Free Access to ECCouncil.312-50v12.v2024-07-08.q287 with Valid Practice Test (Page 13)

Question 56

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

A.The CFO can use an excel file with a password
B.The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
C.The document can be sent to the accountant using an exclusive USB for that document
D.The CFO can use a hash algorithm in the document once he approved the financial statements

Question 57

John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?

A.DNS cache snooping
B.DNSSEC zone walking
C.DNS tunneling method
D.DNS enumeration

Correct Answer: C

DNS tunneling may be a method wont to send data over the DNS protocol, a protocol which has never been intended for data transfer. due to that, people tend to overlook it and it's become a well-liked but effective tool in many attacks. Most popular use case for DNS tunneling is obtaining free internet through bypassing captive portals at airports, hotels, or if you are feeling patient the not-so-cheap on the wing Wi-Fi. On those shared internet hotspots HTTP traffic is blocked until a username/password is provided, however DNS traffic is usually still allowed within the background: we will encode our HTTP traffic over DNS and voila, we've internet access. This sounds fun but reality is, browsing anything on DNS tunneling is slow. Like, back to 1998 slow. Another more dangerous use of DNS tunneling would be bypassing network security devices (Firewalls, DLP appliances...) to line up an immediate and unmonitored communications channel on an organisation's network. Possibilities here are endless: Data exfiltration, fixing another penetration testing tool... you name it. To make it even more worrying, there's an outsized amount of easy to use DNS tunneling tools out there. There's even a minimum of one VPN over DNS protocol provider (warning: the planning of the web site is hideous, making me doubt on the legitimacy of it). As a pentester all this is often great, as a network admin not such a lot .
How does it work:
For those that ignoramus about DNS protocol but still made it here, i feel you deserve a really brief explanation on what DNS does: DNS is sort of a phonebook for the web , it translates URLs (human-friendly language, the person's name), into an IP address (machine-friendly language, the phone number). That helps us remember many websites, same as we will remember many people's names. For those that know what DNS is i might suggest looking here for a fast refresh on DNS protocol, but briefly what you would like to understand is: * A Record: Maps a website name to an IP address. example.com ? 12.34.52.67 * NS Record (a.k.a. Nameserver record): Maps a website name to an inventory of DNS servers, just in case our website is hosted in multiple servers. example.com ? server1.example.com, server2.example.com Who is involved in DNS tunneling? * Client. Will launch DNS requests with data in them to a website . * One Domain that we will configure. So DNS servers will redirect its requests to an outlined server of our own. * Server. this is often the defined nameserver which can ultimately receive the DNS requests. The 6 Steps in DNS tunneling (simplified): 1. The client encodes data during a DNS request. The way it does this is often by prepending a bit of knowledge within the domain of the request. for instance : mypieceofdata.server1.example.com 2. The DNS request goes bent a DNS server. 3. The DNS server finds out the A register of your domain with the IP address of your server. 4. The request for mypieceofdata.server1.example.com is forwarded to the server. 5. The server processes regardless of the mypieceofdata was alleged to do. Let's assume it had been an HTTP request. 6. The server replies back over DNS and woop woop, we've got signal.
Bypassing Firewalls through the DNS Tunneling Method DNS operates using UDP, and it has a 255-byte limit on outbound queries. Moreover, it allows only alphanumeric characters and hyphens. Such small size constraints on external queries allow DNS to be used as an ideal choice to perform data exfiltration by various malicious entities. Since corrupt or malicious data can be secretly embedded into the DNS protocol packets, even DNSSEC cannot detect the abnormality in DNS tunneling. It is effectively used by malware to bypass the firewall to maintain communication between the victim machine and the C&C server. Tools such as NSTX (https://sourceforge.net), Heyoka (http://heyoka.sourceforge.netuse), and Iodine (https://code.kryo.se) use this technique of tunneling traffic across DNS port 53. CEH v11 Module 12 Page 994

Question 58

What tool can crack Windows SMB passwords simply by listening to network traffic?

