What does the -oX flag do in an Nmap scan?
A. Perform an eXpress scan
B. Output the results in truncated format to the screen
C. Output the results in XML format to a file
D. Perform an Xmas scan
Answer: (SHOW ANSWER)
-oX <filespec> - Requests that XML output be directed to the given filename.
Incorrect answers:
Run an express scan https://nmap.org/book/man-port-specification.html
There is no express scan in Nmap, but there is a fast scan.
-F (Fast (limited port) scan)
Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most
common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.
Or we can influence the intensity (and speed) of the scan with the -T flag.
-T paranoid|sneaky|polite|normal|aggressive|insane
Output the results in truncated format to the screen https://nmap.org/book/man-output.html
-oG <filespec> (grepable output)
It is a simple format that lists each host on one line and can be trivially searched and parsed with
standard Unix tools such as grep, awk, cut, sed, diff, and Perl.
Run a Xmas scan https://nmap.org/book/man-port-scanning-techniques.html Xmas scan (-sX)
Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
NEW QUESTION: 52
In both pharming and phishing attacks, an attacker can create websites that look similar to
legitimate sites with the intent of collecting personal identifiable information from its victims.
What is the difference between pharming and phishing attacks?
A. Both pharming and phishing attacks are identical
B. In a pharming attack, a victim is redirected to a fake website by modifying their host
configuration file or by exploiting vulnerabilities in DNS. In a phishing attack, an attacker provides
the victim with a URL that is either misspelled or looks similar to the actual websites domain
name
C. In a phishing attack, a victim is redirected to a fake website by modifying their host
configuration file or by exploiting vulnerabilities in DNS. In a pharming attack, an attacker provides
the victim with a URL that is either misspelled or looks very similar to the actual websites domain
name
D. Both pharming and phishing attacks are purely technical and are not considered forms of
social engineering
Answer: (SHOW ANSWER)
NEW QUESTION: 53
Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation
on the organization's network resources. To perform the attack, he took advantage of the
NetBIOS API and targeted the NetBIOS service. B/enumerating NetBIOS, he found that port 139
was open and could see the resources that could be accessed or viewed on a remote system. He
came across many NetBIOS codes during enumeration.
identify the NetBIOS code used for obtaining the messenger service running for the logged-in
user?
A. <1B>
B. <00>
C. <03>
D. <20>
Answer: (SHOW ANSWER)
<03>
Windows Messenger administration
Courier administration is an organization based framework notice Windows administration by
Microsoft that was remembered for some prior forms of Microsoft Windows.
This resigned innovation, despite the fact that it has a comparable name, isn't connected in any
capacity to the later, Internet-based Microsoft Messenger administration for texting or to Windows
Messenger and Windows Live Messenger (earlier named MSN Messenger) customer
programming.
The Messenger Service was initially intended for use by framework managers to tell Windows
clients about their networks.[1] It has been utilized malevolently to introduce spring up
commercials to clients over the Internet (by utilizing mass-informing frameworks which sent an
ideal message to a predetermined scope of IP addresses). Despite the fact that Windows XP
incorporates a firewall, it isn't empowered naturally. Along these lines, numerous clients got such
messages. Because of this maltreatment, the Messenger Service has been debilitated as a
matter of course in Windows XP Service Pack 2.
NEW QUESTION: 54
Why would you consider sending an email to an address that you know does not exist within the
company you are performing a Penetration Test for?
A. To determine who is the holder of the root account
B. To create needless SPAM
C. To perform a DoS
D. To test for virus protection
E. To illicit a response back that will reveal information about email servers and how they treat
undeliverable mail
Answer: (SHOW ANSWER)
NEW QUESTION: 55
You have gained physical access to a Windows 2008 R2 server which has an accessible disc
drive. When you attempt to boot the server and log in, you are unable to guess the password. In
your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any
user's password or activate disabled Windows accounts?
A. John the Ripper
B. SET
C. CHNTPW
D. Cain & Abel
Answer: (SHOW ANSWER)
NEW QUESTION: 56
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying
open ports in the target network and determining whether the ports are online and any firewall
rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network.
Which of the following Nmap commands must John use to perform the TCP SYN ping scan?
A. nmap -sn -pp < target ip address >
B. nmap -sn -PO < target IP address >
C. nmap -sn -PS < target IP address >
D. nmap -sn -PA < target IP address >
Answer: (SHOW ANSWER)
NEW QUESTION: 57
Peter is surfing the internet looking for information about DX Company. Which hacking process is
Peter doing?
