Eccouncil 312-50 Exam Practice Test Instant Access

Question 1

An IT security team is conducting an internal review of security protocols in their organization to identify

potential vulnerabilities. During their investigation, they encounter a suspicious program running on several

computers. Further examination reveals that the program has been logging all user keystrokes. How can the

security team confirm the type of program and what countermeasures should be taken to ensure the same

attack does not occur in the future?

AThe program is a Trojan; the tearm should regularly update antivirus software and install a reliable firewall

BThe program is spyware; the team should use password managers and encrypt sensitive data

CThe program is a keylogger; the team should employ intrusion detection systems and regularly update the system software

DThe program is a keylogger; the team should educate employees about phishing attacks and maintain regular backups
Explanation:
A keylogger is a type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device. Keyloggers are a common tool for cybercriminals, who use them to capture passwords, credit card numbers, personal information, and other sensitive data. Keyloggers can be installed on a device through various methods, such as phishing emails, malicious downloads, or physical access. To confirm the type of program, the security team can use a web search tool, such as Bing, to look for keylogger programs and compare their features and behaviors with the suspicious program they encountered. Alternatively, they can use a malware analysis tool, such as Malwarebytes, to scan and identify the program and its characteristics.
To prevent the same attack from occurring in the future, the security team should employ intrusion detection systems (IDS) and regularly update the system software. An IDS is a system that monitors network traffic and system activities for signs of malicious or unauthorized behavior, such as keylogger installation or communication. An IDS can alert the security team of any potential threats and help them respond accordingly. Regularly updating the system software can help patch any vulnerabilities or bugs that keyloggers may exploit to infect the device. Additionally, the security team should also remove the keylogger program from the affected computers and change any compromised passwords or credentials.Reference:
Keylogger | What is a Keylogger? How to protect yourself
How to Detect and Remove a Keylogger From Your Computer
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
What is a Keylogger? | Keystroke Logging Definition | Avast
Keylogger Software: 11 Best Free to Use in 2023

Answer : C

Question 2

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulnerable to various hijacking attacks. For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials. What is the tool employed by John in the above scenario?

AloTSeeker

BloT Inspector

CAT&T loT Platform

DAzure loT Central

Answer : C

Question 3

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

AA biometric system that bases authentication decisions on behavioral attributes.

BA biometric system that bases authentication decisions on physical attributes.

CAn authentication system that creates one-time passwords that are encrypted with secret keys.

DAn authentication system that uses passphrases that are converted into virtual passwords.

Answer : C

Question 4

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!'' From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.

No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

AARP spoofing

BSQL injection

CDNS poisoning

DRouting table injection

Answer : C

Question 5

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

AReconnaissance

BCommand and control

CWeaponization

DExploitation

Answer : C

Weaponization

The adversary analyzes the data collected in the previous stage to identify the

vulnerabilities and techniques that can exploit and gain unauthorized access to the

target organization. Based on the vulnerabilities identified during analysis, the adversary

selects or creates a tailored deliverable malicious payload (remote-access malware

weapon) using an exploit and a backdoor to send it to the victim. An adversary may

target specific network devices, operating systems, endpoint devices, or even

individuals within the organization to carry out their attack. For example, the adversary

may send a phishing email to an employee of the target organization, which may include a malicious attachment such as a virus or worm that, when downloaded, installs a backdoor on the system that allows remote access to the adversary. The following are the activities of the adversary: o Identifying appropriate malware payload based on the analysis o Creating a new malware payload or selecting, reusing, modifying the available malware payloads based on the identified vulnerability

o Creating a phishing email campaign o Leveraging exploit kits and botnets

https://en.wikipedia.org/wiki/Kill_chain

The Cyber Kill Chain consists of 7 steps: Reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally, actions on objectives. Below you can find detailed information on each.

1.Reconnaissance:In this step, the attacker/intruder chooses their target. Then they conduct in-depth research on this target to identify its vulnerabilities that can be exploited.

2.Weaponization:In this step, the intruder creates a malware weapon like a virus, worm, or such to exploit the target's vulnerabilities. Depending on the target and the purpose of the attacker, this malware can exploit new, undetected vulnerabilities (also known as the zero-day exploits) or focus on a combination of different vulnerabilities.

3.Delivery:This step involves transmitting the weapon to the target. The intruder/attacker can employ different USB drives, e-mail attachments, and websites for this purpose.

4.Exploitation:In this step, the malware starts the action. The program code of the malware is triggered to exploit the target's vulnerability/vulnerabilities.

5.Installation:In this step, the malware installs an access point for the intruder/attacker. This access point is also known as the backdoor.

6.Command and Control:The malware gives the intruder/attacker access to the network/system.

7.Actions on Objective:Once the attacker/intruder gains persistent access, they finally take action to fulfill their purposes, such as encryption for ransom, data exfiltration, or even data destruction.

Question 6

By using a smart card and pin, you are using a two-factor authentication that satisfies

ASomething you are and something you remember

BSomething you have and something you know

CSomething you know and something you are

DSomething you have and something you are

Answer : B

Two-factor Authentication or 2FA is a user identity verification method, where two of the three possible authentication factors are combined to grant access to a website or application.1) something the user knows, 2) something the user has, or 3) something the user is.

The possible factors of authentication are:

* Something the User Knows:

This is often a password, passphrase, PIN, or secret question. To satisfy this authentication challenge, the user must provide information that matches the answers previously provided to the organization by that user, such as ''Name the town in which you were born.''

* Something the User Has:

This involves entering a one-time password generated by a hardware authenticator. Users carry around an authentication device that will generate a one-time password on command. Users then authenticate by providing this code to the organization. Today, many organizations offer software authenticators that can be installed on the user's mobile device.

* Something the User Is:

This third authentication factor requires the user to authenticate using biometric data. This can include fingerprint scans, facial scans, behavioral biometrics, and more.

For example:In internet security, the most used factors of authentication are:

something the user has(e.g., a bank card) andsomething the user knows(e.g., a PIN code). This is two-factor authentication. Two-factor authentication is also sometimes referred to as strong authentication, Two-Step Verification, or 2FA.

The key difference between Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) is that, as the term implies, Two-Factor Authentication utilizes a combination of two out of three possible authentication factors. In contrast, Multi-Factor Authentication could utilize two or more of these authentication factors.

Question 7

What port number is used by LDAP protocol?

A110

B389

C464

D445

Answer : B

Eccouncil Certified Ethical Hacker v13 312-50 Exam Practice Test