A.This is not possible
B.NTFSDOS
C.L0phtcrack
D.Netbus

Question 59

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

A.Code Emulation
B.Integrity checking
C.Heuristic Analysis
D.Scanning

Question 60

Your company, Encryptor Corp, is developing a new application that will handle highly sensitive user information. As a cybersecurity specialist, you want to ensure this data is securely stored. The development team proposes a method where data is hashed and then encrypted before storage. However, you want an added layer of security to verify the integrity of the data upon retrieval. Which of the following cryptographic concepts should you propose to the team?

A.Implement a block cipher mode of operation.
B.a digital signature mechanism.
C.Suggest using salt with hashing.
D.Switch to elliptic curve cryptography.

Correct Answer: B

A digital signature mechanism is a cryptographic concept that you should propose to the team to verify the integrity of the data upon retrieval. A digital signature mechanism works as follows:
* A digital signature is a mathematical scheme that allows the sender of a message to sign the message with their private key, and allows the receiver of the message to verify the signature with the sender's public key. A digital signature provides two security services: authentication and non-repudiation. Authentication means that the receiver can confirm the identity of the sender, and non-repudiation means that the sender cannot deny sending the message12.
* A digital signature mechanism consists of three algorithms: key generation, signing, and verification.
Key generation produces a pair of keys: a private key for the sender and a public key for the receiver.
Signing takes the message and the private key as inputs, and outputs a signature. Verification takes the message, the signature, and the public key as inputs, and outputs a boolean value indicating whether the signature is valid or not12.
* A digital signature mechanism can be implemented using various cryptographic techniques, such as hash-based signatures, RSA signatures, or elliptic curve signatures. A common method is to use a hash function to compress the message into a fixed-length digest, and then use an asymmetric encryption algorithm to encrypt the digest with the private key. The encrypted digest is the signature, which can be decrypted with the public key and compared with the hash of the message to verify the integrity12.
A digital signature mechanism can ensure the integrity of the data upon retrieval, because:
* A digital signature is unique to the message and the sender, and it cannot be forged or altered by anyone else. If the message or the signature is modified in any way, the verification will fail and the receiver will know that the data is corrupted or tampered with12.
* A digital signature is independent of the encryption or hashing of the data, and it can be applied to any type of data, regardless of its format or size. The encryption or hashing of the data can provide confidentiality and efficiency, but they cannot provide integrity or authentication by themselves. A digital signature can complement the encryption or hashing of the data by providing an additional layer of security12.
The other options are not as suitable as option B for the following reasons:
* A. Implement a block cipher mode of operation: This option is not relevant because it does not address the integrity verification issue, but the encryption issue. A block cipher mode of operation is a method of applying a block cipher, which is a symmetric encryption algorithm that operates on fixed-length blocks of data, to a variable-length message. A block cipher mode of operation can provide different security properties, such as confidentiality, integrity, or authenticity, depending on the mode. However, a block cipher mode of operation cannot provide a digital signature, which is a form of asymmetric encryption that uses a pair of keys3 .
* C. Suggest using salt with hashing: This option is not sufficient because it does not provide a digital signature, but only a hash value. Salt is a random value that is added to the input of a hash function, which is a one-way function that maps any data to a fixed-length digest. Salt can enhance the security of hashing by making it harder to perform brute-force attacks or dictionary attacks, which are methods of finding the input that produces a given hash value. However, salt cannot provide a digital signature, which is a two-way function that uses a pair of keys to sign and verify a message .
* D. Switch to elliptic curve cryptography: This option is not specific because it does not specify a digital signature mechanism, but only a type of cryptography. Elliptic curve cryptography is a branch of cryptography that uses mathematical curves to generate keys and perform operations. Elliptic curve cryptography can be used to implement various cryptographic techniques, such as encryption, hashing, or digital signatures. However, elliptic curve cryptography is not a digital signature mechanism by itself, but rather a tool that can be used to create one .
References:
* 1: Digital signature - Wikipedia
* 2: Digital Signature: What It Is and How It Works | Kaspersky
* 3: Block cipher mode of operation - Wikipedia
* : Block Cipher Modes of Operation - an overview | ScienceDirect Topics
* : Salt (cryptography) - Wikipedia
* : What is Salt in Cryptography? | Cloudflare
* : Elliptic-curve cryptography - Wikipedia
* : Elliptic Curve Cryptography: What It Is and How It Works | Kaspersky

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File