312-50v12 MCQs
312-50v12 TestPrep 312-50v12 Study Guide 312-50v12 Practice Test
312-50v12 Exam Questions
killexams.com
Certified Ethical Hacker Exam (CEHv12)
https://killexams.com/pass4sure/exam-detail/312-50v12
Question: 120
DHCP snooping is a great solution to prevent rogue DHCP servers on your network.
Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?
Spanning tree
Dynamic ARP Inspection (DAI)
Port security
Layer 2 Attack Prevention Protocol (LAPP)
Dynamic ARP inspection (DAI) protects switching devices against Address Resolution Protocol (ARP) packet spoofing (also known as ARP poisoning or ARP cache poisoning). DAI inspects ARPs on the LAN and uses the information in the DHCP snooping database on the switch to validate ARP packets and to protect against ARP spoofing. ARP requests and replies are compared against entries in the DHCP snooping database, and filtering decisions are made based on the results of those comparisons. When an attacker tries to use a forged ARP packet to spoof an address, the switch compares the address with entries in the database. If the media access control (MAC) address or IP address in the ARP packet does not match a valid entry in the DHCP snooping database, the packet is dropped.
Question: 121
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
He will activate OSPF on the spoofed root bridge.
He will repeat this action so that it escalates to a DoS attack.
He will repeat the same attack against all L2 switches of the network.
Question: 122
In the field of cryptanalysis, what is meant by a ???rubber-hose??? attack?
Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
A backdoor placed into a cryptographic algorithm by its creator.
Extraction of cryptographic secrets through coercion or torture.
Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.
A powerful and often the most effective cryptanalysis method in which the attack is directed at the most vulnerable link in the cryptosystem
??? the person. In this attack, the cryptanalyst uses blackmail, threats, torture, extortion, bribery, etc. This method???s main advantage is the decryption time???s fundamental independence from the volume of secret information, the length of the key, and the cipher???s mathematical strength.
The method can reduce the time to guess a password, for example, for AES, to an acceptable level; however, it requires special authorization from the relevant regulatory authorities. Therefore, it is outside the scope of this course and is not considered in its practical part.
Question: 123
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use? A. nmap -T4 -q 10.10.0.0/24
B. nmap -T4 -F 10.10.0.0/24 C. nmap -T4 -r 10.10.1.0/24 D. nmap -T4 -O 10.10.0.0/24
https://nmap.org/book/man-port-specification.html
NOTE: In my opinion, this is an absolutely wrong statement of the question. But you may come across a question with a similar wording on the exam.
What does "fast" mean? If we want to increase the speed and intensity of the scan we can select the mode using the -T flag (0/1/2/3/4/5). At high -T values, we will sacrifice stealth and gain speed, but we will not limit functionality.
??nmap -T4 -F 10.10.0.0/24?? This option is "correct" because of the -F flag. -F (Fast (limited port) scan)
Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100. Technically, scanning will be faster, but just because we have reduced the number of ports by 10 times, we are just doing 10 times less work, not faster.
Question: 124
An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?
The network devices are not all synchronized.
Proper chain of custody was not observed while collecting the logs.
The attacker altered or erased events from the logs.
The security breach was a false positive.
Many network and system administrators don???t pay enough attention to system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight- saving time changes are forgotten. Sure, there are many more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network???s security devices do not have synchronized times, the timestamps??? inaccuracy makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won???t be able to illustrate a smooth progression of events as they occurred throughout your network.
Question: 125
Why should the security analyst disable/remove unnecessary ISAPI filters?
To defend against social engineering attacks
To defend against webserver attacks
To defend against jailbreaking
To defend against wireless attacks
Question: 126
Which is the first step followed by Vulnerability Scanners for scanning a network?
OS Detection
Firewall detection
TCP/UDP Port scanning
Checking if the remote host is alive
Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
Question: 127
Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host
names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.
What do you think Tess King is trying to accomplish? Select the best answer.