A. Enumeration
B. System Hacking
C. Scanning
D. Footprinting
Answer: (SHOW ANSWER)
NEW QUESTION: 58
You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize
information. How long will the secondary servers attempt to contact the primary server before it
considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)
A. One week
B. One hour
C. One month
D. One day
Answer: (SHOW ANSWER)
NEW QUESTION: 59
Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed
to improve the accuracy and accountability of corporate disclosures. It covers accounting firms
and third parties that provide financial services to some organizations and came into effect in
2002. This law is known by what acronym?
A. Fed RAMP
B. PCIDSS
C. SOX
D. HIPAA
Answer: (SHOW ANSWER)
The Sarbanes-Oxley Act of 2002 could be a law the U.S. Congress passed on July thirty of that
year to assist defend investors from fallacious money coverage by companies.Also called the
SOX Act of 2002 and also the company Responsibility Act of 2002, it mandated strict reforms to
existing securities rules and obligatory powerful new penalties on law breakers.
The Sarbanes-Oxley law Act of 2002 came in response to money scandals within the early 2000s
involving in public listed corporations like Enron Corporation, Tyco International plc, and
WorldCom. The high-profile frauds cask capitalist confidence within the trustiness of company
money statements Associate in Nursingd light-emitting diode several to demand an overhaul of
decades-old restrictive standards.
NEW QUESTION: 60
A. nmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
B. nmap -Pn -sU -p 44818 --script enip-info < Target IP >
C. nmap -Pn -sT -p 46824 < Target IP >
D. nmap -Pn -sT -p 102 --script s7-info < Target IP >
Answer: (SHOW ANSWER)
enip-info NSE script — Nmap Scripting Engine documentation
How to use the enip-info NSE script: examples, script-args, and references.
nmap.org
Example Usage enip-info:
- nmap --script enip-info -sU -p 44818 <host>
This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818
open. The script will send a Request Identity Packet and once a response is received, it validates
that it was a proper response to the command that was sent, and then will parse out the data.
Information that is parsed includes Device Type, Vendor ID, Product name, Serial Number,
Product code, Revision Number, status, state, as well as the Device IP.
This script was written based of information collected by using the the Wireshark dissector for
CIP, and EtherNet/IP, The original information was collected by running a modified version of the
ethernetip.py script (https://github.com/paperwork/pyenip)
NEW QUESTION: 61
Security administrator John Smith has noticed abnormal amounts of traffic coming from local
computers at night. Upon reviewing, he finds that user data have been exfilltrated by an attacker.
AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any nonwhitelisted
programs, what type of malware did the attacker use to bypass the company's
application whitelisting?
A. Phishing malware
B. Zero-day malware
C. File-less malware
D. Logic bomb malware
Answer: C (LEAVE A REPLY)
html
Valid 312-50v12 Dumps shared by PassTestKing.com for Helping Passing 312-50v12 Exam!
PassTestKing.com now offer the newest 312-50v12 exam dumps, the PassTestKing.com
312-50v12 exam questions have been updated and answers have been corrected get the
newest PassTestKing.com 312-50v12 dumps with Test Engine here:
https://www.passtestking.com/ECCouncil/312-50v12-practice-exam-dumps.html (505 Q&As
Dumps, 35%OFF Special Discount Code: freecram)
NEW QUESTION: 62
Which of the following statements is TRUE?
A. Packet Sniffers operate on the Layer 1 of the OSI model.
B. Packet Sniffers operate on Layer 2 of the OSI model.
C. Packet Sniffers operate on Layer 3 of the OSI model.
D. Packet Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 63
A hacker has successfully infected an internet-facing server which he will then use to send junk
mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this
server?
A. Botnet Trojan
B. Ransomware Trojans
C. Banking Trojans
D. Turtle Trojans
Answer: (SHOW ANSWER)
NEW QUESTION: 64
What is the algorithm used by LM for Windows2000 SAM?
A. DES
B. MD4
C. SSL
D. SHA
Answer: (SHOW ANSWER)
NEW QUESTION: 65
While examining audit logs, you discover that people are able to telnet into the SMTP server on
port 25. You would like to block this, though you do not see any evidence of an attack or other
wrong doing. However, you are concerned about affecting the normal functionality of the email
server. From the following options choose how best you can achieve this objective?
