Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.
Free Download
  • Home
  • Articles
  • Free ECCouncil 312-50v12 Exam Questions & Answer from Training Expert BraindumpsIT [Q119-Q143]

Free ECCouncil 312-50v12 Exam Questions & Answer from Training Expert BraindumpsIT [Q119-Q143]

Share

Free ECCouncil 312-50v12 Exam Questions and Answer from Training Expert BraindumpsIT

Top ECCouncil 312-50v12 Courses Online

NEW QUESTION # 119
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?

  • A. Kerberos is preventing it.
  • B. L0phtcrack only sniffs logons to web servers.
  • C. Windows logons cannot be sniffed.
  • D. There is a NIDS present on that segment.

Answer: A


NEW QUESTION # 120
John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as?

  • A. White hat
  • B. Gray hat
  • C. Cybercriminal
  • D. Black hat

Answer: B


NEW QUESTION # 121
Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. B/enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.
identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?

  • A. <03>
  • B. <1B>
  • C. <00>
  • D. <20>

Answer: A

Explanation:
<03>
Windows Messenger administration
Courier administration is an organization based framework notice Windows administration by Microsoft that was remembered for some prior forms of Microsoft Windows.
This resigned innovation, despite the fact that it has a comparable name, isn't connected in any capacity to the later, Internet-based Microsoft Messenger administration for texting or to Windows Messenger and Windows Live Messenger (earlier named MSN Messenger) customer programming.
The Messenger Service was initially intended for use by framework managers to tell Windows clients about their networks.[1] It has been utilized malevolently to introduce spring up commercials to clients over the Internet (by utilizing mass-informing frameworks which sent an ideal message to a predetermined scope of IP addresses). Despite the fact that Windows XP incorporates a firewall, it isn't empowered naturally. Along these lines, numerous clients got such messages. Because of this maltreatment, the Messenger Service has been debilitated as a matter of course in Windows XP Service Pack 2.


NEW QUESTION # 122
Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cache poisoning by exploiting the vulnerabilities In the DNS server software and modified the original IP address of the target website to that of a fake website. What is the technique employed by Steve to gather information for identity theft?

  • A. Wardriving
  • B. Pharming
  • C. Skimming
  • D. Pretexting

Answer: B

Explanation:
A pharming attacker tries to send a web site's traffic to a faux website controlled by the offender, typically for the aim of collection sensitive data from victims or putting in malware on their machines. Attacker tend to specialize in making look-alike ecommerce and digital banking websites to reap credentials and payment card data.
Though they share similar goals, pharming uses a special technique from phishing. "Pharming attacker are targeted on manipulating a system, instead of tricking people into reaching to a dangerous web site," explains David Emm, principal security man of science at Kaspersky. "When either a phishing or pharming attacker is completed by a criminal, they need a similar driving issue to induce victims onto a corrupt location, however the mechanisms during which this is often undertaken are completely different."


NEW QUESTION # 123
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?

  • A. A backdoor placed into a cryptographic algorithm by its creator.
  • B. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
  • C. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
  • D. Extraction of cryptographic secrets through coercion or torture.

Answer: D


NEW QUESTION # 124
Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

  • A. Enable Active Scripts Detection at the firewall and routers
  • B. Create rules in IDS to alert on strange Unicode requests
  • C. Configure the Web Server to deny requests involving "hex encoded" characters
  • D. Use SSL authentication on Web Servers

Answer: B


NEW QUESTION # 125
Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

  • A. ACK flag probe scanning
  • B. ICMP Echo scanning
  • C. IPID scanning
  • D. SYN/FIN scanning using IP fragments

Answer: D

Explanation:
SYN/FIN scanning using IP fragments is a process of scanning that was developed to avoid false positives generated by other scans because of a packet filtering device on the target system. The TCP header splits into several packets to evade the packet filter. For any transmission, every TCP header must have the source and destination port for the initial packet (8-octet, 64-bit). The initialized flags in the next packet allow the remote host to reassemble the packets upon receipt via an Internet protocol module that detects the fragmented data packets using field-equivalent values of the source, destination, protocol, and identification.


