for all the android application and located inside the basis directory.

NEW QUESTION # 183
Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense strategies against attacks.
What is the technique used by Jacob in the above scenario to improve the security of the mobile application?

• A. Jailbreaking
• B. App sandboxing
• C. Reverse engineering
• D. Social engineering

Answer: C

NEW QUESTION # 184
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

• A. PLCinject
• B. Slowloris
• C. PyLoris
• D. Evilginx

Answer: D

Explanation:
Evilginx Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server.

NEW QUESTION # 185
Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

• A. Preparation phase
• B. Identification phase
• C. Containment phase
• D. Recovery phase

Answer: A

NEW QUESTION # 186
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

• A. Cluster scanner
• B. Agent-based scanner
• C. Network-based scanner
• D. Proxy scanner

Answer: C

Explanation:
Network-based scanner
A network-based vulnerability scanner, in simplistic terms, is the process of identifying loopholes on a computer's network or IT assets, which hackers and threat actors can exploit. By implementing this process, one can successfully identify their organization's current risk(s). This is not where the buck stops; one can also verify the effectiveness of your system's security measures while improving internal and external defenses. Through this review, an organization is well equipped to take an extensive inventory of all systems, including operating systems, installed software, security patches, hardware, firewalls, anti-virus software, and much more.
Agent-based scanner
Agent-based scanners make use of software scanners on each and every device; the results of the scans are reported back to the central server. Such scanners are well equipped to find and report out on a range of vulnerabilities.
NOTE: This option is not suitable for us, since for it to work, you need to install a special agent on each computer before you start collecting data from them.

NEW QUESTION # 187
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
What seems to be wrong?

• A. OS Scan requires root privileges.
• B. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
• C. This is a common behavior for a corrupted nmap application.
• D. The nmap syntax is wrong.

Answer: A

NEW QUESTION # 188
ViruXine.W32 virus hides their presence by changing the underlying executable code.
This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

• A. Polymorphic Virus
• B. Metamorphic Virus
• C. Stealth Virus
• D. Dravidic Virus

Answer: A

NEW QUESTION # 189
The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:
You are hired to conduct security testing on their network.
You successfully brute-force the SNMP community string using a SNMP crack tool.
The access-list configured at the router prevents you from establishing a successful connection.
You want to retrieve the Cisco configuration from the router. How would you proceed?

• A. Use the Cisco's TFTP default password to connect and download the configuration file
• B. Run a network sniffer and capture the returned traffic with the configuration file from the router
• C. Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0
• D. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

Answer: B,C

NEW QUESTION # 190
In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

• A. User-directed spidering with tools like Burp Suite and WebScarab
• B. Using Photon to retrieve archived URLs of the target website from archive.org
• C. Examining HTML source code and cookies
• D. Using the Netcraft tool to gather website information

Answer: A

Explanation:
User-directed spidering is a technique that allows the hacker to manually browse the target website and use a proxy or spider tool to capture and analyze the traffic. This way, the hacker can discover hidden or dynamic content that standard web spiders may miss due to a specific file in the root directory, such as robots.txt, that instructs them not to crawl certain pages or directories. User-directed spidering can also help the hacker to bypass authentication or authorization mechanisms, as well as identify vulnerabilities or sensitive information in the target website. User-directed spidering can be performed with tools like Burp Suite and WebScarab, which are web application security testing tools that can intercept, modify, and replay HTTP requests and responses, as well as perform various attacks and scans on the target website.
The other options are not likely to achieve the same results as user-directed spidering. Using Photon to retrieve archived URLs of the target website from archive.org may provide some historical information about the website, but it may not reflect the current state or content of the website. Using the Netcraft tool to gather website information may provide some general information about the website, such as its IP address, domain name, server software, or hosting provider, but it may not reveal the specific files or web pages on the website.
Examining HTML source code and cookies may provide some clues about the website's structure, functionality, or user preferences, but it may not expose the hidden or dynamic content that user-directed spidering can discover. References:
* User Directed Spidering with Burp
* Web Spidering - What Are Web Crawlers & How to Control Them
* Web Security: Recon
* Mapping the Application for Penetrating Web Applications - 1

NEW QUESTION # 191
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?

• A. Web services parsing attacks
• B. XML injection
• C. SOAPAction spoofing
• D. WS-Address spoofing

Answer: D

Explanation:
WS-Address provides additional routing information in the SOAP header to support asynchronous communication. This technique allows the transmission of web service requests and response messages using different TCP connections
https://www.google.com/search?client=firefox-b-d&q=WS-Address+spoofing
CEH V11 Module 14 Page 1896

NEW QUESTION # 192
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: [email protected]
To: [email protected] Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ's email gateway doesn't prevent what?

• A. Email Harvesting
• B. Email Spoofing
• C. Email Phishing
• D. Email Masquerading

Answer: B

Explanation:
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source. Because core email protocols do not have a built-in method of authentication, it is common for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation.
Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems and sometimes pose a real security threat.

NEW QUESTION # 193
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

• A. openssl_client -site www.website.com:443
• B. openssl_client -connect www.website.com:443
• C. openssl s_client -site www.website.com:443
• D. openssl s_client -connect www.website.com:443

Answer: D

NEW QUESTION # 194
Which of the following statements is FALSE with respect to Intrusion Detection Systems?

• A. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
• B. Intrusion Detection Systems can examine the contents of the data n context of the network protocol
• C. Intrusion Detection Systems require constant update of the signature library
• D. Intrusion Detection Systems can be configured to distinguish specific content in network packets

Answer: A

NEW QUESTION # 195
In the context of Windows Security, what is a 'null' user?

• A. A pseudo account that has no username and password
• B. A user that has no skills
• C. A pseudo account that was created for security administration purpose
• D. An account that has been suspended by the admin

Answer: A

NEW QUESTION # 196
......

312-50v12 Exam Questions – Valid 312-50v12 Dumps Pdf: https://www.realvce.com/312-50v12_free-dumps.html

312-50v12 Practice Test Questions Answers Updated 573 Questions: https://drive.google.com/open?id=1oZe2U_AUPG2fAiVCBvmwMyjphzJFYeMv