A zone harvesting
A zone transfer
A zone update
A zone estimate
Question: 128
What is not a PCI compliance recommendation?
Use a firewall between the public network and the payment card data.
Use encryption to protect all transmission of card holder data over any public network.
Rotate employees handling credit card transactions on a yearly basis to different departments.
Limit access to card holder data to as few individuals as possible.
https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security Build and Maintain a Secure Network
Question: 129
What is not a PCI compliance recommendation?
Use a firewall between the public network and the payment card data.
Use encryption to protect all transmission of card holder data over any public network.
Rotate employees handling credit card transactions on a yearly basis to different departments.
Limit access to card holder data to as few individuals as possible.
https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security Build and Maintain a Secure Network
Question: 130
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE???s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very
easy?
Public
Private
Shared
Root
Question: 131
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: [email protected]
To: [email protected] Subject: Test message Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ???s email gateway doesn???t prevent what?
Email Masquerading
Email Harvesting
Email Phishing
Email Spoofing
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source. Because core email protocols do not have a built-in method of authentication, it is common for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems and sometimes pose a real security threat.
Question: 132
Which is the first step followed by Vulnerability Scanners for scanning a network?
OS Detection
Firewall detection
TCP/UDP Port scanning
Checking if the remote host is alive
Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
Question: 133
?????????..is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.???
Fill in the blank with appropriate choice.
Evil Twin Attack
Sinkhole Attack
Collision Attack
Signal Jamming Attack
https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)
An evil twin attack is a hack attack in which a hacker sets up a fake Wi-Fi network that looks like a legitimate access point to steal victims??? sensitive details. Most often, the victims of such attacks are ordinary people like you and me.
The attack can be performed as a man-in-the-middle (MITM) attack. The fake Wi-Fi access point is used to eavesdrop on users and steal their login credentials or other sensitive information. Because the hacker owns the equipment being used, the victim will have no idea that the hacker might be intercepting things like bank transactions.
An evil twin access point can also be used in a phishing scam. In this type of attack, victims will connect to the evil twin and will be lured to a phishing site. It will prompt them to enter their sensitive data, such as their login details. These, of course, will be sent straight to the hacker. Once the hacker gets them, they might simply disconnect the victim and show that the server is temporarily unavailable.
ADDITION: It may not seem obvious what happened. The problem is in the question statement. The attackers were not Alice and John, who were able to connect to the network without a password, but on the contrary, they were attacked and forced to connect to a fake network, and not to the real network belonging to Jane.
KILLEXAMS.COM
Killexams.com is a leading online platform specializing in high-quality certification exam preparation. Offering a robust suite of tools, including MCQs, practice tests, and advanced test engines, Killexams.com empowers candidates to excel in their certification exams. Discover the key features that make Killexams.com the go-to choice for exam success.
Killexams.com provides exam questions that are experienced in test centers. These questions are updated regularly to ensure they are up-to-date and relevant to the latest exam syllabus. By studying these questions, candidates can familiarize themselves with the content and format of the real exam.
Killexams.com offers exam MCQs in PDF format. These questions contain a comprehensive
collection of questions and answers that cover the exam topics. By using these MCQs, candidate can enhance their knowledge and improve their chances of success in the certification exam.
Killexams.com provides practice test through their desktop test engine and online test engine. These practice tests simulate the real exam environment and help candidates assess their readiness for the actual exam. The practice test cover a wide range of questions and enable candidates to identify their strengths and weaknesses.
Killexams.com offers a success guarantee with the exam MCQs. Killexams claim that by using this materials, candidates will pass their exams on the first attempt or they will get refund for the purchase price. This guarantee provides assurance and confidence to individuals preparing for certification exam.
Killexams.com regularly updates its question bank of MCQs to ensure that they are current and reflect the latest changes in the exam syllabus. This helps candidates stay up-to-date with the exam content and increases their chances of success.