A. Block port 25 at the firewall.
B. Force all connections to use a username and password.
C. Switch from Windows Exchange to UNIX Sendmail.
D. Shut off the SMTP service on the server.
E. None of the above.
Answer: (SHOW ANSWER)
NEW QUESTION: 66
Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)
A. 44EFCE164AB921CQAAD3B435B51404EE
B. E52CAC67419A9A224A3B108F3FA6CB6D
C. CEC52EB9C8E3455DC2265B23734E0DAC
D. BA810DBA98995F1817306D272A9441BB
E. B757BF5C0D87772FAAD3B435B51404EE
F. 0182BD0BD4444BF836077A718CCDF409
Answer: (SHOW ANSWER)
NEW QUESTION: 67
Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits
into a software program, which involves 32 rounds of computational operations that include
substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with
4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can
be integrated by Tony into the software program?
A. serpent
B. CAST-128
C. TEA
D. RC5
Answer: (SHOW ANSWER)
NEW QUESTION: 68
which type of virus can change its own code and then cipher itself multiple times as it replicates?
A. Stealth virus
B. Tunneling virus
C. Cavity virus
D. Encryption virus
Answer: (SHOW ANSWER)
A stealth virus may be a sort of virus malware that contains sophisticated means of avoiding
detection by antivirus software. After it manages to urge into the now-infected machine a stealth
viruses hides itself by continually renaming and moving itself round the disc. Like other viruses, a
stealth virus can take hold of the many parts of one's PC. When taking control of the PC and
performing tasks, antivirus programs can detect it, but a stealth virus sees that coming and can
rename then copy itself to a special drive or area on the disc, before the antivirus software. Once
moved and renamed a stealth virus will usually replace the detected 'infected' file with a clean file
that doesn't trigger anti-virus detection. It's a never-ending game of cat and mouse. The intelligent
architecture of this sort of virus about guarantees it's impossible to completely rid oneself of it
once infected. One would need to completely wipe the pc and rebuild it from scratch to completely
eradicate the presence of a stealth virus. Using regularly-updated antivirus software can reduce
risk, but, as we all know, antivirus software is additionally caught in an endless cycle of finding
new threats and protecting against them.
NEW QUESTION: 69
Which of the following allows attackers to draw a map or outline the target organization's network
infrastructure to know about the actual environment that they are going to hack.
A. Malware analysis
B. Enumeration
C. Scanning networks
D. Vulnerability analysis
Answer: (SHOW ANSWER)
NEW QUESTION: 70
A. DNS cache snooping
B. DNS cache poisoning
C. DNS zone walking
D. DNS SEC zone walking
Answer: (SHOW ANSWER)
NEW QUESTION: 71
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed
directory services. He used an automated tool to anonymously query the IDAP service for
sensitive information such as usernames. addresses, departmental details, and server names to
launch further attacks on the target organization.
What is the tool employed by John to gather information from the IDAP service?
A. jxplorer
B. Zabasearch
C. EarthExplorer
D. Ike-scan
Answer: (SHOW ANSWER)
JXplorer could be a cross platform LDAP browser and editor. it's a standards compliant general
purpose LDAP client which will be used to search, scan and edit any commonplace LDAP
directory, or any directory service with an LDAP or DSML interface.
It is extremely flexible and can be extended and custom in a very number of the way. JXplorer is
written in java, and also the source code and source code build system ar obtainable via svn or
as a packaged build for users who wish to experiment or any develop the program.
JX is is available in 2 versions; the free open source version under an OSI Apache two style
licence, or within the JXWorkBench Enterprise bundle with inbuilt reporting, administrative and
security tools.
JX has been through a number of different versions since its creation in 1999; the foremost recent
stable release is version 3.3.1, the August 2013 release.
JXplorer could be a absolutely useful LDAP consumer with advanced security integration and
support for the harder and obscure elements of the LDAP protocol. it's been tested on Windows,
Solaris, linux and OSX, packages are obtainable for HPUX, AIX, BSD and it should run on any
java supporting OS.
NEW QUESTION: 72
Which of the following viruses tries to hide from anti-virus programs by actively altering and
corrupting the chosen service call interruptions when they are being run?
