CEH v12.312 - 50 - v12 - Dumps.pdf

Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...

Full Transcript

Vendor: EC-Council Exam Code: 312-50v12 Exam Name: Certified Ethical Hacker Exam (CEH v12) Version: 23.081 QUESTION 1 Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her act...

Vendor: EC-Council Exam Code: 312-50v12 Exam Name: Certified Ethical Hacker Exam (CEH v12) Version: 23.081 QUESTION 1 Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email? A. Evilginx B. Slowloris C. PLCinject D. PyLoris Answer: A Explanation: Phishing Tools Phishing tools can be used by attackers to generate fake login pages to capture usernames and passwords, send spoofed emails, and obtain the victim’s IP address and session cookies. This information can further be used by the attacker, who will use it to impersonate a legitimate user and launch further attacks on the target organization :=>Tools like BLACKEYE / PhishX / PhishX / Trape / Evilginx QUESTION 2 John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victims and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario? A. Agent-based scanner B. Network-based scanner C. Cluster scanner D. Proxy scanner Answer: A Explanation: * Network-Based Scanner: Network-based scanners are those that interact only with the real machine where they reside and give the report to the same machine after scanning. * Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network. * Proxy Scanner: Proxy scanners are the network-based scanners that can scan networks from any machine on the network. * Cluster scanner: Cluster scanners are similar to proxy scanners, but they can simultaneously perform two or more scans on different machines in the network. QUESTION 3 Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine. Which of the following techniques is used by Joel in the above scenario? A. Watering hole attack Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 2 https://www.passleader.com/ B. DNS rebinding attack C. MarioNet attack D. Clickjacking attack Answer: A Explanation: It is a type of unvalidated redirect attack whereby the attacker first identifies the most visited website of the target, determines the vulnerabilities in the website, injects malicious code into the vulnerable web application, and then waits for the victim to browse the website. Once the victim tries to access the website, the malicious code executes, infecting the victim. QUESTION 4 Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non- whitelisted programs. What type of malware did the attacker use to bypass the company's application whitelisting? A. File-less malware B. Zero-day malware C. Phishing malware D. Logic bomb malware Answer: A Explanation: In this scenario, the attacker used file-less malware to bypass the company's application whitelisting. File-less malware resides entirely in memory, making it difficult for antivirus software and IDS/IPS to detect. It can run in the context of a trusted process or system application, and can be delivered through various attack vectors, including phishing emails, malicious websites, or network exploits. QUESTION 5 Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it? A. Dorian is signing the message with his public key, and Poly will verify that the message came from Dorian by using Dorian's private key. B. Dorian is signing the message with Poly's private key, and Poly will verify that the message came from Dorian by using Dorian's public key. C. Dorian is signing the message with his private key, and Poly will verify that the message came from Dorian by using Dorian's public key. D. Dorian is signing the message with Poly's public key, and Poly will verify that the message came from Dorian by using Dorian's public key. Answer: C Explanation: In digital signature, the sender signs the message using their private key, which only the sender knows. The recipient can verify that the message came from the sender by using the sender's public key. Therefore, in this scenario, Dorian is signing the email with his private key, and Poly will validate it using Dorian's public key. Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 3 https://www.passleader.com/ QUESTION 6 Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing? A. DHCP spoofing B. DoS attack C. ARP cache poisoning D. DNS hijacking Answer: D Explanation: DNS hijacking: Attacker modifies DNS queries/responses, redirects users to incorrect/malicious websites, steals sensitive information. QUESTION 7 Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account. What is the attack performed by Boney in the above scenario? A. Forbidden attack B. CRIME attack C. Session donation attack D. Session fixation attack Answer: C Explanation: In a session donation attack, the attacker donates their own session ID to the target user. In this attack, the attacker first obtains a valid session ID by logging into a service and later feeds the same session ID to the target user. This session ID links a target user to the attacker’s account page without disclosing any information to the victim. When the target user clicks on the link and enters the details (username, password, payment details, etc.) in a form, the entered details are linked to the attacker’s account. To initiate this attack, the attacker can send their session ID using techniques such as cross-site cooking, an MITM attack, and session fixation. A session donation attack involves the following steps. QUESTION 8 Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packets, but the target web server can decode them. What is the technique used by Kevin to evade the IDS system? A. Session splicing B. Urgency flag C. Obfuscating D. Desynchronization Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 4 https://www.passleader.com/ Answer: C Explanation: Obfuscating is an IDS evasion technique used by attackers to encode the attack packet payload in such a way that the destination host can only decode the packet but not the IDS. Using Unicode characters, an attacker can encode attack packets that the IDS would not recognize but which an IIS web server can decode. QUESTION 9 Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials: Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability? A. select * from Users where UserName = 'attack' ' or 1=1 -- and UserPassword = '123456' B. select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456' C. select * from Users where UserName = 'attack or 1=1 -- and UserPassword = '123456' D. select * from Users where UserName = 'attack' or 1=1 --' and UserPassword = '123456' Answer: D Explanation: SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 --' AND Password='Springfield' SQL Query Executed : SELECT Count(*) FROM Users WHERE UserName='Blah' or 1=1 Code after -- are now comments : --' AND Password='Springfield' QUESTION 10 Which of the following commands checks for valid users on an SMTP server? A. RCPT B. CHK C. VRFY D. EXPN Answer: C Explanation: The VRFY commands enables SMTP clients to send an invitation to an SMTP server to verify that mail for a selected user name resides on the server. The VRFY command is defined in RFC 821.The server sends a response indicating whether the user is local or not, whether mail are going to be forwarded, and so on. A response of 250 indicates that the user name is local; a response of 251 indicates that the user name isn't local, but the server can forward the message. The server response includes the mailbox name. QUESTION 11 Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates. Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 5 https://www.passleader.com/ Which of the following protocols is used by Bella? A. FTPS B. FTP C. HTTPS D. IP Answer: A Explanation: FTPS includes full support for the TLS and SSL cryptographic protocols, including the use of server- side public key authentication certificates and client-side authorization certificates. It also supports compatible ciphers, including AES, RC4, RC2, Triple DES, and DES. It further supports hash functions SHA, MD5, MD4, and MD2. QUESTION 12 John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption? A. Use his own private key to encrypt the message. B. Use his own public key to encrypt the message. C. Use Marie's private key to encrypt the message. D. Use Marie's public key to encrypt the message. Answer: D Explanation: PGP (Pretty Good Privacy) is an encryption software that can be used to encrypt and decrypt electronic communications, such as emails. PGP uses a combination of symmetric-key and public- key encryption to provide confidentiality and authenticity to the communications. QUESTION 13 In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in? A. 4.0-6.0 B. 3.9-6.9 C. 3.0-6.9 D. 4.0-6.9 Answer: D Explanation: CVSS v3.0 Ratings Low 0.1-3.9 Medium 4.0-6.9 High 7.0-8.9 Critical 9.0-10.0 https://nvd.nist.gov/vuln-metrics/cvss QUESTION 14 Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 6 https://www.passleader.com/ discovers unencrypted traffic