• Home
  • Articles
  • First Attempt Guaranteed Success in 312-50v12 Exam 2023 [Q187-Q209]

First Attempt Guaranteed Success in 312-50v12 Exam 2023 [Q187-Q209]

Share

First Attempt Guaranteed Success in 312-50v12 Exam 2023

Real 312-50v12 Exam Questions are the Best Preparation Material

NEW QUESTION # 187
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

  • A. Application assessment
  • B. Most-based assessment
  • C. Distributed assessment
  • D. Wireless network assessment

Answer: D

Explanation:
Expanding your network capabilities are often done well using wireless networks, but it also can be a source of harm to your data system . Deficiencies in its implementations or configurations can allow tip to be accessed in an unauthorized manner.This makes it imperative to closely monitor your wireless network while also conducting periodic Wireless Network assessment. It identifies flaws and provides an unadulterated view of exactly how vulnerable your systems are to malicious and unauthorized accesses. Identifying misconfigurations and inconsistencies in wireless implementations and rogue access points can improve your security posture and achieve compliance with regulatory frameworks.


NEW QUESTION # 188
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

  • A. Nmap
  • B. Cain & Abel
  • C. Nessus
  • D. Snort

Answer: D


NEW QUESTION # 189
Which among the following is the best example of the third step (delivery) in the cyber kill chain?

  • A. An intruder sends a malicious attachment via email to a target.
  • B. An intruder creates malware to be used as a malicious attachment to an email.
  • C. An intruder's malware is installed on a target's machine.
  • D. An intruder's malware is triggered when a target opens a malicious email attachment.

Answer: A


NEW QUESTION # 190
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

  • A. SYN-ACK
  • B. RST
  • C. SYN
  • D. ACK

Answer: C


NEW QUESTION # 191
John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

  • A. DNSSEC zone walking
  • B. DNS enumeration
  • C. DNS cache snooping
  • D. DNS tunneling method

Answer: D

Explanation:
DNS tunneling may be a method wont to send data over the DNS protocol, a protocol which has never been intended for data transfer. due to that, people tend to overlook it and it's become a well-liked but effective tool in many attacks. Most popular use case for DNS tunneling is obtaining free internet through bypassing captive portals at airports, hotels, or if you are feeling patient the not-so-cheap on the wing Wi-Fi. On those shared internet hotspots HTTP traffic is blocked until a username/password is provided, however DNS traffic is usually still allowed within the background: we will encode our HTTP traffic over DNS and voilĂ , we've internet access. This sounds fun but reality is, browsing anything on DNS tunneling is slow. Like, back to 1998 slow. Another more dangerous use of DNS tunneling would be bypassing network security devices (Firewalls, DLP appliances...) to line up an immediate and unmonitored communications channel on an organisation's network. Possibilities here are endless: Data exfiltration, fixing another penetration testing tool... you name it. To make it even more worrying, there's an outsized amount of easy to use DNS tunneling tools out there. There's even a minimum of one VPN over DNS protocol provider (warning: the planning of the web site is hideous, making me doubt on the legitimacy of it). As a pentester all this is often great, as a network admin not such a lot .
How does it work:
For those that ignoramus about DNS protocol but still made it here, i feel you deserve a really brief on what DNS does: DNS is sort of a phonebook for the web , it translates URLs (human-friendly language, the person's name), into an IP address (machine-friendly language, the phone number). That helps us remember many websites, same as we will remember many people's names. For those that know what DNS is i might suggest looking here for a fast refresh on DNS protocol, but briefly what you would like to understand is: * A Record: Maps a website name to an IP address. example.com ? 12.34.52.67 * NS Record (a.k.a. Nameserver record): Maps a website name to an inventory of DNS servers, just in case our website is hosted in multiple servers. example.com ? server1.example.com, server2.example.com Who is involved in DNS tunneling? * Client. Will launch DNS requests with data in them to a website . * One Domain that we will configure. So DNS servers will redirect its requests to an outlined server of our own. * Server. this is often the defined nameserver which can ultimately receive the DNS requests. The 6 Steps in DNS tunneling (simplified): 1. The client encodes data during a DNS request. The way it does this is often by prepending a bit of knowledge within the domain of the request. for instance : mypieceofdata.server1.example.com 2. The DNS request goes bent a DNS server. 3. The DNS server finds out the A register of your domain with the IP address of your server. 4. The request for mypieceofdata.server1.example.com is forwarded to the server. 5. The server processes regardless of the mypieceofdata was alleged to do. Let's assume it had been an HTTP request. 6. The server replies back over DNS and woop woop, we've got signal.
Bypassing Firewalls through the DNS Tunneling Method DNS operates using UDP, and it has a 255-byte limit on outbound queries. Moreover, it allows only alphanumeric characters and hyphens. Such small size constraints on external queries allow DNS to be used as an ideal choice to perform data exfiltration by various malicious entities. Since corrupt or malicious data can be secretly embedded into the DNS protocol packets, even DNSSEC cannot detect the abnormality in DNS tunneling. It is effectively used by malware to bypass the firewall to maintain communication between the victim machine and the C&C server. Tools such as NSTX (https://sourceforge.net), Heyoka (http://heyoka.sourceforge.netuse), and Iodine (https://code.kryo.se) use this technique of tunneling traffic across DNS port 53. CEH v11 Module 12 Page 994


NEW QUESTION # 192
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

  • A. Application assessment
  • B. Host-based assessment
  • C. Distributed assessment
  • D. Wireless network assessment

Answer: D

Explanation:
Wireless network assessment determines the vulnerabilities in an organization's wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use weak and outdated security mechanisms and are open to attack. Wireless network assessments try to attack wireless authentication mechanisms and gain unauthorized access. This type of assessment tests wireless networks and identifies rogue networks that may exist within an organization's perimeter. These assessments audit client-specified sites with a wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access if they gain access to the wireless network.
Expanding your network capabilities are often done well using wireless networks, but it also can be a source of harm to your data system . Deficiencies in its implementations or configurations can allow tip to be accessed in an unauthorized manner.This makes it imperative to closely monitor your wireless network while also conducting periodic Wireless Network assessment. It identifies flaws and provides an unadulterated view of exactly how vulnerable your systems are to malicious and unauthorized accesses. Identifying misconfigurations and inconsistencies in wireless implementations and rogue access points can improve your security posture and achieve compliance with regulatory frameworks.


NEW QUESTION # 193
Steve, an attacker, created a fake profile on a social media website and sent a request to Stell a. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

  • A. Diversion theft
  • B. Piggybacking
  • C. Baiting
  • D. Honey trap

Answer: D

Explanation:
The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious file downloads. It infects the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.


NEW QUESTION # 194
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

  • A. Dsniff
  • B. John the Ripper
  • C. Nikto
  • D. Snort

Answer: C

Explanation:
https://en.wikipedia.org/wiki/Nikto_(vulnerability_scanner)
Nikto is a free software command-line vulnerability scanner that scans web servers for dangerous files/CGIs, outdated server software, and other problems. It performs generic and server types specific checks. It also captures and prints any cookies received. The Nikto code itself is free software, but the data files it uses to drive the program are not.


NEW QUESTION # 195
An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

  • A. AlienVault®OSSIM
  • B. Cisco ASA
  • C. Syhunt Hybrid
  • D. Saleae Logic Analyzer

Answer: C

Explanation:
Syhunt Hybrid combines comprehensive static and dynamic security scans to detect vulnerabilities like XSS, File Inclusion, SQL Injection, Command Execution and many more, including inferential, in-band and out-of-band attacks through Hybrid-Augmented Analysis (HAST). With Syhunt's unique gray box/hybrid scanning capability the information acquired during source code scans is automatically used to create and enhance dynamic scans. All entry points are covered generating detailed information about the security level of your web applications. Available for on-premises deployment for businesses using Windows and Linux 64-bit.
Web Server Security Tools - Web Application Security Scanners The Syhunt Hybrid scanner automates web application security testing and guards the organization's web infrastructure against web application security threats. Syhunt Dynamic crawls websites and detects XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. (P.1713/1697)


NEW QUESTION # 196
Which of the following tools are used for enumeration? (Choose three.)

  • A. SID2USER
  • B. USER2SID
  • C. DumpSec
  • D. Cheops
  • E. SolarWinds

Answer: A,B,C


NEW QUESTION # 197
In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?

  • A. Brute forcing
  • B. Banner grabbing
  • C. Dictionary attack
  • D. WhOiS lookup

Answer: B

Explanation:
Banner grabbing is a technique wont to gain info about a computer system on a network and the services running on its open ports. administrators will use this to take inventory of the systems and services on their network. However, an to find will use banner grabbing so as to search out network hosts that are running versions of applications and operating systems with known exploits.
Some samples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 severally. Tools normally used to perform banner grabbing are Telnet, nmap and Netcat.
For example, one may establish a connection to a target internet server using Netcat, then send an HTTP request. The response can usually contain info about the service running on the host:

This information may be used by an administrator to catalog this system, or by an intruder to narrow down a list of applicable exploits. To prevent this, network administrators should restrict access to services on their networks and shut down unused or unnecessary services running on network hosts. Shodan is a search engine for banners grabbed from portscanning the Internet.


NEW QUESTION # 198
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

  • A. IDS log
  • B. Internet Firewall/Proxy log.
  • C. Event logs on domain controller
  • D. Event logs on the PC

Answer: B


NEW QUESTION # 199
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

  • A. Exploration
  • B. Enumeration
  • C. Reconnaissance
  • D. Investigation

Answer: C

Explanation:
Cyber Kill Chain Methodology 1. Reconnaissance - Gathering information about the target.


NEW QUESTION # 200
What would you enter if you wanted to perform a stealth scan using Nmap?

  • A. nmap -sM
  • B. nmap -sS
  • C. nmap -sT
  • D. nmap -sU

Answer: B


NEW QUESTION # 201
An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

  • A. Wireshark
  • B. Tcpdump
  • C. Ettercap
  • D. Aircrack-ng

Answer: C


NEW QUESTION # 202
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

  • A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
  • B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
  • C. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
  • D. Symmetric encryption allows the server to security transmit the session keys out-of-band.

Answer: A


NEW QUESTION # 203
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

  • A. tcp.srcport= = 514 && ip.src= = 192.168.0.99
  • B. tcp.srcport= = 514 && ip.src= = 192.168.150
  • C. tcp.dstport= = 514 && ip.dst= = 192.168.0.99
  • D. tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Answer: D


NEW QUESTION # 204
Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.
Which of the following design flaws in the authentication mechanism is exploited by Calvin?

  • A. Password reset mechanism
  • B. Verbose failure messages
  • C. Insecure transmission of credentials
  • D. User impersonation

Answer: B


NEW QUESTION # 205
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

  • A. Exploration
  • B. Enumeration
  • C. Reconnaissance
  • D. Investigation

Answer: C


NEW QUESTION # 206
Which protocol is used for setting up secure channels between two devices, typically in VPNs?

  • A. ppp
  • B. PEM
  • C. SET
  • D. IPSEC

Answer: D


NEW QUESTION # 207
How does a denial-of-service attack work?

  • A. A hacker uses every character, word, or letter he or she can think of to defeat authentication
  • B. A hacker tries to decipher a password by using a system, which subsequently crashes the network
  • C. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
  • D. A hacker prevents a legitimate user (or group of users) from accessing a service

Answer: D


NEW QUESTION # 208
Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:
TTL: 64 Window Size: 5840
What is the OS running on the target machine?

  • A. Solaris OS
  • B. Mac OS
  • C. Windows OS
  • D. Linux OS

Answer: D


NEW QUESTION # 209
......

Practice LATEST 312-50v12 Exam Updated 505 Questions: https://examtorrent.testkingpdf.com/312-50v12-testking-pdf-torrent.html

Related Articles

more
ECCouncil 312-50v12 Certification Practice Exam

All our valid test online materials with stable pass king provided by us are edited by skilled experts in this field. The key points and prepare of latest PDF dumps for most the certifications will help you prepare easily for your test.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TestkingPDF NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy