2023 Valid 312-50v12 test answers ECCouncil Exam PDF Free ECCouncil 312-50v12 Exam Questions and Answer from Training Expert GuideTorrent The certification is recognized by many organizations and government agencies around the world, including the Department of Defense (DoD) in the United States. It is also recognized by many large corporations and is often a requirement for professionals who work [...]

All Products Contact now

2023 Valid 312-50v12 test answers & ECCouncil Exam PDF [Q177-Q193]

Share

2023 Valid 312-50v12 test answers & ECCouncil Exam PDF

Free ECCouncil 312-50v12 Exam Questions and Answer from Training Expert GuideTorrent


The certification is recognized by many organizations and government agencies around the world, including the Department of Defense (DoD) in the United States. It is also recognized by many large corporations and is often a requirement for professionals who work in the field of cybersecurity.


To prepare for the ECCouncil 312-50v12 exam, candidates must have a strong foundation in computer science, information technology, and network security. They should also be familiar with ethical hacking techniques and tools, as well as common vulnerabilities and exploits. A variety of study materials are available to help candidates prepare for the exam, including textbooks, online courses, and practice exams.

 

NEW QUESTION # 177
Which of the following commands checks for valid users on an SMTP server?

  • A. EXPN
  • B. VRFY
  • C. CHK
  • D. RCPT

Answer: B

Explanation:
The VRFY commands enables SMTP clients to send an invitation to an SMTP server to verify that mail for a selected user name resides on the server. The VRFY command is defined in RFC 821. The server sends a response indicating whether the user is local or not, whether mail are going to be forwarded, and so on. A response of 250 indicates that the user name is local; a response of 251 indicates that the user name isn't local, but the server can forward the message. The server response includes the mailbox name.


NEW QUESTION # 178
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

  • A. The network devices are not all synchronized.
  • B. The attacker altered or erased events from the logs.
  • C. The security breach was a false positive.
  • D. Proper chain of custody was not observed while collecting the logs.

Answer: A

Explanation:
Many network and system administrators don't pay enough attention to system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are many more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network's security devices do not have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won't be able to illustrate a smooth progression of events as they occurred throughout your network.


NEW QUESTION # 179
ViruXine.W32 virus hides their presence by changing the underlying executable code.
This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

  • A. Stealth Virus
  • B. Dravidic Virus
  • C. Metamorphic Virus
  • D. Polymorphic Virus

Answer: D


NEW QUESTION # 180
Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

  • A. Wardriving
  • B. jamming signal attack
  • C. KRACK attack
  • D. aLTEr attack

Answer: D

Explanation:
aLTEr attacks are usually performed on LTE devices Attacker installs a virtual (fake) communication tower between two authentic endpoints intending to mislead the victim This virtual tower is used to interrupt the data transmission between the user and real tower attempting to hijack the active session.
https://alter-attack.net/media/breaking_lte_on_layer_two.pdf
The new aLTEr attack can be used against nearly all LTE connected endpoints by intercepting traffic and redirecting it to malicious websites together with a particular approach for Apple iOS devices.
This attack works by taking advantage of a style flaw among the LTE network - the information link layer (aka: layer-2) of the LTE network is encrypted with AES-CTR however it's not integrity-protected, that is why an offender will modify the payload.
As a result, the offender is acting a classic man-in-the-middle wherever they're movement as a cell tower to the victim.


NEW QUESTION # 181
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

  • A. asymmetric algorithms
  • B. hashing algorithms
  • C. symmetric algorithms
  • D. integrity algorithms

Answer: B


NEW QUESTION # 182
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

  • A. Circuit
  • B. Packet Filtering
  • C. Application
  • D. Stateful

Answer: C

Explanation:
https://en.wikipedia.org/wiki/Internet_Relay_Chat
Internet Relay Chat (IRC) is an application layer protocol that facilitates communication in text. The chat process works on a client/server networking model. IRC clients are computer programs that users can install on their system or web-based applications running either locally in the browser or on a third-party server. These clients communicate with chat servers to transfer messages to other clients.
IRC is a plaintext protocol that is officially assigned port 194, according to IANA. However, running the service on this port requires running it with root-level permissions, which is inadvisable. As a result, the well-known port for IRC is 6667, a high-number port that does not require elevated privileges. However, an IRC server can also be configured to run on other ports as well.
You can't tell if an IRC server is designed to be malicious solely based on port number. Still, if you see an IRC server running on port a WKP such as 80, 8080, 53, 443, it's almost always going to be malicious; the only real reason for IRCD to be running on port 80 is to try to evade firewalls.
https://en.wikipedia.org/wiki/Application_firewall
An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the OSI model's application layer, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.
Application layer filtering operates at a higher level than traditional security appliances. This allows packet decisions to be made based on more than just source/destination IP Addresses or ports. It can also use information spanning across multiple connections for any given host.
Network-based application firewalls
Network-based application firewalls operate at the application layer of a TCP/IP stack. They can understand certain applications and protocols such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP). This allows it to identify unwanted applications or services using a non-standard port or detect if an allowed protocol is being abused.
Host-based application firewalls
A host-based application firewall monitors application system calls or other general system communication. This gives more granularity and control but is limited to only protecting the host it is running on. Control is applied by filtering on a per-process basis. Generally, prompts are used to define rules for processes that have not yet received a connection. Further filtering can be done by examining the process ID of the owner of the data packets. Many host-based application firewalls are combined or used in conjunction with a packet filter.


NEW QUESTION # 183
Which of the following tools can be used to perform a zone transfer?