in port UDP 161. What protocol is this port using and how can he secure that traffic? A. RPC and the best practice is to disable RPC completely. B. SNMP and he should change it to SNMP V3. C. SNMP and he should change it to SNMP V2, which is encrypted. D. It is not necessary to perform any actions, as SNMP is not carrying important information. Answer: B Explanation: SNMP (Simple Network Management Protocol) is a protocol used for managing and monitoring network devices, such as routers, switches, and servers. SNMP uses UDP port 161 for communication. However, SNMP V1 and V2 use clear text community strings for authentication, making them vulnerable to eavesdropping and other attacks. To secure SNMP traffic, Bill should change the SNMP version to SNMP V3, which provides enhanced security features, such as authentication, encryption, and message integrity. SNMP V3 requires a username and password for authentication, and it supports encryption of the data being transmitted. QUESTION 15 Consider the following Nmap output: What command-line parameter could you use to determine the type and version number of the web server? A. -sV B. -sS C. -Pn Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 7 https://www.passleader.com/ D. -V Answer: A Explanation: https://nmap.org/book/man-briefoptions.html -sV: Probe open ports to determine service/version info QUESTION 16 Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed on the Internet and someone can find them with a simple Google search. Bob's boss is very worried because of regulations that protect those data. Which of the following regulations is mostly violated? A. PCI DSS B. PII C. ISO 2002 D. HIPPA/PHI Answer: D Explanation: HIPAA/PHI: The Health Insurance Portability and Accountability Act (HIPAA) establishes rules and regulations to safeguard protected health information (PHI). It applies to healthcare providers, health plans, and other entities handling patient data to ensure its confidentiality, integrity, and availability. QUESTION 17 Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology? A. Scanning B. Gaining access C. Maintaining access D. Reconnaissance Answer: B Explanation: The ethical hacking methodology consists of five phases, which are: reconnaissance, scanning, gaining access, maintaining access, and covering tracks. The phase that involves infecting a system with malware and using phishing to gain credentials to a system or web application is the gaining access phase. In this phase, the attacker attempts to gain unauthorized access to the target system or network by exploiting vulnerabilities, misconfigurations, or weaknesses in the security controls. QUESTION 18 Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a few countermeasures to secure the accounts on the web server. Which of the following countermeasures must Larry implement to secure the user accounts on the web server? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 8 https://www.passleader.com/ A. Retain all unused modules and application extensions. B. Limit the administrator or root-level access to the minimum number of users. C. Enable all non-interactive accounts that should exist but do not require interactive login. D. Enable unused default user accounts created during the installation of an OS. Answer: B Explanation: Limiting the administrator or root-level access to the minimum number of users is a best practice for securing user accounts on a web server. This helps to reduce the attack surface and minimize the risk of unauthorized access or privilege escalation. QUESTION 19 There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called? A. Private B. Community C. Public D. Hybrid Answer: B Explanation: The three main types of cloud deployment options are: private, public, and hybrid. However, there is also a fourth deployment option called community cloud. In a community cloud, a cloud infrastructure is shared by several organizations or groups that have similar computing requirements and concerns. These organizations may be from the same industry, have similar security or compliance requirements, or have other commonalities that make it beneficial for them to share a cloud environment. Community cloud environments can provide benefits such as lower costs, improved security, and shared expertise. They can also enable collaboration and resource sharing among organizations. QUESTION 20 Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. By enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration. Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user? A. B. C. D. Answer: C Explanation: The NetBIOS code is associated with where you can retrieve the messenger service for a logged-in user. Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 9 https://www.passleader.com/ QUESTION 21 Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app. What is the attack performed on Don in the above scenario? A. SIM card attack B. Clickjacking C. SMS phishing attack D. Agent Smith attack Answer: D Explanation: Agent Smith attacks are carried out by luring victims into downloading and installing malicious apps designed and published by attackers in the form of games, photo editors, or other attractive tools from third-party app stores such as 9Apps. Once the user has installed the app, the core malicious code inside the application infects or replaces the legitimate apps in the victim’s mobile device C&C commands. The deceptive application replaces legitimate apps such as WhatsApp, SHAREit, and MX Player with similar infected versions. The application sometimes also appears to be an authentic Google product such as Google Updater or Themes. The attacker then produces a massive volume of irrelevant and fraudulent advertisements on the victim’s device through the infected app for financial gain. Attackers exploit these apps to steal critical information such as personal information, credentials, and bank details, from the victim’s mobile device through C&C commands. QUESTION 22 Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information. Which of the following attacks can be performed by exploiting the above vulnerability? A. Padding oracle attack B. DROWN attack C. DUHK attack D. Side-channel attack Answer: B Explanation: DROWN attack: Decrypting SSL/TLS communications through SSLv2 vulnerability. QUESTION 23 Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario? A. DuckDuckGo B. AOL Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 10 https://www.passleader.com/ C. ARIN D. Baidu Answer: C Explanation: The scenario describes a reconnaissance phase technique called footprinting, which involves gathering information about a target organization in order to identify potential vulnerabilities or attack vectors. In this case, Clark has used Whois footprinting to obtain the server IP address of the target organization. He has then used an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. One such online tool that can be used for this purpose is ARIN (American Registry for Internet Numbers). ARIN is a non-profit organization that manages the allocation and registration of IP addresses and other Internet number resources in North America. QUESTION 24 You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: "The attacker must scan every port on the server several times using a set of spoofed source IP addresses." Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement? A. The -g flag B. The -A flag C. The -f flag D. The -D flag Answer: D Explanation: Nmap may be used to create decoys, that are meant to fool firewalls. whereas decoys is used for nefarious functions, it’s usually used to rectify. nmap -D 192.168.0.1,192.168.0.2,… When using the -D command, you’ll be able to follow the command with a list of decoy addresses. These decoy addresses also will show as if they’re scanning the network, to obfuscate the scan that’s actually being done. QUESTION 25 Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network. What is the type of vulnerability assessment that Jude performed on the organization? A. Application assessment B. External assessment C. Passive assessment D. Host-based assessment Answer: B Explanation: B (100%) Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 11 https://www.passleader.com/ QUESTION 26 Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym? A. SOX B. FedRAMP C. HIPAA D. PCI DSS Answer: A Explanation: The Sarbanes-Oxley Act of 2002 could be a law the U.S. Congress passed on July thirty of that year to assist defend investors from fallacious money coverage by companies.Also called the SOX Act of 2002 and also the company Responsibility Act of 2002, it mandated strict reforms to existing securities rules and obligatory powerful new penalties on law breakers. The Sarbanes-Oxley law Act of 2002 came in response to money scandals within the early 2000s involving in public listed corporations like Enron Corporation, Tyco International plc, and WorldCom. The high-profile frauds cask capitalist confidence within the trustiness of company money statements Associate in Nursingd light-emitting diode several to demand an overhaul of decades- old restrictive standards. QUESTION 27 Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a DoS attack, and as a result, legitimate employees were unable to access the client's network. Which of the following attacks did Abel perform in the above scenario? A. Rogue DHCP server attack B. VLAN hopping C. STP attack D. DHCP starvation Answer: D Explanation: Rogue DHCP server attack: Unauthorized DHCP server distributing IP addresses. VLAN hopping: Exploiting VLAN vulnerabilities for unauthorized network access. STP attack: Disrupting networks through Spanning Tree Protocol manipulation. DHCP starvation: Flooding DHCP server to exhaust IP address pool. QUESTION 28 This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm? A. HMAC encryption algorithm B. Twofish encryption algorithm Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 12 https://www.passleader.com/ C. IDEA D. Blowfish encryption algorithm Answer: B Explanation: The Twofish encryption algorithm is a symmetric key block cipher that was designed to be secure, efficient, and flexible. It uses a block size of 128 bits and can have key sizes up to 256 bits, making it highly secure. Twofish was one of the five finalists in the Advanced Encryption Standard (AES) competition organized by the U.S. National Institute of Standards and Technology (NIST) in 1997. Although it was not selected as the winner, Twofish is still considered a highly secure encryption algorithm and is widely used in various applications. QUESTION 29 Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he started to circumvent the network protection tools and firewalls used in the company. He employed a technique that can create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the attack technique used by Jude for finding loopholes in the above scenario? A. Spoofed session flood attack B. UDP flood attack C. Peer-to-peer attack D. Ping-of-death attack Answer: A Explanation: Jude used a spoofed session flood attack to bypass the network protection tools and firewalls used in his company's network infrastructure. This attack technique involves creating forged TCP sessions by sending multiple SYN, ACK, RST, or FIN packets to the target system. By doing so, the attacker can exhaust the target system's resources and make it unresponsive to legitimate requests. In a spoofed session flood attack, the attacker sends packets with a forged source IP address, making it difficult for the target system to distinguish between legitimate and malicious traffic. This makes it easier for the attacker to bypass network protection tools and firewalls, which may be configured to block traffic from known malicious IP addresses. QUESTION 30 Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information? A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP > B. nmap -Pn -sU -p 44818 --script enip-info < Target IP > C. nmap -Pn -sT -p 46824 < Target IP > D. nmap -Pn -sT -p 102 --script s7-info < Target IP > Answer: B Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 13 https://www.passleader.com/ Explanation: EtherNet/IP makes use of TCP port number 44818 for explicit messaging and UDP port number 2222 for implicit messaging QUESTION 31 While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder higher up in the folder structure of the server. What kind of attack is possible in this scenario? A. Cross-site scripting B. SQL injection C. Denial of service D. Directory traversal Answer: D Explanation: In a directory traversal attack, an attacker can access files and directories that are stored outside of the web root directory. The attacker can exploit this vulnerability to access sensitive information such as configuration files, password files, and other sensitive data. QUESTION 32 Richard, an attacker, aimed to hack IoT devices connected to a target network. In this process, Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices. What is the type of attack performed by Richard in the above scenario? A. Cryptanalysis attack B. Reconnaissance attack C. Side-channel attack D. Replay attack Answer: D Explanation: In the given scenario, Richard aims to hack IoT devices connected to a target network using a replay attack. He records the frequency required to share information between connected devices and captures the original data when commands are initiated by the connected devices. Once the original data are collected, he uses free tools such as URH to segregate the command sequence. Subsequently, he starts injecting the segregated command sequence on the same frequency into the IoT network, which repeats the captured signals of the devices. In a replay attack, an attacker records legitimate data transmissions and later retransmits them, hoping to impersonate the original sender or gain unauthorized access. The attacker captures the data packets or messages transmitted between two entities and replays them back to the same or another entity, leading to unauthorized access, impersonation, or denial of service. QUESTION 33 Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 14 https://www.passleader.com/ A. Vulnerability analysis B. Malware analysis C. Scanning networks D. Enumeration Answer: C Explanation: Scanning networks allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack. Scanning can help the attacker identify the IP addresses, operating systems, open ports, and running services of the systems connected to the target network. This information can then be used to identify vulnerabilities and plan further attacks. QUESTION 34 Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer? A. Use the built-in Windows Update tool B. Use a scan tool like Nessus C. Check MITRE.org for the latest list of CVE findings D. Create a disk image of a clean Windows installation Answer: B Explanation: Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. The Nessus server is currently available for Unix, Linux and FreeBSD. The client is available for Unix-or Windows- based operating systems. Note: Significant capabilities of Nessus include: - Compatibility with computers and servers of all sizes. - Detection of security holes in local or remote hosts. - Detection of missing security updates and patches. - Simulated attacks to pinpoint vulnerabilities. - Execution of security tests in a contained environment. - Scheduled security audits. QUESTION 35 Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? A. Web shells B. Webhooks C. REST API D. SOAP API Answer: B Explanation: Webhooks are user-defined HTTP callbacks or push APIs that allow applications to communicate Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 15 https://www.passleader.com/ with each other in real-time. They are triggered by specific events and send data to other applications automatically when those events occur. In this scenario, Susan is using webhooks to update other applications with the latest information and provide real-time data to users. QUESTION 36 Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot? A. Tethered jailbreaking B. Semi-untethered jailbreaking C. Semi-tethered jailbreaking D. Untethered jailbreaking Answer: D Explanation: In a tethered jailbreak, the device must be connected to a computer each time it is restarted. The jailbreak exploit needs to be applied again using special software or tools to gain access to the device’s filesystem and allow the installation of unauthorized apps and modifications. Without this reapplication, the device will boot into a non-jailbroken state. On the other hand, an untethered jailbreak is more convenient as it does not require a computer connection every time the device restarts. Once the untethered jailbreak is successfully performed, the modifications made to the device remain persistent even after a reboot. The device can be turned on and off without losing the jailbreak status, allowing the use of unauthorized apps and tweaks without any additional steps. QUESTION 37 Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services? A. Web services parsing attacks B. WS-Address spoofing C. SOAPAction spoofing D. XML injection Answer: B Explanation: WS-address provides additional routing information in the SOAP header to support asynchronous communication. QUESTION 38 Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities in the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft? A. Pharming B. Skimming Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 16 https://www.passleader.com/ C. Pretexting D. Wardriving Answer: A Explanation: Pharming is a social engineering technique in which the attacker executes malicious programs on a victim’s computer or server, and when the victim enters any URL or domain name, it automatically redirects the victim’s traffic to an attacker-controlled website. This attack is also known as "Phishing without a Lure." The attacker steals confidential information