Free Access to ECCouncil.312-50v11.v2022-02-28.q154 with Valid Practice Test (Page 12)

Question 51

Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?

A.it is not necessary to perform any actions, as SNMP is not carrying important information.
B.RPC and the best practice is to disable RPC completely
C.SNMP and he should change it to SNMP v2, which is encrypted
D.SNMP and he should change it to SNMP V3

Question 52

Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?

A.Preparation
B.Eradication
C.Incident recording and assignment
D.Incident triage

Correct Answer: D

Triage is that the initial post-detection incident response method any responder can execute to open an event or false positive. Structuring an efficient and correct triage method can reduce analyst fatigue, reduce time to reply to and right incidents, and ensure that solely valid alerts are promoted to "investigation or incident" status.
Every part of the triage method should be performed with urgency, as each second counts once in the inside of a crisis. However, triage responders face the intense challenge of filtering an unwieldy input supply into a condensed trickle of events. Here are some suggestions for expediting analysis before knowledge is validated:
Organization: reduce redundant analysis by developing a workflow that may assign tasks to responders. Avoid sharing an email box or email alias between multiple responders. Instead use a workflow tool, like those in security orchestration, automation, and response (SOAR) solutions, to assign tasks. Implement a method to re-assign or reject tasks that are out of scope for triage.
Correlation: Use a tool like a security info and even management (SIEM) to mix similar events. Link potentially connected events into one useful event.
Data Enrichment: automate common queries your responders perform daily, like reverse DNS lookups, threat intelligence lookups, and IP/domain mapping. Add this knowledge to the event record or make it simply accessible.
Moving full speed ahead is that the thanks to get through the initial sorting method however a a lot of detailed, measured approach is necessary throughout event verification. Presenting a robust case to be accurately evaluated by your security operations center (SOC) or cyber incident response team (CIRT) analysts is key. Here are many tips for the verification:
Adjacent Data: Check the data adjacent to the event. for example, if an end has a virus signature hit, look to visualize if there's proof the virus is running before career for more response metrics.
Intelligence Review: understand the context around the intelligence. simply because an ip address was flagged as a part of a botnet last week doesn't mean it still is an element of a botnet today.
Initial Priority: Align with operational incident priorities and classify incidents appropriately. ensure the right level of effort is applied to every incident.
Cross Analysis: look for and analyze potentially shared keys, like science addresses or domain names, across multiple knowledge sources for higher knowledge acurity.

Question 53

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

A.Proxy scanner
B.Agent-based scanner
C.Network-based scanner
D.Cluster scanner

Question 54

Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?
<!DOCTYPE blah [ < IENTITY trustme SYSTEM "file:///etc/passwd" > ] >

A.IDOR
B.XXS
C.XXE
D.SQLi

Question 55

Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From this information, he retrieved contextual information about security events and incidents that helped him disclose potential risks and gain insight into attacker methodologies. He collected the information from sources such as humans, social media, and chat rooms as well as from events that resulted in cyberattacks. In this process, he also prepared a report that includes identified malicious activities, recommended courses of action, and warnings for emerging attacks. What is the type of threat intelligence collected by Arnold in the above scenario?

A.Tactical threat intelligence
B.Operational threat intelligence
C.Strategic threat intelligence
D.Technical threat intelligence

Question 51

Question 52

Question 53

Question 54

Question 55

Download PDF File