Free Access to ECCouncil.312-50v12.v2024-07-08.q287 with Valid Practice Test (Page 23)

Question 106

There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption, what encryption protocol is being used?

A.WEP
B.RADIUS
C.WPA
D.WPA3

Question 107

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies against such attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and value, which have been approved for secured access, is accepted. What is the defensive technique employed by Bob in the above scenario?

A.Blacklist validation
B.Output encoding
C.Whitelist validation
D.Enforce least privileges

Question 108

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

A.Carry out a passive wire sniffing operation using Internet packet sniffers
B.Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz
C.Perform a PRobability INfinite Chained Elements (PRINCE) attack
D.Request a service ticket for the service principal name of the target service account

Correct Answer: D

A Kerberoasting attack is a technique that exploits the weak encryption of Kerberos service tickets to obtain the password hashes of service accounts that have a Service Principal Name (SPN) associated with them. The attacker can then crack the hashes offline and use the plaintext passwords to impersonate the service accounts and access network resources.
A Kerberoasting attack follows these steps1:
* The attacker impersonates a legitimate Active Directory user and authenticates to the Key Distribution Center (KDC) in the Active Directory environment. They then request a Ticket Granting Ticket (TGT) from the KDC to access network resources. The KDC complies because the attacker is impersonating a legitimate user.
* The attacker enumerates the service accounts that have an SPN using tools like GetUserSPNs.py or PowerView. They then request a service ticket for each SPN from the KDC using their TGT. The KDC grants the service tickets, which are encrypted with the password hashes of the service accounts.
* The attacker captures the service tickets and takes them offline. They then attempt to crack the password hashes using tools like Hashcat or John the Ripper. They can use various methods, such as brute force, dictionary, or hybrid attacks, to guess the passwords. Alternatively, they can use a PRINCE attack, which is a probabilistic password generation technique that combines common words, patterns, and transformations to generate likely passwords2.
* Once the attacker obtains the plaintext passwords of the service accounts, they can use them to authenticate as the service accounts and access the network resources that they are authorized to.
Therefore, the next step that the analyst should take after obtaining a valid TGT is to request a service ticket for the SPN of the target service account. This will allow them to capture the service ticket and extract the password hash of the service account.
References:
* How to Perform Kerberoasting Attacks: The Ultimate Guide - StationX
* PRINCE: PRobability INfinite Chained Elements

Question 109

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.All are tools that are only effective against Windows
B.All are tools that are only effective against Linux
C.All are tools that can be used not only by hackers, but also security personnel
D.All are DDOS tools
E.All are hacking tools developed by the legion of doom

Question 110

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

A.hping2 host.domain.com
B.hping2 --set-ICMP host.domain.com
C.hping2 -i host.domain.com
D.hping2 -1 host.domain.com

Question 106

Question 107

Question 108

Question 109

Question 110

Download PDF File