A. Stealth/Tunneling virus
B. Macro virus
C. Polymorphic virus
D. Cavity virus
Answer: (SHOW ANSWER)
NEW QUESTION: 73
Samuel, a professional hacker, monitored and Intercepted already established traffic between
Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with
Bob's IP address to the host machine. The host machine responded with <| packet having an
Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to
communicate with the host machine on behalf of Bob. What is the type of attack performed by
Samuel in the above scenario?
A. UDP hijacking
B. Blind hijacking
C. TCP/IP hacking
D. Forbidden attack
Answer: (SHOW ANSWER)
A TCP/IP hijack is an attack that spoofs a server into thinking it's talking with a sound client, once
actually it's communication with an assaulter that has condemned (or hijacked) the tcp session.
Assume that the client has administrator-level privileges, which the attacker needs to steal that
authority so as to form a brand new account with root-level access of the server to be used
afterward. A tcp Hijacking is sort of a two-phased man-in-the-middle attack. The man-in-themiddle
assaulter lurks within the circuit between a shopper and a server so as to work out what
port and sequence numbers are being employed for the conversation.
First, the attacker knocks out the client with an attack, like Ping of Death, or ties it up with some
reasonably ICMP storm. This renders the client unable to transmit any packets to the server.
Then, with the client crashed, the attacker assumes the client's identity so as to talk with the
server. By this suggests, the attacker gains administrator-level access to the server.
One of the most effective means of preventing a hijack attack is to want a secret, that's a shared
secret between the shopper and also the server. looking on the strength of security desired, the
key may be used for random exchanges. this is often once a client and server periodically
challenge each other, or it will occur with each exchange, like Kerberos.
NEW QUESTION: 74
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3
encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity
and forced the victim to go through the WPA2 four-way handshake to get connected. After the
connection was established, the attacker used automated tools to crack WPA2-encrypted
messages. What is the attack performed in the above scenario?
A. Downgrade security attack
B. Cache-based attack
C. Timing-based attack
D. Side-channel attack
Answer: (SHOW ANSWER)
NEW QUESTION: 75
What is the proper response for a NULL scan if the port is closed?
A. ACK
B. SYN
C. RST
D. No response
E. FIN
F. PSH
Answer: (SHOW ANSWER)
NEW QUESTION: 76
One of your team members has asked you to analyze the following SOA record.
What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600
604800 2400.)
A. 3600
B. 2400
C. 200303028
D. 604800
E. 4800
F. 60
Answer: (SHOW ANSWER)
Valid 312-50v12 Dumps shared by PassTestKing.com for Helping Passing 312-50v12 Exam!
PassTestKing.com now offer the newest 312-50v12 exam dumps, the PassTestKing.com
312-50v12 exam questions have been updated and answers have been corrected get the
newest PassTestKing.com 312-50v12 dumps with Test Engine here:
https://www.passtestking.com/ECCouncil/312-50v12-practice-exam-dumps.html (505 Q&As
Dumps, 35%OFF Special Discount Code: freecram)
NEW QUESTION: 77
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity
firms. He found the contact number of sibertech.org and dialed the number, claiming himself to
represent a technical support team from a vendor. He warned that a specific server is about to be
compromised and requested sibertech.org to follow the provided instructions. Consequently, he
prompted the victim to execute unusual commands and install malicious files, which were then
used to collect and pass critical Information to Johnson's machine. What is the social engineering
technique Steve employed in the above scenario?
A. Quid pro quo
B. Diversion theft
C. Elicitation
D. Phishing
Answer: (SHOW ANSWER)
Understanding and Preventing Social Engineering Attacks
What is social engineering attack definition, social engineering attack example, preventing social engineering attacks, and social engineering attacks rely on which of the following social engineering techniques.
www.eccouncil.org
This Social Engineering scam involves an exchange of information that can benefit both the victim
and the trickster. Scammers would make the prey believe that a fair exchange will be present
between both sides, but in reality, only the fraudster stands to benefit, leaving the victim hanging
on to nothing. An example of a Quid Pro Quo is a scammer pretending to be an IT support
technician. The con artist asks for the login credentials of the company's computer saying that the
company is going to receive technical support in return. Once the victim has provided the
credentials, the scammer now has control over the company's computer and may possibly load
malware or steal personal information that can be a motive to commit identity theft.