NEW QUESTION # 126
Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

  • A. Cleanup
  • B. Persistence
  • C. Preparation
  • D. initial intrusion

Answer: D

Explanation:
After the attacker completes preparations, subsequent step is an effort to realize an edge within the target's environment. a particularly common entry tactic is that the use of spearphishing emails containing an internet link or attachment. Email links usually cause sites where the target's browser and related software are subjected to varied exploit techniques or where the APT actors plan to social engineer information from the victim which will be used later. If a successful exploit takes place, it installs an initial malware payload on the victim's computer. Figure 2 illustrates an example of a spearphishing email that contains an attachment. Attachments are usually executable malware, a zipper or other archive containing malware, or a malicious Office or Adobe PDF (Portable Document Format) document that exploits vulnerabilities within the victim's applications to ultimately execute malware on the victim's computer. Once the user has opened a malicious file using vulnerable software, malware is executing on the target system. These phishing emails are often very convincing and difficult to differentiate from legitimate email messages. Tactics to extend their believability include modifying legitimate documents from or associated with the organization. Documents are sometimes stolen from the organization or their collaborators during previous exploitation operations. Actors modify the documents by adding exploits and malicious code then send them to the victims. Phishing emails are commonly sent through previously compromised email servers, email accounts at organizations associated with the target or public email services. Emails also can be sent through mail relays with modified email headers to form the messages appear to possess originated from legitimate sources. Exploitation of vulnerabilities on public-facing servers is another favorite technique of some APT groups. Though this will be accomplished using exploits for known vulnerabilities, 0-days are often developed or purchased to be used in intrusions as required .


NEW QUESTION # 127
What tool can crack Windows SMB passwords simply by listening to network traffic?

  • A. L0phtcrack
  • B. Netbus
  • C. This is not possible
  • D. NTFSDOS

Answer: A


NEW QUESTION # 128
Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

  • A. Network-based intrusion detection system (NIDS)
  • B. Firewalls
  • C. Host-based intrusion detection system (HIDS)
  • D. Honeypots

Answer: A


NEW QUESTION # 129
Becky has been hired by a client from Dubai to perform a penetration test against one of their remote offices. Working from her location in Columbus, Ohio, Becky runs her usual reconnaissance scans to obtain basic information about their network. When analyzing the results of her Whois search, Becky notices that the IP was allocated to a location in Le Havre, France. Which regional Internet registry should Becky go to for detailed information?

  • A. ARIN
  • B. RIPE
  • C. APNIC
  • D. LACNIC

Answer: B

Explanation:
Regional Internet Registries (RIRs):
ARIN (American Registry for Internet Numbers)
AFRINIC (African Network Information Center)
APNIC (Asia Pacific Network Information Center)
RIPE (Reseaux IP Europeens Network Coordination Centre)
LACNIC (Latin American and Caribbean Network Information Center)


NEW QUESTION # 130
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise In order to evade IDS?

  • A. nmap -A -Pn
  • B. nmap -sT-O- To
  • C. nmap -sP- -p-65535-T5
  • D. nmap-A-host-time 99-T1

Answer: B

Explanation:
-A: Perform an aggressive scan which select most of the commonly used options within nmap
-Pn: Means Don't ping
-p:scan specific ports
-sT: TCP Connect scan
-O: Operating system detection
-T0: timing template (extremely slow- evade FW)


NEW QUESTION # 131
Which of the following tactics uses malicious code to redirect users' web traffic?

  • A. Spear-phishing
  • B. Spimming
  • C. Pharming
  • D. Phishing

Answer: C


NEW QUESTION # 132
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

  • A. Network sniffing
  • B. Session hijacking
  • C. Man-in-the middle attack
  • D. Firewalking

Answer: D


NEW QUESTION # 133
in this form of encryption algorithm, every Individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

  • A. AES
  • B. MDS encryption algorithm
  • C. IDEA
  • D. Triple Data Encryption standard

Answer: D

Explanation:
Triple DES is another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. In Stealth, you merely type within the entire 192-bit (24 character) key instead of entering each of the three keys individually. The Triple DES DLL then breaks the user-provided key into three subkeys, padding the keys if necessary in order that they are each 64 bits long. The procedure for encryption is strictly an equivalent as regular DES, but it's repeated 3 times , hence the name Triple DES. the info is encrypted with the primary key, decrypted with the second key, and eventually encrypted again with the third key. Triple DES runs 3 times slower than DES, but is far safer if used properly. The procedure for decrypting something is that the same because the procedure for encryption, except it's executed in reverse. Like DES, data is encrypted and decrypted in 64-bit chunks. Although the input key for DES is 64 bits long, the particular key employed by DES is merely 56 bits long . the smallest amount significant (right-most) bit in each byte may be a parity , and will be set in order that there are always an odd number of 1s in every byte. These parity bits are ignored, so only the seven most vital bits of every byte are used, leading to a key length of 56 bits. this suggests that the effective key strength for Triple DES is really 168 bits because each of the three keys contains 8 parity bits that aren't used during the encryption process. Triple DES Modes Triple ECB (Electronic Code Book) * This variant of Triple DES works precisely the same way because the ECB mode of DES. * this is often the foremost commonly used mode of operation. Triple CBC (Cipher Block Chaining) * This method is extremely almost like the quality DES CBC mode. * like Triple ECB, the effective key length is 168 bits and keys are utilized in an equivalent manner, as described above, but the chaining features of CBC mode also are employed. * the primary 64-bit key acts because the Initialization Vector to DES. * Triple ECB is then executed for one 64-bit block of plaintext. * The resulting ciphertext is then XORed with subsequent plaintext block to be encrypted, and therefore the procedure is repeated. * This method adds an additional layer of security to Triple DES and is therefore safer than Triple ECB, although it's not used as widely as Triple ECB.


