Free 312-50v12 Sample Questions and 100% Cover Real Exam Questions (Updated 505 Questions) [Q15-Q32]

Free 312-50v12 Sample Questions and 100% Cover Real Exam Questions (Updated 505 Questions)

Download Real ECCouncil 312-50v12 Exam Dumps Test Engine Exam Questions

The 312-50v12 certification exam is a comprehensive exam that covers a wide range of topics related to ethical hacking. It requires candidates to have a deep understanding of the latest tools, techniques, and methodologies used in the field of ethical hacking. 312-50v12 exam is designed to test the candidate's ability to identify vulnerabilities in systems and networks and to exploit them in a controlled and ethical manner.

 

NEW QUESTION # 15
Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task?

• A. Reverse image search
• B. Advanced image search
• C. Meta search engines
• D. Google advanced search

Answer: B

NEW QUESTION # 16
What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?

• A. The internal command RCPT provides a list of ports open to message traffic.
• B. Reveals the daily outgoing message limits before mailboxes are locked
• C. A list of all mail proxy server addresses used by the targeted host
• D. The two internal commands VRFY and EXPN provide a confirmation of valid users, email addresses, aliases, and mailing lists.

Answer: D

NEW QUESTION # 17
David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

• A. Remediation
• B. Risk assessment
• C. verification
• D. Vulnerability scan

Answer: A

NEW QUESTION # 18
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?

• A. Pass the ticket
• B. LLMNR/NBT-NS poisoning
• C. Internal monologue attack
• D. Pass the hash

Answer: D

NEW QUESTION # 19
Which method of password cracking takes the most time and effort?

• A. Shoulder surfing
• B. Rainbow tables
• C. Brute force
• D. Dictionary attack

Answer: C

Explanation:
Brute-force attack when an attacker uses a set of predefined values to attack a target and analyze the response until he succeeds. Success depends on the set of predefined values. It will take more time if it is larger, but there is a better probability of success. In a traditional brute-force attack, the passcode or password is incrementally increased by one letter/number each time until the right passcode/password is found.

NEW QUESTION # 20
Which of the following is the BEST way to defend against network sniffing?

• A. Register all machines MAC Address in a Centralized Database
• B. Using encryption protocols to secure network communications
• C. Use Static IP Address
• D. Restrict Physical Access to Server Rooms hosting Critical Servers

Answer: B

Explanation:
https://en.wikipedia.org/wiki/Sniffing_attack
To prevent networks from sniffing attacks, organizations and individual users should keep away from applications using insecure protocols, like basic HTTP authentication, File Transfer Protocol (FTP), and Telnet. Instead, secure protocols such as HTTPS, Secure File Transfer Protocol (SFTP), and Secure Shell (SSH) should be preferred. In case there is a necessity for using any insecure protocol in any application, all the data transmission should be encrypted. If required, VPN (Virtual Private Networks) can be used to provide secure access to users.
NOTE: I want to note that the wording "best option" is valid only for the EC-Council's exam since the other options will not help against sniffing or will only help from some specific attack vectors.
The sniffing attack surface is huge. To protect against it, you will need to implement a complex of measures at all levels of abstraction and apply controls at the physical, administrative, and technical levels. However, encryption is indeed the best option of all, even if your data is intercepted - an attacker cannot understand it.

NEW QUESTION # 21
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

• A. Error-based SQL injection
• B. Blind SQL injection
• C. Union-based SQL injection
• D. NoSQL injection

Answer: B

NEW QUESTION # 22
Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline dictionary attacks?

• A. WPA2-Enterprise
• B. ZigBee
• C. Bluetooth
• D. WPA3-Personal

Answer: D

NEW QUESTION # 23
which of the following Bluetooth hacking techniques refers to the theft of information from a wireless device through Bluetooth?

• A. Bluesmacking
• B. Bluebugging
• C. Bluejacking
• D. Bluesnarfing

Answer: D

Explanation:
Bluesnarfing is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs (personal digital assistant).

NEW QUESTION # 24
Sam, a professional hacker. targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legitimate employee. Moreover, he sent phishing emails to steal the AWS 1AM credentials and further compromise the employee's account. What is the technique used by Sam to compromise the AWS IAM credentials?

• A. Password reuse
• B. insider threat
• C. Social engineering
• D. Reverse engineering

Answer: C

Explanation:
Just like any other service that accepts usernames and passwords for logging in, AWS users are vulnerable to social engineering attacks from attackers. fake emails, calls, or any other method of social engineering, may find yourself with an AWS users' credentials within the hands of an attacker.
If a user only uses API keys for accessing AWS, general phishing techniques could still use to gain access to other accounts or their pc itself, where the attacker may then pull the API keys for aforementioned AWS user.
With basic opensource intelligence (OSINT), it's usually simple to collect a list of workers of an organization that use AWS on a regular basis. This list will then be targeted with spear phishing to do and gather credentials. an easy technique may include an email that says your bill has spiked 500th within the past 24 hours, "click here for additional information", and when they click the link, they're forwarded to a malicious copy of the AWS login page designed to steal their credentials.
An example of such an email will be seen within the screenshot below. it's exactly like an email that AWS would send to you if you were to exceed the free tier limits, except for a few little changes. If you clicked on any of the highlighted regions within the screenshot, you'd not be taken to the official AWS web site and you'd instead be forwarded to a pretend login page setup to steal your credentials.
These emails will get even more specific by playing a touch bit additional OSINT before causing them out. If an attacker was ready to discover your AWS account ID on-line somewhere, they could use methods we at rhino have free previously to enumerate what users and roles exist in your account with none logs contact on your side. they could use this list to more refine their target list, further as their emails to reference services they will know that you often use.
For reference, the journal post for using AWS account IDs for role enumeration will be found here and the journal post for using AWS account IDs for user enumeration will be found here.
During engagements at rhino, we find that phishing is one in all the fastest ways for us to achieve access to an AWS environment.

NEW QUESTION # 25
Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location. To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP. He accesses the contents of MIB by using a web browser either by entering the IP address and Lseries.mlb or by entering the DNS library name and Lseries.mlb. He is currently retrieving information from an MIB that contains object types for workstations and server services. Which of the following types of MIB is accessed by Garry in the above scenario?

• A. MIB_II.MIB
• B. LNMIB2.MIB
• C. DHCP.MIS
• D. WINS.MIB

Answer: B

Explanation:
DHCP.MIB: Monitors network traffic between DHCP servers and remote hosts
■ HOSTMIB.MIB: Monitors and manages host resources
■ LNMIB2.MIB: Contains object types for workstation and server services
■ MIBJI.MIB: Manages TCP/IP-based Internet using a simple architecture and system
■ WINS.MIB: For the Windows Internet Name Service (WINS)

NEW QUESTION # 26
#!/usr/bin/python import socket buffer=[""A""] counter=50 while len(buffer)<=100: buffer.append (""A""*counter) counter=counter+50 commands= [""HELP"",""STATS ."",""RTIME ."",""LTIME. "",""SRUN ."',""TRUN ."",""GMON
."",""GDOG ."",""KSTET .",""GTER ."",""HTER ."", ""LTER .",""KSTAN .""] for command in commands: for buffstring in buffer: print ""Exploiting"" +command +"":""+str(len(buffstring)) s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('127.0.0.1', 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for?

• A. Encryption
• B. Bruteforce
• C. Denial-of-service (DOS)
• D. Buffer Overflow

Answer: D

NEW QUESTION # 27
_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

• A. RootKit
• B. Backdoor
• C. Scanner
• D. Trojan
• E. DoS tool

Answer: A

NEW QUESTION # 28
John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

• A. loTSeeker
• B. AT&T loT Platform
• C. loT Inspector
• D. Azure loT Central

Answer: B

NEW QUESTION # 29
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?

• A. nmap -T4 -q 10.10.0.0/24
• B. nmap -T4 -F 10.10.0.0/24
• C. nmap -T4 -O 10.10.0.0/24
• D. nmap -T4 -r 10.10.1.0/24

Answer: B

Explanation:
https://nmap.org/book/man-port-specification.html
NOTE: In my opinion, this is an absolutely wrong statement of the question. But you may come across a question with a similar wording on the exam. What does "fast" mean? If we want to increase the speed and intensity of the scan we can select the mode using the -T flag (0/1/2/3/4/5). At high -T values, we will sacrifice stealth and gain speed, but we will not limit functionality.
Inmap -T4 -F 10.10.0.0/24 This option is "correct" because of the -F flag.
-F (Fast (limited port) scan)
Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.
Technically, scanning will be faster, but just because we have reduced the number of ports by 10 times, we are just doing 10 times less work, not faster.

NEW QUESTION # 30
Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate dat a. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

• A. Port 50
• B. Port 53
• C. Port 80
• D. Port 23

Answer: B

Explanation:
DNS uses Ports 53 which is almost always open on systems, firewalls, and clients to transmit DNS queries. instead of the more familiar Transmission Control Protocol (TCP) these queries use User Datagram Protocol (UDP) due to its low-latency, bandwidth and resource usage compared TCP-equivalent queries. UDP has no error or flow-control capabilities, nor does it have any integrity checking to make sure the info arrived intact. How is internet use (browsing, apps, chat etc) so reliable then? If the UDP DNS query fails (it's a best-effort protocol after all) within the first instance, most systems will retry variety of times and only after multiple failures, potentially switch to TCP before trying again; TCP is additionally used if the DNS query exceeds the restrictions of the UDP datagram size - typically 512 bytes for DNS but can depend upon system settings. Figure 1 below illustrates the essential process of how DNS operates: the client sends a question string (for example, mail.google[.]com during this case) with a particular type - typically A for a number address. I've skipped the part whereby intermediate DNS systems may need to establish where '.com' exists, before checking out where 'google[.]com' are often found, and so on.

Many worms and scanners are created to seek out and exploit systems running telnet. Given these facts, it's really no surprise that telnet is usually seen on the highest Ten Target Ports list. Several of the vulnerabilities of telnet are fixed. They require only an upgrade to the foremost current version of the telnet Daemon or OS upgrade. As is usually the case, this upgrade has not been performed on variety of devices. this might flow from to the very fact that a lot of systems administrators and users don't fully understand the risks involved using telnet. Unfortunately, the sole solution for a few of telnets vulnerabilities is to completely discontinue its use. the well-liked method of mitigating all of telnets vulnerabilities is replacing it with alternate protocols like ssh. Ssh is capable of providing many of an equivalent functions as telnet and a number of other additional services typical handled by other protocols like FTP and Xwindows. Ssh does still have several drawbacks to beat before it can completely replace telnet. it's typically only supported on newer equipment. It requires processor and memory resources to perform the info encryption and decryption. It also requires greater bandwidth than telnet thanks to the encryption of the info . This paper was written to assist clarify how dangerous the utilization of telnet are often and to supply solutions to alleviate the main known threats so as to enhance the general security of the web Once a reputation is resolved to an IP caching also helps: the resolved name-to-IP is usually cached on the local system (and possibly on intermediate DNS servers) for a period of your time . Subsequent queries for an equivalent name from an equivalent client then don't leave the local system until said cache expires. Of course, once the IP address of the remote service is understood , applications can use that information to enable other TCP-based protocols, like HTTP, to try to to their actual work, for instance ensuring internet cat GIFs are often reliably shared together with your colleagues. So, beat all, a couple of dozen extra UDP DNS queries from an organization's network would be fairly inconspicuous and will leave a malicious payload to beacon bent an adversary; commands could even be received to the requesting application for processing with little difficulty.

NEW QUESTION # 31
Why is a penetration test considered to be more thorough than vulnerability scan?

• A. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
• B. It is not - a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
• C. Vulnerability scans only do host discovery and port scanning by default.
• D. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

Answer: D

NEW QUESTION # 32
......

ECCouncil 312-50v12, also known as the Certified Ethical Hacker (CEH) Certification Exam, is an assessment that evaluates an individual's knowledge and skills in ethical hacking. Certified Ethical Hacker Exam certification is designed for professionals who want to become experts in the field of network security and vulnerability assessment. With the CEH credential, individuals can showcase their expertise in identifying security threats, understanding the latest hacking techniques and tools, and implementing countermeasures to protect their organization's infrastructure.

 

New 312-50v12 exam dumps Use Updated ECCouncil Exam: https://guidetorrent.passcollection.com/312-50v12-valid-vce-dumps.html