"A quid pro quo attack (aka something for something" attack) is a variant of baiting. Instead of
baiting a target with the promise of a good, a quid pro quo attack promises a service or a benefit
based on the execution of a specific action." https://resources.infosecinstitute.com/topic/commonsocial-
engineering-attacks/#:~:text=A%20quid%20pro%20quo%20attack,execution%20of%20a
%20specific%20action.
NEW QUESTION: 78
John is an incident handler at a financial institution. His steps in a recent incident are not up to the
standards of the company. John frequently forgets some steps and procedures while handling
responses as they are very stressful to perform. Which of the following actions should John take
to overcome this problem with the least administrative effort?
A. Increase his technical skills.
B. Create an incident checklist.
C. Read the incident manual every time it occurs.
D. Select someone else to check the procedures.
Answer: (SHOW ANSWER)
NEW QUESTION: 79
In the context of password security, a simple dictionary attack involves loading a dictionary file (a
text file full of dictionary words) into a cracking application such as L0phtCrack or John the
Ripper, and running it against user accounts located by the application. The larger the word and
word fragment selection, the more effective the dictionary attack is. The brute force method is the
most inclusive, although slow. It usually tries every possible letter and number combination in its
automated exploration. If you would use both brute force and dictionary methods combined
together to have variation of words, what would you call such an attack?
A. Hybrid
B. BruteDics
C. Full Blown
D. Thorough
Answer: (SHOW ANSWER)
NEW QUESTION: 80
A. John the Ripper
B. THC-Hydra
C. Hashcat
D. netcat
Answer: (SHOW ANSWER)
NEW QUESTION: 81
When conducting a penetration test, it is crucial to use all means to get all available information
about the target network. One of the ways to do that is by sniffing the network. Which of the
following cannot be performed by the passive network sniffing?
A. Identifying operating systems, services, protocols and devices
B. Capturing a network traffic for further analysis
C. Modifying and replaying captured network traffic
D. Collecting unencrypted information about usernames and passwords
Answer: (SHOW ANSWER)
NEW QUESTION: 82
Harper, a software engineer, is developing an email application. To ensure the confidentiality of
email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round
Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes
(S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent
rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1)
for performing its functions. What is the algorithm employed by Harper to secure the email
messages?
A. AES
B. GOST block cipher
C. CAST-128
D. DES
Answer: (SHOW ANSWER)
NEW QUESTION: 83
This type of injection attack does not show any error message. It is difficult to exploit as it returns
information when the application is given SQL payloads that elicit a true or false response from
the server. By observing the response, an attacker can extract sensitive information. What type of
attack is this?
A. Blind SQL injection
B. Union SQL injection
C. Error-based SQL injection
D. Time-based SQL injection
Answer: A (LEAVE A REPLY)
NEW QUESTION: 84
Bella, a security professional working at an it firm, finds that a security breach has occurred while
transferring important files. Sensitive data, employee usernames. and passwords are shared In
plaintext, paving the way for hackers 10 perform successful session hijacking. To address this
situation. Bella Implemented a protocol that sends data using encryption and digital certificates.
Which of the following protocols Is used by Bella?
A. FTP
B. HTTPS
C. FTPS
D. IP
Answer: (SHOW ANSWER)
The File Transfer Protocol (FTP) is a standard organization convention utilized for the exchange
of PC records from a worker to a customer on a PC organization. FTP is based on a customer
worker model engineering utilizing separate control and information associations between the
customer and the server.[1] FTP clients may validate themselves with an unmistakable book signin
convention, ordinarily as a username and secret key, however can interface namelessly if the
worker is designed to permit it. For secure transmission that ensures the username and secret
phrase, and scrambles the substance, FTP is frequently made sure about with SSL/TLS (FTPS)
or supplanted with SSH File Transfer Protocol (SFTP).
The primary FTP customer applications were order line programs created prior to working
frameworks had graphical UIs, are as yet dispatched with most Windows, Unix, and Linux
working systems.[2][3] Many FTP customers and mechanization utilities have since been created
for working areas, workers, cell phones, and equipment, and FTP has been fused into profitability
applications, for example, HTML editors.
NEW QUESTION: 85
You are a penetration tester working to test the user awareness of the employees of the client
xyz. You harvested two employees' emails from some public sources and are creating a clientside
backdoor to send it to the employees via email. Which stage of the cyber kill chain are you
at?
A. Reconnaissance
B. Command and control
C. Weaponization
D. Exploitation
Answer: (SHOW ANSWER)
Weaponization
The adversary analyzes the data collected in the previous stage to identify the vulnerabilities and
techniques that can exploit and gain unauthorized access to the target organization. Based on the
vulnerabilities identified during analysis, the adversary selects or creates a tailored deliverable
malicious payload (remote-access malware weapon) using an exploit and a backdoor to send it to
the victim. An adversary may target specific network devices, operating systems, endpoint
devices, or even individuals within the organization to carry out their attack. For example, the
adversary may send a phishing email to an employee of the target organization, which may
include a malicious attachment such as a virus or worm that, when downloaded, installs a
backdoor on the system that allows remote access to the adversary. The following are the
activities of the adversary: o Identifying appropriate malware payload based on the analysis o
Creating a new malware payload or selecting, reusing, modifying the available malware payloads
based on the identified vulnerability o Creating a phishing email campaign o Leveraging exploit
kits and botnets
Kill chain - Wikipedia
The Cyber Kill Chain consists of 7 steps: Reconnaissance, weaponization, delivery, exploitation,
installation, command and control, and finally, actions on objectives. Below you can find detailed
information on each.
1. Reconnaissance: In this step, the attacker/intruder chooses their target. Then they conduct indepth
research on this target to identify its vulnerabilities that can be exploited.
2. Weaponization: In this step, the intruder creates a malware weapon like a virus, worm, or such
to exploit the target's vulnerabilities. Depending on the target and the purpose of the attacker, this
malware can exploit new, undetected vulnerabilities (also known as the zero-day exploits) or
focus on a combination of different vulnerabilities.
3. Delivery: This step involves transmitting the weapon to the target. The intruder/attacker can
employ different USB drives, e-mail attachments, and websites for this purpose.
4. Exploitation: In this step, the malware starts the action. The program code of the malware is
triggered to exploit the target's vulnerability/vulnerabilities.
5. Installation: In this step, the malware installs an access point for the intruder/attacker. This
access point is also known as the backdoor.
6. Command and Control: The malware gives the intruder/attacker access to the network/system.
7. Actions on Objective: Once the attacker/intruder gains persistent access, they finally take
action to fulfill their purposes, such as encryption for ransom, data exfiltration, or even data
destruction.
NEW QUESTION: 86
Which DNS resource record can indicate how long any "DNS poisoning" could last?
A. SOA
B. TIMEOUT
C. MX
D. NS
Answer: (SHOW ANSWER)
NEW QUESTION: 87
Peter, a Network Administrator, has come to you looking for advice on a tool that would help him
perform SNMP enquires over the network.
Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.
A. NMap
B. SNMPUtil
C. Solarwinds IP Network Browser
D. SNScan
E. SNMPScan
Answer: (SHOW ANSWER)
NEW QUESTION: 88
Which type of security feature stops vehicles from crashing through the doors of a building?
A. Receptionist
B. Bollards
C. Turnstile
D. Mantrap
Answer: (SHOW ANSWER)
NEW QUESTION: 89
Which of the following antennas is commonly used in communications for a frequency band of 10
MHz to VHF and UHF?
A. Parabolic grid antenna
B. Yagi antenna
C. Dipole antenna
D. Omnidirectional antenna
Answer: (SHOW ANSWER)
NEW QUESTION: 90
A. tcpsplice
B. Burp
C. Hydra
D. Whisker
Answer: (SHOW ANSWER)
«Many IDS reassemble communication streams; hence, if a packet is not received within a
reasonable period, many IDS stop reassembling and handling that stream. If the application
under attack keeps a session active for a longer time than that spent by the IDS on reassembling
it, the IDS will stop. As a result, any session after the IDS stops reassembling the sessions will be
susceptible to malicious data theft by attackers. The IDS will not log any attack attempt after a
successful splicing attack. Attackers can use tools such as Nessus for session splicing attacks.»
Did you know that the EC-Council exam shows how well you know their official book? So, there is
no "Whisker" in it. In the chapter "Evading IDS" -> "Session Splicing", the recommended tool for
performing a session-splicing attack is Nessus. Where Wisker came from is not entirely clear, but
I will assume the author of the question found it while copying Wikipedia.
https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques One basic
technique is to split the attack payload into multiple small packets so that the IDS must
reassemble the packet stream to detect the attack. A simple way of splitting packets is by
fragmenting them, but an adversary can also simply craft packets with small payloads. The
'whisker' evasion tool calls crafting packets with small payloads 'session splicing'.