like credentials, banking details, and other information related to web-based services. Pharming attack can be performed in two ways: DNS Cache Poisoning and Host File Modification QUESTION 39 What is the port to block first in case you are suspicious that an IoT device has been compromised? A. 22 B. 48101 C. 80 D. 443 Answer: B Explanation: How to Defend Against IoT Hacking: Monitor traffic on port 48101, as infected devices attempt to spread the malicious file using port 48101. QUESTION 40 Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary in the above scenario. A. Unspecified proxy activities B. Use of command-line interface C. Data staging D. Use of DNS tunneling Answer: A Explanation: Unspecified Proxy Activities : An adversary can create and configure multiple domains pointing to the same host, thus, allowing an adversary to switch quickly between the domains to avoid detection. Security professionals can find unspecified domains by checking the data feeds that are generated by those domains. Using this data feed, the security professionals can also find any malicious files downloaded and the unsolicited communication with the outside network based on the domains. QUESTION 41 What firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers? A. Packet fragmentation scanning B. Spoof source address scanning Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 17 https://www.passleader.com/ C. Decoy scanning D. Idle scanning Answer: D Explanation: Idle scanning (also known as zombie scanning) is a firewall evasion technique that uses a zombie system with low network activity to scan a target system. QUESTION 42 By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally entered your login and password in plaintext. Which file do you have to clean to clear the password? A..xsession-log B..profile C..bashrc D..bash_history Answer: D Explanation: The.bash_history file is a log of commands executed in the Bash shell. If a user enters their login and password in plaintext, it will be stored in the.bash_history file. This file can be cleared to remove any plaintext passwords that may have been stored. The.xsession-log file records X session messages, and the.profile and.bashrc files are scripts that are run at login to set environment variables and configure the shell. These files do not typically contain plaintext passwords. QUESTION 43 Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used by Jack to launch the fileless malware on the target systems? A. In-memory exploits B. Legitimate applications C. Script-based injection D. Phishing Answer: D Explanation: Attackers commonly use social engineering techniques such as phishing to spread fileless malware to the target systems. They send spam emails embedded with malicious links to the victim. When the victim clicks on the link, he/she will be directed to a fraudulent website that automatically loads Flash and triggers the exploit. QUESTION 44 Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to track the emails of the Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 18 https://www.passleader.com/ target and extracts information such as sender identities, mail servers, sender IP addresses, and sender locations from different public sources. He also checks if an email address was leaked using the haveibeenpwned.com API. Which of the following tools is used by Wilson in the above scenario? A. Factiva B. ZoomInfo C. Netcraft D. Infoga Answer: D Explanation: Infoga may be a tool gathering email accounts informations (ip,hostname,country,...) from completely different public supply (search engines, pgp key servers and shodan) and check if email was leaked using haveibeenpwned.com API. is a really simple tool, however very effective for the first stages of a penetration test or just to know the visibility of your company within the net. QUESTION 45 David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in? A. Remediation B. Verification C. Risk assessment D. Vulnerability scan Answer: A Explanation: The vulnerability management lifecycle is a process of identifying, assessing, and remediating vulnerabilities in an organization's IT infrastructure. The five phases of the vulnerability management lifecycle are: 1. Discovery and Identification: This is the process of identifying and inventorying all of the assets in an organization's IT infrastructure. 2. Vulnerability Assessment: This is the process of identifying and assessing the severity of vulnerabilities in an organization's IT infrastructure. 3. Prioritization: This is the process of prioritizing the vulnerabilities that need to be remediated based on their severity and impact. 4. Remediation: This is the process of applying fixes to vulnerable systems to reduce the impact and severity of vulnerabilities. 5. Verification: This is the process of verifying that the vulnerabilities have been remediated and that the fixes are working properly. In this case, David is currently in the Remediation phase of the vulnerability management lifecycle. He is applying fixes to vulnerable systems to reduce the impact and severity of vulnerabilities. QUESTION 46 Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the target's MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 19 https://www.passleader.com/ organization. Which of the following cloud attacks did Alice perform in the above scenario? A. Cloud cryptojacking B. Man-in-the-cloud (MITC) attack C. Cloud hopper attack D. Cloudborne attack Answer: C Explanation: Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented, attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers. Attackers also move laterally in the network from one system to another in the cloud environment to gain further access to sensitive data pertaining to the industrial entities, such as manufacturing, government bodies, healthcare, and finance. QUESTION 47 Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the following code is hidden behind those images: What issue occurred for the users who clicked on the image? A. This php file silently executes the code and grabs the user's session cookie and session ID. B. The code redirects the user to another site. C. The code injects a new cookie to the browser. D. The code is a virus that is attempting to gather the user's username and password. Answer: A Explanation: The code embedded behind the strange images posted by the user on the forum is a PHP file that runs in the background and steals the user's session cookies and session ID. The PHP script silently executes in the background, and the user may not be aware that their session has been compromised. QUESTION 48 Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for? A. Out of band and boolean-based B. Union-based and error-based C. Time-based and union-based D. Time-based and boolean-based Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 20 https://www.passleader.com/ Answer: D Explanation: Boolean-based SQL injection is a type of attack where the attacker sends a malicious query to the database that will return a different response depending on whether the query returns a TRUE or FALSE result. For example, the attacker might send the query SELECT * FROM users WHERE id = '1' AND '1' = '2'. If the user ID 1 exists in the database, the query will return no results. However, if the user ID 1 does not exist in the database, the query will return all of the rows in the users table. Time-based SQL injection is a type of attack where the attacker sends a malicious query to the database that will cause the database to take a different amount of time to execute depending on whether the query returns a TRUE or FALSE result. For example, the attacker might send the query SELECT * FROM users WHERE id = '1' AND sleep(5). If the user ID 1 exists in the database, the query will return no results. However, if the user ID 1 does not exist in the database, the query will cause the database to sleep for 5 seconds before returning results. In this case, Jane Smith wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. She can do this by using a time-based SQL injection attack. She would first send the query SELECT * FROM users WHERE id = '1' AND sleep(5). If the user ID 1 exists in the database, the query will return no results. However, if the user ID 1 does not exist in the database, the query will cause the database to sleep for 5 seconds before returning results. Jane Smith can then use a second command to measure the time it takes for the database to respond. If the response time is greater than 5 seconds, then she knows that the user ID 1 does not exist in the database. QUESTION 49 Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed in the above scenario? A. Web server misconfiguration B. Server-side request forgery (SSRF) attack C. Web cache poisoning attack D. Website defacement Answer: B Explanation: SSRF vulnerabilities evolve in the following manner. Generally, server-side requests are initiated to obtain information from an external resource and feed it into an application. For instance, a designer can utilize a URL such as https://xyz.com/feed.php?url=externalsite.com/feed/to to obtain a remote feed. If attackers can alter the URL input to the localhost, then they can view all the local resources on the server. QUESTION 50 George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 21 https://www.passleader.com/ A. LPWAN B. MQTT C. NB-IoT D. Zigbee Answer: D Explanation: 802.15.4 (ZigBee): The 802.15.4 standard has a low data rate and complexity. QUESTION 51 Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role. What is the technique employed by Eric to secure cloud resources? A. Demilitarized zone B. Zero trust network C. Serverless computing D. Container technology Answer: B Explanation: Zero trust network is a security model that assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. This is in contrast to traditional security models, which assume that users inside the network are trusted and only need to be authenticated once. Zero trust network is implemented by using a variety of security controls, such as: - Micro-segmentation: This is the practice of dividing the network into small, isolated segments, each with its own security controls. This makes it more difficult for an attacker to move laterally within the network once they have gained access. - Multi-factor authentication: This requires users to provide multiple pieces of identification, such as a username, password, and security token, before being granted access to the network. - Continuous monitoring: This involves monitoring all network traffic for suspicious activity. - Least privilege: This principle states that users should only be granted the access they need to perform their job duties. In Eric's case, he is implementing a zero trust network by verifying every incoming connection before allowing access to the network. He is also imposing conditions such that employees can only access the resources required for their role. This is a good way to secure cloud resources and protect them from unauthorized access. QUESTION 52 You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-Internal." You realize that this network uses WPA3 encryption. Which of the following vulnerabilities is the promising to exploit? A. Cross-site request forgery B. Dragonblood C. Key reinstallation attack D. AP misconfiguration Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 22 https://www.passleader.com/ Answer: B Explanation: Dragonblood is a set of vulnerabilities in the WPA3 security standard that allows attackers to recover keys, downgrade security mechanisms, and launch various information-theft attacks. Attackers can use various tools, such as Dragonslayer, Dragonforce, Dragondrain, and Dragontime, to exploit these vulnerabilities and launch attacks on WPA3-enabled networks. QUESTION 53 What is the common name for a vulnerability disclosure program opened by companies in platforms such as HackerOne? A. White-hat hacking program B. Bug bounty program C. Ethical hacking program D. Vulnerability hunting program Answer: B Explanation: A bug bounty program is a challenge or agreement hosted by organizations, websites, or software developers for tech-savvy individuals or ethical hackers to participate and break into their security to report the latest bugs and vulnerabilities. QUESTION 54 A DDoS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete. Which attack is being described here? A. Desynchronization B. Slowloris attack C. Session splicing D. Phlashing Answer: B Explanation: Slowloris is a DDoS attack tool used to perform layer-7 DDoS attacks to take down web infrastructure. It is distinctly different from other tools in that it uses perfectly legitimate HTTP traffic to take down a target server. In Slowloris attacks, the attacker sends partial HTTP requests to the target web server or application. Upon receiving the partial requests, the target server opens multiple connections and waits for the requests to complete. QUESTION 55 Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task? A. UDP scan B. ARP ping scan C. ACK flag probe scan D. TCP Maimon scan Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 23 https://www.passleader.com/ Answer: B Explanation: In the ARP ping scan, the ARP packets are sent for discovering all active devices in the IPv4 range even though the presence of such devices is hidden by restrictive firewalls. QUESTION 56 Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in? A. Tier-1: Developer machines B. Tier-2: Testing and accreditation systems C. Tier-3: Registries D. Tier-4: Orchestrators Answer: B Explanation: * Tier-1: Developer machines - image creation, testing and accreditation * Tier-2: Testing and accreditation systems - verification and validation of image contents, signing images and sending them to the registries * Tier-3: Registries - storing images and disseminating images to the orchestrators based on requests * Tier-4: Orchestrators - transforming images into containers and deploying containers to hosts * Tier-5: Hosts - operating and managing containers as instructed by the orchestrator Module QUESTION 57 Henry is a cyber security specialist hired by BlackEye - Cyber Security Solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unicornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows. A. 128 B. 255 C. 64 D. 138 Answer: A Explanation: The default TTL value for Windows OS is 128. This means that when a packet is sent from a Windows machine, it will have a TTL value of 128. If the packet reaches a router or firewall that has a TTL value of less than 128, the packet will be discarded. QUESTION 58 Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as "' or '1'='1'" in any basic injection statement such as "or 1=1." Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 24 https://www.passleader.com/ Identify the evasion technique used by Daniel in the above scenario. A. Char encoding B. IP fragmentation C. Variation D. Null byte Answer: C Explanation: Evasion Technique: Variation Variation is an evasion technique whereby the attacker can easily evade any comparison statement. The attacker does this by placing characters such as "' or '1'='1'" in any basic injection statement such as "or 1=1" or with other accepted SQL comments. The SQL interprets this as a comparison between two strings or characters instead of two numeric values. QUESTION 59 SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server's ability to make DNS requests to pass data to an attacker? A. In-band SQLi B. Union-based SQLi C. Out-of-band SQLi D. Time-based blind SQLi Answer: C Explanation: Out-of-band SQL injection (OOB SQLi) is a type of SQL injection attack where the attacker does not receive a response from the attacked application on the same communication channel but instead is able to cause the application to send data to a remote endpoint that they control. OOB SQLi attacks can be carried out by leveraging the database server's ability to make DNS requests. For example, the attacker could inject a malicious query into the application that would cause the database server to make a DNS request to a domain that the attacker controls. The attacker could then monitor the DNS traffic to see if the database server made the request. If it did, the attacker would know that the query was successful. QUESTION 60 Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario? A. Wireless network assessment B. Application assessment C. Host-based assessment D. Distributed assessment Answer: A Explanation: A wireless network assessment is a type of vulnerability assessment that focuses on identifying Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 25 https://www.passleader.com/ and assessing the vulnerabilities in a wireless network. This includes identifying rogue access points, weak passwords, and outdated security mechanisms. In the above scenario, Johnson identified some unusual traffic in the internal network that was aimed at cracking the authentication mechanism. This indicates that a rogue access point may have been installed within the organization's perimeter. Johnson then turned off the targeted network and tested for any weak and outdated security mechanisms that were open to attack. This is a clear indication that he was performing a wireless network assessment. QUESTION 61 In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called? A. Evil twin B. Chop chop attack C. Wardriving D. KRACK Answer: D Explanation: KRACK: This is an abbreviation for Key Reinstallation Attacks. It is a type of security vulnerability attack against the Wi-Fi security protocol WPA2, where attackers can exploit this vulnerability to steal sensitive information during Wi-Fi communication. QUESTION 62 After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the problem is the service running on port 389. Which service is this and how can you tackle the problem? A. The service is NTP, and you have to change it from UDP to TCP in order to