Free Access to ECCouncil.312-50v12.v2024-03-26.q138 with Valid Practice Test (Page 22)

Question 101

An attacker scans a host with the below command. Which three flags are set?
# nmap -sX host.domain.com

A.This is Xmas scan. URG, PUSH and FIN are set.
B.This is SYN scan. SYN flag is set.
C.This is Xmas scan. SYN and ACK flags are set.
D.This is ACK scan. ACK flag is set.

Question 102

Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1) for performing its functions. What is the algorithm employed by Harper to secure the email messages?

A.CAST-128
B.AES
C.DES
D.GOST block cipher

Question 103

Which of the following is a low-tech way of gaining unauthorized access to systems?

A.Social Engineering
B.Eavesdropping
C.Scanning
D.Sniffing

Question 104

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send her an email changing the source email to her boss's email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

A.Social engineering
B.Piggybacking
C.Tailgating
D.Eavesdropping

Correct Answer: A

Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Social engineering attacks typically involve some form of psychological manipulation, fooling otherwise unsuspecting users or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the victim to promptly reveal sensitive information, click a malicious link, or open a malicious file. Because social engineering involves a human element, preventing these attacks can be tricky for enterprises.
Incorrect answers:
Tailgating and Piggybacking are the same thing
Tailgating, sometimes referred to as piggybacking, is a physical security breach in which an unauthorized person follows an authorized individual to enter a secured premise.
Tailgating provides a simple social engineering-based way around many security mechanisms one would think of as secure. Even retina scanners don't help if an employee holds the door for an unknown person behind them out of misguided courtesy.
People who might tailgate include disgruntled former employees, thieves, vandals, mischief-makers, and issues with employees or the company. Any of these can disrupt business, cause damage, create unexpected costs, and lead to further safety issues.
Eavesdropping https://en.wikipedia.org/wiki/Eavesdropping
Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Since the beginning of the digital age, the term has also come to hold great significance in the world of cybersecurity.
The question does not specify at what level and how this attack is used. An attacker can eavesdrop on a conversation or use special software and obtain information on the network. There are many options, but this is not important because the correct answer is clearly not related to information interception.

Question 105

Which of the following describes the characteristics of a Boot Sector Virus?

A.Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.
B.Modifies directory table entries so that directory entries point to the virus code instead of the actual program.
C.Overwrites the original MBR and only executes the new virus code.
D.Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

Question 101

Question 102

Question 103

Question 104

Question 105

Download PDF File