By itself, small packets will not evade any IDS that reassembles packet streams. However, small
packets can be further modified in order to complicate reassembly and detection. One evasion
technique is to pause between sending parts of the attack, hoping that the IDS will time out before
the target computer does. A second evasion technique is to send the packets out of order,
confusing simple packet re-assemblers but not the target computer.
NOTE: Yes, I found scraps of information about the tool that existed in 2012, but I can not give
you unverified information. According to the official tutorials, the correct answer is Nessus, but if
you know anything about Wisker, please write in the QA section. Maybe this question will be
updated soon, but I'm not sure about that.
NEW QUESTION: 91
John, a professional hacker, decided to use DNS to perform data exfiltration on a target network,
in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC
cannot detect. Using this technique. John successfully injected malware to bypass a firewall and
maintained communication with the victim machine and C&C server. What is the technique
employed by John to bypass the firewall?
A. DNS cache snooping
B. DNSSEC zone walking
C. DNS tunneling method
D. DNS enumeration
Answer: (SHOW ANSWER)
DNS tunneling may be a method wont to send data over the DNS protocol, a protocol which has
never been intended for data transfer. due to that, people tend to overlook it and it's become a
well-liked but effective tool in many attacks. Most popular use case for DNS tunneling is obtaining
free internet through bypassing captive portals at airports, hotels, or if you are feeling patient the
not-so-cheap on the wing Wi-Fi. On those shared internet hotspots HTTP traffic is blocked until a
username/password is provided, however DNS traffic is usually still allowed within the
background: we will encode our HTTP traffic over DNS and voilà, we've internet access. This
sounds fun but reality is, browsing anything on DNS tunneling is slow. Like, back to 1998 slow.
Another more dangerous use of DNS tunneling would be bypassing network security devices
(Firewalls, DLP appliances...) to line up an immediate and unmonitored communications channel
on an organisation's network. Possibilities here are endless: Data exfiltration, fixing another
penetration testing tool... you name it. To make it even more worrying, there's an outsized amount
of easy to use DNS tunneling tools out there. There's even a minimum of one VPN over DNS
protocol provider (warning: the planning of the web site is hideous, making me doubt on the
legitimacy of it). As a pentester all this is often great, as a network admin not such a lot .
How does it work:
For those that ignoramus about DNS protocol but still made it here, i feel you deserve a really
brief on what DNS does: DNS is sort of a phonebook for the web , it translates URLs (humanfriendly
language, the person's name), into an IP address (machine-friendly language, the phone
number). That helps us remember many websites, same as we will remember many people's
names. For those that know what DNS is i might suggest looking here for a fast refresh on DNS
protocol, but briefly what you would like to understand is: * A Record: Maps a website name to an
IP address. example.com ? 12.34.52.67 * NS Record (a.k.a. Nameserver record): Maps a website
name to an inventory of DNS servers, just in case our website is hosted in multiple servers.
example.com ? server1.example.com, server2.example.com Who is involved in DNS tunneling? *
Client. Will launch DNS requests with data in them to a website . * One Domain that we will
configure. So DNS servers will redirect its requests to an outlined server of our own. * Server. this
is often the defined nameserver which can ultimately receive the DNS requests. The 6 Steps in
DNS tunneling (simplified): 1. The client encodes data during a DNS request. The way it does this
is often by prepending a bit of knowledge within the domain of the request. for instance :
mypieceofdata.server1.example.com 2. The DNS request goes bent a DNS server. 3. The DNS
server finds out the A register of your domain with the IP address of your server. 4. The request
for mypieceofdata.server1.example.com is forwarded to the server. 5. The server processes
regardless of the mypieceofdata was alleged to do. Let's assume it had been an HTTP request. 6.
The server replies back over DNS and woop woop, we've got signal.
Bypassing Firewalls through the DNS Tunneling Method DNS operates using UDP, and it has a
255-byte limit on outbound queries. Moreover, it allows only alphanumeric characters and
hyphens. Such small size constraints on external queries allow DNS to be used as an ideal
choice to perform data exfiltration by various malicious entities. Since corrupt or malicious data
can be secretly embedded into the DNS protocol packets, even DNSSEC cannot detect the
abnormality in DNS tunneling. It is effectively used by malware to bypass the firewall to maintain
communication between the victim machine and the C&C server. Tools such as NSTX
(https://sourceforge.net), Heyoka (http://heyoka.sourceforge.netuse), and Iodine
(https://code.kryo.se) use this technique of tunneling traffic across DNS port 53. CEH v11 Module
12 Page 994
Valid 312-50v12 Dumps shared by PassTestKing.com for Helping Passing 312-50v12 Exam!