encrypt it. B. The service is LDAP, and you must change it to 636, which is LDAPS. C. The findings do not require immediate actions and are only suggestions. D. The service is SMTP, and you must change it to SMIME, which is an encrypted way to send emails. Answer: B Explanation: The service running on port 369 is Lightweight Directory Access Protocol (LDAP). LDAP is a protocol used to access and manage directory information, such as user accounts and passwords. LDAP is typically used over UDP port 389, but it can also be used over TCP port 369. The auditors have found that the LDAP service on your network is running over UDP port 369. This is a security risk because UDP is a connectionless protocol, which means that packets can be lost or corrupted. If an attacker is able to intercept an LDAP packet, they could potentially steal user credentials or other sensitive information. To address this security risk, you should change the LDAP service to run over TCP port 636. TCP is a connection-oriented protocol, which means that packets are guaranteed to be delivered. LDAPS is a secure version of LDAP that uses Transport Layer Security (TLS) to encrypt the communication between the client and server. QUESTION 63 Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 26 https://www.passleader.com/ disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks. What is the countermeasure Mike applied to defend against jamming and scrambling attacks? A. Allow the transmission of all types of addressed packets at the ISP level B. Disable TCP SYN cookie protection C. Allow the usage of functions such as gets and strcpy D. Implement cognitive radios in the physical layer Answer: D Explanation: Cognitive radios can sense the environment, sense other RF devices' signals, and use different frequencies in response to the sensing results. This makes the device very flexible in terms of being able to adjust to different environments and also to be able to detect and evade jamming or scrambling attacks. By deploying cognitive radios, Mike can mitigate the effects of DoS/DDoS attacks that use jamming or scrambling techniques. QUESTION 64 You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop? A. You should check your ARP table and see if there is one IP address with two different MAC addresses. B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates. C. You should use netstat to check for any suspicious connections with another IP address within the LAN. D. You cannot identify such an attack and must use a VPN to protect your traffic. Answer: A Explanation: ARP spoofing is a type of attack where an attacker sends fake ARP (Address Resolution Protocol) messages to associate their MAC address with the IP address of another host on the network. This allows the attacker to intercept and modify traffic intended for the victim. By checking the ARP table on your laptop, you can see if there is any IP address with two different MAC addresses, which would indicate an ARP spoofing attack is in progress. QUESTION 65 Lewis, a professional hacker, targeted the IoT cameras and devices used by a target venture- capital firm. He used an information-gathering tool to collect information about the IoT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario? A. NeuVector B. Lacework C. Censys Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 27 https://www.passleader.com/ D. Wapiti Answer: C Explanation: Censys is a popular information-gathering tool used to collect information about devices connected to a network, open ports and services, and the attack surface area. It is used to generate statistical reports on broad usage patterns and trends, and to continually monitor every reachable server and device on the Internet, making it an ideal tool for hackers to gather information about their targets. QUESTION 66 Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan? A. nmap -sn -PO < target IP address > B. nmap -sn -PS < target IP address > C. nmap -sn -PA < target IP address > D. nmap -sn -PP < target IP address > Answer: B Explanation: In a TCP SYN ping scan, Nmap sends a TCP SYN packet to the target port, expecting a SYN-ACK or RST response from an open port. If the response is RST, it means the port is closed. If there is no response, the port may be either open or filtered. This method is used to detect whether a port is open or closed. The -sn option in Nmap is used for host discovery, and it disables port scanning. The -PS option is used to specify a TCP SYN ping scan, while the -PA and -PP options are used for TCP ACK and ICMP ping scans, respectively. Therefore, the correct command for a TCP SYN ping scan in Nmap is: nmap -sn -PS < target IP address > QUESTION 67 Ricardo has discovered the username for an application in his target's environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password- cracking application. What type of attack is Ricardo performing? A. Brute force B. Known plaintext C. Dictionary D. Password spraying Answer: C Explanation: A dictionary attack is an attack that tries to guess at the key of a ciphertext by attempting many different common passwords and possible passwords that are likely to be used by humans. QUESTION 68 Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 28 https://www.passleader.com/ What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool? A. Performing content enumeration using the bruteforce mode and 10 threads B. Performing content enumeration using the bruteforce mode and random file extensions C. Skipping SSL certificate verification D. Performing content enumeration using a wordlist Answer: D Explanation: Performing content enumeration using a wordlist is the fastest way to perform content enumeration on a given web server using the Gobuster tool. This is because a wordlist includes common paths, directories, and files that are likely to exist on the web server, and it is a pre-built list, so there is no need to generate a list on the fly. This approach avoids the overhead of trying to brute force filenames or extensions and reduces the time it takes to discover content. QUESTION 69 When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router configuration. What type of an alert is this? A. False negative B. True negative C. True positive D. False positive Answer: D Explanation: True Positive - IDS referring a behavior as an attack, in real life it is True Negative - IDS referring a behavior not an attack and in real life it is not False Positive - IDS referring a behavior as an attack, in real life it is not False Negative - IDS referring a behavior not an attack, but in real life is an attack QUESTION 70 Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB, which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mib or by entering the DNS library name and Lseries.mib. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario? A. LNMIB2.MIB B. DHCP.MIB C. MIB_II.MIB D. WINS.MIB Answer: A Explanation: * DHCP.MIB: Monitors network traffic between DHCP servers and remote hosts * HOSTMIB.MIB: Monitors and manages host resources * LNMIB2.MIB: Contains object types for workstation and server services Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 29 https://www.passleader.com/ * MIB_II.MIB: Manages TCP/IP-based Internet using a simple architecture and system * WINS.MIB: For the Windows Internet Name Service (WINS) QUESTION 71 Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario? A. ophcrack B. VisualRoute C. Hootsuite D. HULK Answer: C Explanation: Conducting location search on social media sites such as Twitter, Instagram, and Facebook helps attackers to detect the geolocation of the target. This information further helps attackers to perform various social engineering and non-technical attacks. Many online tools such as Followerwonk, Hootsuite, and Meltwater are available to search for both geotagged and non-geotagged information on social media sites. Attackers search social media sites using these online tools using keywords, usernames, date, time, and so on. QUESTION 72 Alice needs to send a confidential document to her coworker, Bryan. Their company has public key infrastructure set up. Therefore, Alice both encrypts the message and digitally signs it. Alice uses _______________ to encrypt the message, and Bryan uses _______________ to confirm the digital signature. A. Bryan's public key; Bryan's public key B. Alice's public key; Alice's public key C. Bryan's private key; Alice's public key D. Bryan's public key; Alice's public key Answer: D Explanation: Alice should Use Bryan's public key so only Brian can decrypt it with his private key. Bryan will use Alice's public key to confirm this msg came from Alice as she is the only one with the private key. QUESTION 73 What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application? A. AndroidManifest.xml B. classes.dex C. APK.info D. resources.asrc Answer: A Explanation: Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 30 https://www.passleader.com/ The AndroidManifest.xml file contains information of your package, including components of the appliance like activities, services, broadcast receivers, content providers etc. It performs another tasks also: - It's responsible to guard the appliance to access any protected parts by providing the permissions. - It also declares the android api that the appliance goes to use. - It lists the instrumentation classes. The instrumentation classes provides profiling and other informations. These informations are removed just before the appliance is published etc. This is the specified xml file for all the android application and located inside the basis directory. QUESTION 74 Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device, Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario? A. NetPass.exe B. Outlook scraper C. WebBrowserPassView D. Credential enumerator Answer: D Explanation: Credential enumerator: a self-extracting RAR file containing two components, a bypass and a service component. The bypass component is used for enumeration of network resources and either finds writable share drives using Server Message Block (SMB) or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet then writes the service component on the system, which writes Emotet onto the disk. Access to SMB can result in entire domains (servers and clients) becoming infected. QUESTION 75 Which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth? A. Bluesmacking B. Bluesnarfing C. Bluejacking D. Bluebugging Answer: B Explanation: Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant). QUESTION 76 While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt’s bank account has been accessed, and the password has been changed. What most likely happened? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 31 https://www.passleader.com/ A. Matt inadvertently provided the answers to his security questions when responding to the post. B. Matt inadvertently provided his password when responding to the post. C. Matt's computer was infected with a keylogger. D. Matt's bank-account login information was brute forced. Answer: A Explanation: Security questions are often used as a way to verify a user's identity when they are trying to reset their password. The answers to these questions are typically personal information that is known only to the user, such as their mother's maiden name or their childhood pet's name. In this case, Matt responded to a post that asked him a number of personal questions. These questions were likely security questions for his bank account. By answering these questions, Matt inadvertently provided the answers to his security questions to the attacker. This allowed the attacker to reset Matt's password and gain access to his bank account. QUESTION 77 Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon? A. Combinator attack B. Dictionary attack C. Rainbow table attack D. Internal monologue attack Answer: D Explanation: The attacker disables the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. QUESTION 78 Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario? A. Baiting B. Piggybacking C. Diversion theft D. Honey trap Answer: D Explanation: The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization. Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 32 https://www.passleader.com/ QUESTION 79 Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as? A. Exploration B. Investigation C. Reconnaissance D. Enumeration Answer: C Explanation: Reconnaissance is the process of gathering information about a target. This information can be used to plan and execute an attack. In the case of phishing, reconnaissance would involve gathering information about the target company, such as its logo, formatting, and names of its employees. This information can be used to make the phishing message more likely to be opened and clicked on by the victim. QUESTION 80 Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited. What is the incident handling and response (IH&R) phase, in which Robert has determined these issues? A. Incident triage B. Preparation C. Incident recording and assignment D. Eradication Answer: A Explanation: In this phase, the identified security incidents are analyzed, validated, categorized, and prioritized. The IH&R team further analyzes the compromised device to find incident details such as the type of attack, its severity, target, impact, and method of propagation, and any vulnerabilities it exploited. QUESTION 81 At what stage of the cyber kill chain theory model does data exfiltration occur? A. Weaponization B. Actions on objectives C. Command and control D. Installation Answer: B Explanation: Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 33 https://www.passleader.com/ The adversary controls the victim’s system from a remote location and finally accomplishes their intended goals. The adversary gains access to confidential data, disrupts the services or network, or destroys the operational capability of the target by gaining access to its network and compromising more systems. Also, the adversary may use this as a launching point to perform other attacks. QUESTION 82 Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson's machine. What is the social engineering technique Steve employed in the above scenario? A. Diversion theft B. Quid pro quo C. Elicitation D. Phishing Answer: C Explanation: Attackers call numerous random numbers within a company, claiming to be from technical support. They offer their service to end users in exchange for confidential data or login credentials. QUESTION 83 An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web- application security testing and to guard the organization's web infrastructure against web- application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task? A. AlienVault® OSSIMTM B. Syhunt Hybrid C. Saleae Logic Analyzer D. Cisco ASA Answer: B Explanation: The Syhunt Hybrid scanner automates web application security testing and guards the organization’s web infrastructure against web application security threats. Syhunt Dynamic crawls websites and detects XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Syhunt Hybrid creates signatures to detect application vulnerabilities and prevents logout. It analyzes JavaScript (JS), logs suspicious responses, and tests errors for review. QUESTION 84 Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 34 https://www.passleader.com/ A. getsystem B. getuid C. keylogrecorder D. autoroute Answer: A Explanation: The getsystem module is a built-in Metasploit module that attempts to elevate the privileges of the current user to the highest possible level, including SYSTEM-level privileges. The getuid module is used to retrieve the user ID of the current user on the target system. The keylogrecorder module is used to log keystrokes on the target system, and the autoroute module is used to add a route to the target system. Neither of these modules is used for privilege escalation. QUESTION 85 Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discover open ports? A. Xmas scan B. IDLE/IPID header scan C. TCP Maimon scan D. ACK flag probe scan Answer: C Explanation: *Probe packet (FIN/ACK) ==> No response - Port is open ==> ICMP unreachable error response - Port is filtered ==> RST packet response - Port is closed QUESTION 86 An organization has automated the operation of critical infrastructure from a remote location. For this purpose, all the industrial control systems are connected to the Internet. To empower the manufacturing process, ensure the reliability of industrial networks, and reduce downtime and service disruption, the organization decided to install an OT security tool that further protects against security incidents such as cyber espionage, zero-day attacks, and malware. Which of the following tools must the organization employ to protect its critical infrastructure? A. Robotium B. BalenaCloud C. Flowmon D. IntentFuzzer Answer: C Explanation: Flowmon is an OT security tool that is designed to protect against security incidents such as cyber espionage, zero-day attacks, and malware in critical infrastructure environments. It can detect and prevent network anomalies and attacks on industrial control systems and help ensure the reliability and availability of industrial networks. Robotium is a mobile app testing framework, BalenaCloud is a container-based platform for building and deploying IoT applications, and IntentFuzzer is an Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 35 https://www.passleader.com/ Android app testing tool. None of these tools are designed for OT security or protecting critical infrastructure. QUESTION 87 Heather's company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring. Which of the following is this type of solution? A. IaaS B. SaaS C. PaaS D. CaaS Answer: B Explanation: In a SaaS model, the software application is hosted on the cloud provider's infrastructure, and the provider is responsible for managing the underlying hardware, operating system, and software. The user accesses the software through a web browser or an application, and the provider is responsible for patching, updating, and monitoring the application. In this scenario, the customer relationship management tool is hosted on the cloud provider's infrastructure, and Heather's company is only responsible for managing user accounts. IaaS (Infrastructure as a Service) provides access to virtualized computing resources over the internet, PaaS (Platform as a Service) provides a platform for developers to build and deploy applications, and CaaS (Containers as a Service) provides a container-based platform for deploying and managing applications. QUESTION 88 Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task? A. Google advanced search B. Meta search engines C. Reverse image search D. Advanced image search Answer: C Explanation: Reverse image search - Juliet used the images as search queries and searched the web for similar images, allowing her to track down the original source and details of the images. This technique can be done using search engines such as Google Images or TinEye, and is used to determine the origin and authenticity of images. QUESTION 89 Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 36 https://www.passleader.com/ A. Pass the hash B. Internal monologue attack C. LLMNR/NBT-NS poisoning D. Pass the ticket Answer: A Explanation: Pass the hash is a type of attack where the attacker does not need to know the password in order to authenticate to a system. Instead, the attacker can use the password hash to authenticate to the system. In this case, Mary has found password hashes in a client system. She can use these hashes to perform a pass the hash attack in order to authenticate to the system and continue with the test. QUESTION 90 Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? A. Credentialed assessment B. Internal assessment C. External assessment D. Passive assessment Answer: D Explanation: Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently accessing the network. QUESTION 91 Which of the following protocols can be used to secure an LDAP service against anonymous queries? A. NTLM B. RADIUS C. WPA D. SSO Answer: A Explanation: Use NT LAN Manager (NTLM), Kerberos, or any basic authentication mechanism to limit access to legitimate users. QUESTION 92 During the enumeration phase, Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445. Which of the following services is enumerated by Lawrence in this scenario? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 37 https://www.passleader.com/ A. Remote procedure call (RPC) B. Telnet C. Server Message Block (SMB) D. Network File System (NFS) Answer: C Explanation: Server Message Block (SMB) is a network protocol that allows computers to share files, printers, and other resources. It is typically used on Windows-based networks. SMB runs on TCP port 445. In this scenario, Lawrence is performing banner grabbing to obtain information about the services running on the target machine. He is able to obtain the OS details and versions of services running on TCP port 445. This means that the service that he enumerated is SMB. QUESTION 93 Jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However, Jane has a long, complex password on her router. What attack has likely occurred? A. Wardriving B. Wireless sniffing C. Evil twin D. Piggybacking Answer: C Explanation: An evil twin is a wireless AP that pretends to be a legitimate AP by imitating its SSID. QUESTION 94 Which file is a rich target to discover the structure of a website during web-server footprinting? A. domain.txt B. Robots.txt C. Document root D. index.html Answer: B Explanation: Robots.txt is a file that webmasters use to communicate with web crawlers and other automated agents visiting their site. This file is often used to exclude certain directories or pages from being crawled, but it can also contain valuable information about the site's directory structure and organization. By examining the robots.txt file, an attacker can gain insight into the site's organization and potentially identify hidden or sensitive directories. Domain.txt is not a standard file used in web server configuration or operation. Document root is the root directory of the web server, and index.html is the default home page file. While these files can provide information about the web server and its configuration, they do not necessarily reveal the structure of the website. QUESTION 95 John, a professional hacker, decided to use DNS to perform data exfiltration on a target network. In this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique, John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 38 https://www.passleader.com/ What is the technique employed by John to bypass the firewall? A. DNSSEC zone walking B. DNS cache snooping C. DNS enumeration D. DNS tunneling method Answer: D Explanation: DNS tunneling is a technique used to bypass network security controls by encapsulating non-DNS traffic within DNS packets. By embedding malicious data into the DNS protocol packets, an attacker can bypass firewalls and other security controls that are not configured to inspect DNS traffic. DNSSEC zone walking is a technique used to extract information from DNSSEC-signed zones by iterating over the DNS tree. DNS cache snooping is a technique used to obtain information about a DNS server's cache by sending queries for non-existent domain names. DNS enumeration is a technique used to gather information about a target network by querying DNS servers for information about the network's hosts and services. QUESTION 96 There have been concerns in your network that the wireless network component is not sufficiently secure. You perform a vulnerability scan of the wireless network and find that it is using an old encryption protocol that was designed to mimic wired encryption. What encryption protocol is being used? A. RADIUS B. WPA C. WEP D. WPA3 Answer: C Explanation: WEP is an old and outdated encryption protocol that was designed to provide wireless networks with a level of security similar to that of wired networks. However, it has been found to be vulnerable to a number of attacks, including key cracking and packet injection. WPA (Wi-Fi Protected Access) and WPA3 are more recent and secure encryption protocols for wireless networks. RADIUS (Remote Authentication Dial-In User Service) is a networking protocol used for centralized authentication, authorization, and accounting management. QUESTION 97 Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. Using this technique, he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense strategies against attacks. What is the technique used by Jacob in the above scenario to improve the security of the mobile application? A. Reverse engineering B. App sandboxing C. Jailbreaking D. Social engineering Answer: A Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 39 https://www.passleader.com/ Explanation: Reverse engineering is the process of analyzing and extracting the source code of a software or application, and if needed, regenerating it with required modifications.Reverse engineering is used to disassemble a mobile application to analyze its design flaws and fix any bugs that are residing in it. QUESTION 98 Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering. Which of the following design flaws in the authentication mechanism is exploited by Calvin? A. Insecure transmission of credentials B. Verbose failure messages C. User impersonation D. Password reset mechanism Answer: B Explanation: Attack Authentication Mechanism - Username Enumeration Exploit design and implementation flaws in web applications, such as failure to check password strength or insecure transmission of credentials, to bypass authentication mechanisms. verbose failure messages - In a typical login system, the user enters two fields, namely username and password. In some cases, an application will ask for additional information. QUESTION 99 Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization? A. DNS zone walking B. DNS cache snooping C. DNS SEC zone walking D. DNS cache poisoning Answer: B Explanation: DNS cache snooping is a type of DNS enumeration technique in which an attacker queries the DNS server for a specific cached DNS record. By using this cached record, the attacker can determine the sites recently visited by the user. QUESTION 100 An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct. What is the attack technique employed by the attacker to crack the passwords of the industrial control systems? Get Latest & Actual 312-50v12 Exam Questions and Answers from PassLeader. 40 https://www.passleader.com/ A. Side-channel attack B. Denial-of-service attack C. HMI-based attack D. Buffer overflow attack Answer: A Explanation: Attackers perform a side-channel attack by monitoring its physical implementation to obtain critical information from a target syst

Use Quizgecko on...
Browser
Browser