  • A. Neotrace
  • B. NSLookup
  • C. Finger
  • D. Sam Spade
  • E. Host
  • F. Dig
  • G. Netcat

Answer: B,D,E,F


NEW QUESTION # 184
Which regulation defines security and privacy controls for Federal information systems and organizations?

  • A. EU Safe Harbor
  • B. NIST-800-53
  • C. PCI-DSS
  • D. HIPAA

Answer: B

Explanation:
NIST Special Publication 800-53 provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is published by the National Institute of Standards and Technology, which is a non-regulatory agency of the United States Department of Commerce. NIST develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Modernization Act of 2014 (FISMA) and to help with managing cost-effective programs to protect their information and information systems.


NEW QUESTION # 185
which type of virus can change its own code and then cipher itself multiple times as it replicates?

  • A. Stealth virus
  • B. Encryption virus
  • C. Tunneling virus
  • D. Cavity virus

Answer: A

Explanation:
A stealth virus may be a sort of virus malware that contains sophisticated means of avoiding detection by antivirus software. After it manages to urge into the now-infected machine a stealth viruses hides itself by continually renaming and moving itself round the disc. Like other viruses, a stealth virus can take hold of the many parts of one's PC. When taking control of the PC and performing tasks, antivirus programs can detect it, but a stealth virus sees that coming and can rename then copy itself to a special drive or area on the disc, before the antivirus software. Once moved and renamed a stealth virus will usually replace the detected 'infected' file with a clean file that doesn't trigger anti-virus detection. It's a never-ending game of cat and mouse. The intelligent architecture of this sort of virus about guarantees it's impossible to completely rid oneself of it once infected. One would need to completely wipe the pc and rebuild it from scratch to completely eradicate the presence of a stealth virus. Using regularly-updated antivirus software can reduce risk, but, as we all know, antivirus software is additionally caught in an endless cycle of finding new threats and protecting against them.
https://www.techslang.com/definition/what-is-a-stealth-virus/


NEW QUESTION # 186
Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

  • A. WebBrowserPassView
  • B. Outlook scraper
  • C. NetPass.exe
  • D. Credential enumerator

Answer: D


NEW QUESTION # 187
What is the role of test automation in security testing?

  • A. Test automation is not usable in security due to the complexity of the tests.
  • B. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
  • C. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
  • D. It is an option but it tends to be very expensive.

Answer: B


NEW QUESTION # 188
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

  • A. Broadcast ping
  • B. TCP ping
  • C. Hping
  • D. Traceroute

Answer: C

Explanation:
https://tools.kali.org/information-gathering/hping3
http://www.carnal0wnage.com/papers/LSO-Hping2-Basics.pdf


NEW QUESTION # 189
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?

  • A. Winpcap
  • B. Awinpcap
  • C. Winprom
  • D. Libpcap

Answer: A


NEW QUESTION # 190
You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

  • A. is-d abccorp.local
  • B. list server=192.168.10.2 type=all
  • C. List domain=Abccorp.local type=zone
  • D. Iserver 192.168.10.2-t all

Answer: A


NEW QUESTION # 191
Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

  • A. Reconnaissance attack
  • B. Replay attack
  • C. CrypTanalysis attack
  • D. Side-channel attack

Answer: B

Explanation:
Replay Attack could be a variety of security attack to the info sent over a network. In this attack, the hacker or a person with unauthorized access, captures the traffic and sends communication to its original destination, acting because the original sender. The receiver feels that it's Associate in Nursing genuine message however it's really the message sent by the aggressor. the most feature of the Replay Attack is that the consumer would receive the message double, thence the name, Replay Attack.
Prevention from Replay Attack : 1. Timestamp technique -
Prevention from such attackers is feasible, if timestamp is employed at the side of the info. Supposedly, the timestamp on an information is over a precise limit, it may be discarded, and sender may be asked to send the info once more.
2. Session key technique -
Another way of hindrance, is by victimisation session key. This key may be used one time (by sender and receiver) per dealing, and can't be reused.


NEW QUESTION # 192
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

  • A. Network-based scanner
  • B. Proxy scanner
  • C. Agent-based scanner
  • D. Cluster scanner

Answer: A

Explanation:
Network-based scanner
A network-based vulnerability scanner, in simplistic terms, is the process of identifying loopholes on a computer's network or IT assets, which hackers and threat actors can exploit. By implementing this process, one can successfully identify their organization's current risk(s). This is not where the buck stops; one can also verify the effectiveness of your system's security measures while improving internal and external defenses. Through this review, an organization is well equipped to take an extensive inventory of all systems, including operating systems, installed software, security patches, hardware, firewalls, anti-virus software, and much more.
Agent-based scanner
Agent-based scanners make use of software scanners on each and every device; the results of the scans are reported back to the central server. Such scanners are well equipped to find and report out on a range of vulnerabilities.
NOTE: This option is not suitable for us, since for it to work, you need to install a special agent on each computer before you start collecting data from them.


NEW QUESTION # 193
......


The ECCouncil 312-50v12 (Certified Ethical Hacker) certification covers a wide range of topics such as network scanning, hacking concepts, system hacking, and web application testing. The exam tests the knowledge and practical skills of the candidates in different areas of cyber security, including penetration testing, computer forensics, auditing, and security policies. Candidates need to demonstrate their proficiency in all these areas to obtain the certification.

 

Top ECCouncil 312-50v12 Courses Online: https://testking.guidetorrent.com/312-50v12-dumps-questions.html

Related Articles

more
ECCouncil 312-50v12 Certification Practice Exam