PassTestKing.com now offer the newest 312-50v12 exam dumps, the PassTestKing.com
312-50v12 exam questions have been updated and answers have been corrected get the
newest PassTestKing.com 312-50v12 dumps with Test Engine here:
https://www.passtestking.com/ECCouncil/312-50v12-practice-exam-dumps.html (505 Q&As
Dumps, 35%OFF Special Discount Code: freecram)
NEW QUESTION: 92
Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo
Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com". Which statement
below is true?
A. This is a scam because Bob does not know Scott.
B. Bob should write to scottmelby@yahoo.com to verify the identity of Scott.
C. This is probably a legitimate message as it comes from a respectable organization.
D. This is a scam as everybody can get a @Yahoo address, not the Yahoo customer service
employees.
Answer: (SHOW ANSWER)
NEW QUESTION: 93
Your organization has signed an agreement with a web hosting provider that requires you to take
full responsibility of the maintenance of the cloud-based resources. Which of the following models
covers this?
A. Functions as a
B. service Infrastructure as a service
C. Platform as a service
D. Software as a service
Answer: (SHOW ANSWER)
NEW QUESTION: 94
You just set up a security system in your network. In what kind of system would you find the
following string of characters used as a rule within its configuration? alert tcp any any ->
192.168.100.0/24 21 (msg: ""FTP on the network!"";)
A. An Intrusion Detection System
B. A Router IPTable
C. FTP Server rule
D. A firewall IPTable
Answer: (SHOW ANSWER)
NEW QUESTION: 95
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer
Management Console from command line.
Which command would you use?
A. c:\compmgmt.msc
B. c:\services.msc
C. c:\ncpa.cp
D. c:\gpedit
Answer: (SHOW ANSWER)
To start the Computer Management Console from command line just type
compmgmt.msc /computer:computername in your run box or at the command line and it should
automatically open the Computer Management console.
References: http://www.waynezim.com/tag/compmgmtmsc/
NEW QUESTION: 96
Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a
security breach to his company's email server based on analysis of a suspicious connection from
the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response team?
A. Migrate the connection to the backup email server
B. Block the connection to the suspicious IP Address from the firewall
C. Leave it as it Is and contact the incident response te3m right away
D. Disconnect the email server from the network
Answer: (SHOW ANSWER)
NEW QUESTION: 97
John, a security analyst working for an organization, found a critical vulnerability on the
organization's LAN that allows him to view financial and personal information about the rest of the
employees. Before reporting the vulnerability, he examines the information shown by the
vulnerability for two days without disclosing any information to third parties or other internal
employees. He does so out of curiosity about the other employees and may take advantage of
this information later. What would John be considered as?
A. Gray hat
B. Black hat
C. Cybercriminal
D. White hat
Answer: (SHOW ANSWER)
NEW QUESTION: 98
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your
office in New York, you craft a specially formatted email message and send it across the Internet
to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your
email message looks like this:
From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ's email gateway doesn't prevent what?
A. Email Masquerading
B. Email Harvesting
C. Email Phishing
D. Email Spoofing
Answer: D (LEAVE A REPLY)
Email spoofing is the fabrication of an email header in the hopes of duping the recipient into
thinking the email originated from someone or somewhere other than the intended source.
Because core email protocols do not have a built-in method of authentication, it is common for
spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the
message.
The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to, a
solicitation. Although the spoofed messages are usually just a nuisance requiring little action
besides removal, the more malicious varieties can cause significant problems and sometimes
pose a real security threat.
NEW QUESTION: 99
Hackers often raise the trust level of a phishing message by modeling the email to look similar to
the internal email used by the target company. This includes using logos, formatting, and names
of the target company. The phishing message will often use the name of the company CEO,
President, or Managers. The time a hacker spends performing research to locate this information
about a company is known as?
A. Investigation
B. Enumeration
C. Reconnaissance
D. Exploration
Answer: (SHOW ANSWER)
NEW QUESTION: 100
A. Eavesdropping
B. Sniffing
C. Social Engineering
D. Scanning
Answer: (SHOW ANSWER)