NEW QUESTION # 134
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization.
What is the tool employed by John to gather information from the IDAP service?

  • A. EarthExplorer
  • B. Ike-scan
  • C. jxplorer
  • D. Zabasearch

Answer: C

Explanation:
JXplorer could be a cross platform LDAP browser and editor. it's a standards compliant general purpose LDAP client which will be used to search, scan and edit any commonplace LDAP directory, or any directory service with an LDAP or DSML interface.
It is extremely flexible and can be extended and custom in a very number of the way. JXplorer is written in java, and also the source code and source code build system ar obtainable via svn or as a packaged build for users who wish to experiment or any develop the program.
JX is is available in 2 versions; the free open source version under an OSI Apache two style licence, or within the JXWorkBench Enterprise bundle with inbuilt reporting, administrative and security tools.
JX has been through a number of different versions since its creation in 1999; the foremost recent stable release is version 3.3.1, the August 2013 release.
JXplorer could be a absolutely useful LDAP consumer with advanced security integration and support for the harder and obscure elements of the LDAP protocol. it's been tested on Windows, Solaris, linux and OSX, packages are obtainable for HPUX, AIX, BSD and it should run on any java supporting OS.


NEW QUESTION # 135
Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

  • A. Armitage
  • B. Metasploit
  • C. Nmap
  • D. Nikto

Answer: C


NEW QUESTION # 136
Bob, an attacker, has managed to access a target loT device. He employed an online tool to gather information related to the model of the loT device and the certifications granted to it. Which of the following tools did Bob employ to gather the above Information?

  • A. EarthExplorer
  • B. search.com
  • C. Google image search
  • D. FCC ID search

Answer: D

Explanation:
Footprinting techniques are used to collect basic information about the target IoT and OT platforms to exploit them. Information collected through footprinting techniques ncludes IP address, hostname, ISP, device location, banner of the target IoT device, FCC ID information, certification granted to the device, etc. pg. 5052 ECHv11 manual
https://en.wikipedia.org/wiki/FCC_mark
An FCC ID is a unique identifier assigned to a device registered with the United States Federal Communications Commission. For legal sale of wireless deices in the US, manufacturers must:
* Have the device evaluated by an independent lab to ensure it conforms to FCC standards
* Provide documentation to the FCC of the lab results
* Provide User Manuals, Documentation, and Photos relating to the device
* Digitally or physically label the device with the unique identifier provided by the FCC (upon approved application) The FCC gets its authourity from Title 47 of the Code of Federal Regulations (47 CFR). FCC IDs are required for all wireless emitting devices sold in the USA. By searching an FCC ID, you can find details on the wireless operating frequency (including strength), photos of the device, user manuals for the device, and SAR reports on the wireless emissions


NEW QUESTION # 137
Which of the following statements is FALSE with respect to Intrusion Detection Systems?

  • A. Intrusion Detection Systems can be configured to distinguish specific content in network packets
  • B. Intrusion Detection Systems can examine the contents of the data n context of the network protocol
  • C. Intrusion Detection Systems require constant update of the signature library
  • D. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

Answer: D


NEW QUESTION # 138
Which command can be used to show the current TCP/IP connections?

  • A. Net use connection
  • B. Netstat
  • C. Net use
  • D. Netsh

Answer: D


NEW QUESTION # 139
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email containing a deceptive page link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on the malicious link and logged in to that page using her valid credentials. Which of the following tools is employed by Clark to create the spoofed email?

  • A. Slowloris
  • B. PLCinject
  • C. PyLoris
  • D. Evilginx

Answer: D

Explanation:
Evilginx Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxy_pass and sub_filter to proxy and modify HTTP content, while intercepting traffic between client and server.


NEW QUESTION # 140
which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

  • A. Bluejacking
  • B. Bluesnarfing
  • C. Bluesmacking
  • D. Bluebugging

Answer: B

Explanation:
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant).


NEW QUESTION # 141
A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

  • A. Credentialed assessment
  • B. Host-based assessment
  • C. Database assessment
  • D. Distributed assessment

Answer: B

Explanation:
The host-based vulnerability assessment (VA) resolution arose from the auditors' got to periodically review systems. Arising before the net becoming common, these tools typically take an "administrator's eye" read of the setting by evaluating all of the knowledge that an administrator has at his or her disposal.
Uses
Host VA tools verify system configuration, user directories, file systems, registry settings, and all forms of other info on a number to gain information about it. Then, it evaluates the chance of compromise. it should also live compliance to a predefined company policy so as to satisfy an annual audit. With administrator access, the scans area unit less possible to disrupt traditional operations since the computer code has the access it has to see into the complete configuration of the system.
What it Measures Host
VA tools will examine the native configuration tables and registries to spot not solely apparent vulnerabilities, however additionally "dormant" vulnerabilities - those weak or misconfigured systems and settings which will be exploited when an initial entry into the setting. Host VA solutions will assess the safety settings of a user account table; the access management lists related to sensitive files or data; and specific levels of trust applied to other systems. The host VA resolution will a lot of accurately verify the extent of the danger by determinant however way any specific exploit could also be ready to get.


NEW QUESTION # 142
During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

  • A. Stateful
  • B. Application
  • C. Packet Filtering
  • D. Circuit

Answer: B

Explanation:
https://en.wikipedia.org/wiki/Internet_Relay_Chat
Internet Relay Chat (IRC) is an application layer protocol that facilitates communication in text. The chat process works on a client/server networking model. IRC clients are computer programs that users can install on their system or web-based applications running either locally in the browser or on a third-party server. These clients communicate with chat servers to transfer messages to other clients.
IRC is a plaintext protocol that is officially assigned port 194, according to IANA. However, running the service on this port requires running it with root-level permissions, which is inadvisable. As a result, the well-known port for IRC is 6667, a high-number port that does not require elevated privileges. However, an IRC server can also be configured to run on other ports as well.
You can't tell if an IRC server is designed to be malicious solely based on port number. Still, if you see an IRC server running on port a WKP such as 80, 8080, 53, 443, it's almost always going to be malicious; the only real reason for IRCD to be running on port 80 is to try to evade firewalls.
https://en.wikipedia.org/wiki/Application_firewall
An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the OSI model's application layer, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.
Application layer filtering operates at a higher level than traditional security appliances. This allows packet decisions to be made based on more than just source/destination IP Addresses or ports. It can also use information spanning across multiple connections for any given host.
Network-based application firewalls
Network-based application firewalls operate at the application layer of a TCP/IP stack. They can understand certain applications and protocols such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP). This allows it to identify unwanted applications or services using a non-standard port or detect if an allowed protocol is being abused.
Host-based application firewalls
A host-based application firewall monitors application system calls or other general system communication. This gives more granularity and control but is limited to only protecting the host it is running on. Control is applied by filtering on a per-process basis. Generally, prompts are used to define rules for processes that have not yet received a connection. Further filtering can be done by examining the process ID of the owner of the data packets. Many host-based application firewalls are combined or used in conjunction with a packet filter.


NEW QUESTION # 143
......


The 312-50v12 certification exam is a comprehensive exam that covers a wide range of topics related to ethical hacking. It requires candidates to have a deep understanding of the latest tools, techniques, and methodologies used in the field of ethical hacking. 312-50v12 exam is designed to test the candidate's ability to identify vulnerabilities in systems and networks and to exploit them in a controlled and ethical manner.


ECCouncil 312-50v12 exam is a rigorous test that requires a deep understanding of cybersecurity fundamentals, as well as practical experience in ethical hacking. 312-50v12 exam consists of 125 multiple-choice questions that must be completed in four hours. In addition to passing the exam, candidates must also adhere to the ECCouncil Code of Ethics, which requires them to maintain the highest level of professionalism and integrity in their work. The CEH certification is valid for three years, after which individuals must recertify to maintain their credential.

 

New (2023) ECCouncil 312-50v12 Exam Dumps: https://passguide.braindumpsit.com/312-50v12-latest-dumps.html

Related Articles

more
ECCouncil 312-50v12 Certification Practice Exam

If candidates choose our exam dumps you will clear exam surely. If you purchase our dumps PDF but fail at the exam, you can get a refund simply by providing a scanned unqualified certificate. 100% Pass Exam, or Full Refund!

Latest testking Braindumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BraindumpsIT NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy