Free Preparation Discussions
MENU
Eccouncil 312-50 Exam Questions
- Topic 1: Introduction to Ethical Hacking: This module covers ethical hacking fundamentals such as elements of information security, Chain Methodology, Hacker Classes, Risk Management, DSS, HIPPA, and SOX.
- Topic 2: Foot Printing and Reconnaissance: In this module, candidates are tested for performing footprinting on the target network, and performing website, email, whois, and DNS footprinting. Other topics include Advanced Google Hacking Techniques, Deep and Dark Web Footprinting, Website Mirroring, Traceout Analysis, and other tools.
- Topic 3: Scanning Networks: The topics covered in this module include network scanning, host discovery, port scanning, OS Discovery, and packet Fragmentation.
- Topic 4: Enumeration: The current domain covers NetBIOS Enumeration, SNMP, NFS, SMTP Enumeration and also covers DNS Cache Snooping and VoIP Enumeration.
- Topic 5: Vulnerability Analysis: It covers vulnerability research, assessment, management and lifecycle, classification, and assessment tools.
- Topic 6: System Hacking: This section covers password cracking, wire sniffing, buffer overflow, keylogger, spyware, anti-keyloggers, rootKits, post-exploitation, and covering tracks.
- Topic 7: Malware Threats: This section covers Malware components, APT, Trojan, Virus, Ransomware, Worms, Virus detection, and Anti-trojan software.
- Topic 8: Sniffing: This module covers sniffing, MAC flooding, MAC Spoofing, DNS Poisoning tools, and Sniffing tools.
- Topic 9: Social Engineering: This section of the exam covers social engineering types, Phishing, insider threats, and identity theft.
- Topic 10: Denial-of-Service: This section covers DoS Attacks, DDos Attacks, Botnets, DoS/DDoS Attack Tools, DoS Protection Tools.
- Topic 11: Session Hijacking: This section covers types of session hacking, Spoofing, client-side attacks, session replay attacks, CRIME attacks, and Hijacking tools.
- Topic 12: Evading IDS, Firewalls, and Honeypots: This section covers intrusion detection systems, firewall types, intrusion prevention, intrusion detection tools, Evading NAC Endpoint security, IDS/Firewall Evading Tools, and Honeypot detection tools.
- Topic 13: Hacking Web Servers: This section covers web server operations, web server attacks, DNS Server Hijacking, website defacement, Web Cache Positioning Attack, web server security tools, and patch management tools.
- Topic 14: Hacking Web Applications: This section covers web applications architecture, web application threats, application security risks, web shell, web API Hacking Methodology.
- Topic 15: SQL Injection: In this section, topics covered SQJ injection, SQJ Injection methodology, tools signature evasion, and injection detection tools.
- Topic 16: Hacking Wireless Networks: This section covers wireless terminology, wireless networks, encryption, wireless threats, Wi-Fi encryption cracking, Bluetooth hacking, Wi-Fi security auditing, and Bluetooth security tools.
- Topic 17: Hacking Mobile Platforms: This section covers Mobile Platform Attack Vectors, App sandboxing, SMS Phishing attacks, hacking Android devices, and mobile security tools.
- Topic 18: IoT and OT Hacking: In this section, topics covered IoT Architecture, IoT Communication, top ten IoT threats, ICS and SCADA, OT Vulnerabilities, and OT Security Tools.
- Topic 19: Cloud Computing: This section covers types of cloud computing, cloud deployment, Fog and Edge computing, cloud service providers, serverless computing, and cloud attacks.
- Topic 20: Cryptography: This section covers cryptography, Encryption Algorithms, Cryptography tools, disk encryption, and Key Stretching.
Free Eccouncil 312-50 Exam Actual Questions
Note: Premium Questions for 312-50 were last updated On Dec. 15, 2024 (see below)
An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?
A Slow HTTP POST attack is a type of denial-of-service (DoS) attack that exploits the way web servers handle HTTP requests. The attacker sends a legitimate HTTP POST header to the web server, specifying a large amount of data to be sent in the request body. However, the attacker then sends the data very slowly, keeping the connection open and occupying the server's resources. The attacker can launch multiple such connections, exceeding the server's capacity to handle concurrent requests and preventing legitimate users from accessing the web server.
The attack duration D is given by the formula D = a * b, where a is the number of connections and b is the hold-up time per connection. The attacker intends to maximize D by manipulating a and b. The server can manage m connections per second, but any connections exceeding m will overwhelm the system. Therefore, the scenario that is most likely to result in the longest duration of server unavailability is the one where a > m and b is the largest. Among the four options, this is the case for option B, where a = 100, m = 90, and b = 15. In this scenario, D = 100 * 15 = 1500 seconds, which is the longest among the four options. Option A has a larger b, but a < m, so the server can handle the connections without being overwhelmed. Option C has a > m, but a smaller b, so the attack duration is shorter. Option D has a > m, but a smaller b and a smaller difference between a and m, so the attack duration is also shorter. Reference:
What is a Slow POST Attack & How to Prevent One? (Guide)
Mitigate Slow HTTP GET/POST Vulnerabilities in the Apache HTTP Server - Acunetix
What is a Slow Post DDoS Attack? | NETSCOUT
In the process of implementing a network vulnerability assessment strategy for a tech company, the security
analyst is confronted with the following scenarios:
1) A legacy application is discovered on the network, which no longer receives updates from the vendor.
2) Several systems in the network are found running outdated versions of web browsers prone to distributed
attacks.
3) The network firewall has been configured using default settings and passwords.
4) Certain TCP/IP protocols used in the organization are inherently insecure.
The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?
Vulnerability scanning software is a tool that can help security analysts identify and prioritize known vulnerabilities in their systems and applications. However, it is not a perfect solution and has some limitations that need to be considered. One of the most critical limitations is that vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed. This means that the software itself might have bugs, errors, or oversights that could affect its accuracy, reliability, or performance. For example, the software might:
Fail to detect some vulnerabilities due to incomplete or outdated databases, incorrect signatures, or insufficient coverage of the target system or application.
Produce false positives or false negatives due to misinterpretation of the scan results, incorrect configuration, or lack of context or validation.
Cause unintended consequences or damage to the target system or application due to intrusive or aggressive scanning techniques, such as exploiting vulnerabilities, modifying data, or crashing services.
Be vulnerable to attacks or compromise by malicious actors who could exploit its weaknesses, tamper with its functionality, or steal its data.
Therefore, the security analyst should be most cautious about this limitation of vulnerability scanning software, as it could lead to a false sense of security, missed opportunities for remediation, or increased exposure to threats. The security analyst should always verify the scan results, use multiple tools and methods, and update and patch the software regularly to mitigate this risk.
[CEHv12 Module 03: Vulnerability Analysis]
You are the lead cybersecurity analyst at a multinational corporation that uses a hybrid encryption system to secure inter-departmental communications. The system uses RSA encryption for key exchange and AES for data encryption, taking advantage of the strengths of both asymmetric and symmetric encryption. Each RSA
key pair has a size of 'n' bits, with larger keys providing more security at the cost of slower performance. The time complexity of generating an RSA key pair is O(n*2), and AES encryption has a time complexity of O(n). An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. Given *n=4000' and variable 'AES key size', which scenario is likely to provide the best balance of security and
performance?
A hybrid encryption system is a system that combines the advantages of both asymmetric and symmetric encryption algorithms. Asymmetric encryption, such as RSA, uses a pair of keys: a public key and a private key, which are mathematically related but not identical. Asymmetric encryption can provide key exchange, authentication, and non-repudiation, but it is slower and less efficient than symmetric encryption. Symmetric encryption, such as AES, uses a single key to encrypt and decrypt data. Symmetric encryption is faster and more efficient than asymmetric encryption, but it requires a secure way to share the key.
In a hybrid encryption system, RSA encryption is used for key exchange, and AES encryption is used for data encryption. This way, the system can benefit from the security of RSA and the speed of AES. However, the system also depends on the key sizes of both algorithms, which affect the security and performance of the system.
The key size of RSA encryption determines the number of bits in the public and private keys. The larger the key size, the more secure the encryption, but also the slower the key generation and encryption/decryption processes. The time complexity of generating an RSA key pair is O(n*2), where n is the key size in bits. This means that the time required to generate an RSA key pair increases quadratically with the key size. For example, if it takes 1 second to generate a 1024-bit RSA key pair, it will take 4 seconds to generate a 2048-bit RSA key pair, and 16 seconds to generate a 4096-bit RSA key pair.
The key size of AES encryption determines the number of bits in the symmetric key. The larger the key size, the more secure the encryption, but also the more rounds of encryption/decryption are needed. The time complexity of AES encryption is O(n), where n is the key size in bits. This means that the time required to encrypt/decrypt data increases linearly with the key size. For example, if it takes 1 second to encrypt/decrypt data with a 128-bit AES key, it will take 2 seconds to encrypt/decrypt data with a 256-bit AES key, and 4 seconds to encrypt/decrypt data with a 512-bit AES key.
An attacker has developed a quantum algorithm with time complexity O((log n)*2) to crack RSA encryption. This means that the time required to break RSA encryption decreases exponentially with the key size. For example, if it takes 1 second to break a 1024-bit RSA encryption, it will take 0.25 seconds to break a 2048-bit RSA encryption, and 0.0625 seconds to break a 4096-bit RSA encryption. This makes RSA encryption vulnerable to quantum attacks, unless the key size is very large.
Given n=4000 and variable AES key size, the scenario that is likely to provide the best balance of security and performance is C. AES key size=192 bits. This configuration is a compromise between options A and B, providing moderate security and performance. Option A, AES key size=128 bits, provides less security than option C, but RSA key generation and AES encryption will be faster. Option B, AES key size=256 bits, provides more security than option C, but RSA key generation may be slow. Option D, AES key size=512 bits, provides the highest level of security, but at a significant performance cost due to the large AES key size.
Hybrid cryptosystem - Wikipedia
RSA (cryptosystem) - Wikipedia
An IT security team is conducting an internal review of security protocols in their organization to identify
potential vulnerabilities. During their investigation, they encounter a suspicious program running on several
computers. Further examination reveals that the program has been logging all user keystrokes. How can the
security team confirm the type of program and what countermeasures should be taken to ensure the same
attack does not occur in the future?
A keylogger is a type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device. Keyloggers are a common tool for cybercriminals, who use them to capture passwords, credit card numbers, personal information, and other sensitive data. Keyloggers can be installed on a device through various methods, such as phishing emails, malicious downloads, or physical access. To confirm the type of program, the security team can use a web search tool, such as Bing, to look for keylogger programs and compare their features and behaviors with the suspicious program they encountered. Alternatively, they can use a malware analysis tool, such as Malwarebytes, to scan and identify the program and its characteristics.
To prevent the same attack from occurring in the future, the security team should employ intrusion detection systems (IDS) and regularly update the system software. An IDS is a system that monitors network traffic and system activities for signs of malicious or unauthorized behavior, such as keylogger installation or communication. An IDS can alert the security team of any potential threats and help them respond accordingly. Regularly updating the system software can help patch any vulnerabilities or bugs that keyloggers may exploit to infect the device. Additionally, the security team should also remove the keylogger program from the affected computers and change any compromised passwords or credentials.Reference:
Keylogger | What is a Keylogger? How to protect yourself
How to Detect and Remove a Keylogger From Your Computer
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
What is a Keylogger? | Keystroke Logging Definition | Avast
Keylogger Software: 11 Best Free to Use in 2023
Jake, a network security specialist, is trying to prevent network-level session hijacking attacks in his company.
While studying different types of such attacks, he learns about a technique where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets. Which of the following types of network-level session hijacking attacks is Jake studying?
A man-in-the-middle attack using forged ICMP and ARP spoofing is a type of network-level session hijacking attack where an attacker inserts their machine into the communication between a client and a server, making it seem like the packets are flowing through the original path. This technique is primarily used to reroute the packets and intercept or modify the data exchanged between the client and the server.
A man-in-the-middle attack using forged ICMP and ARP spoofing works as follows1:
The attacker sends a forged ICMP redirect message to the client, claiming to be the gateway. The ICMP redirect message tells the client to use the attacker's machine as the next hop for reaching the server's network. The client updates its routing table accordingly and starts sending packets to the attacker's machine instead of the gateway.
The attacker also sends a forged ARP reply message to the client, claiming to be the server. The ARP reply message associates the attacker's MAC address with the server's IP address. The client updates its ARP cache accordingly and starts sending packets to the attacker's MAC address instead of the server's MAC address.
The attacker receives the packets from the client and forwards them to the server, acting as a relay. The attacker can also monitor, modify, or drop the packets as they wish. The server responds to the packets and sends them back to the attacker, who then forwards them to the client. The client and the server are unaware of the attacker's presence and think they are communicating directly with each other.
Therefore, Jake is studying a man-in-the-middle attack using forged ICMP and ARP spoofing, which is a type of network-level session hijacking attack.
Network or TCP Session Hijacking | Ethical Hacking - GreyCampus
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Bernardo
7 days agoCyndy
14 days agoAmos
14 days agoLauran
28 days agoLigia
30 days agoErasmo
1 months agoJustine
1 months agoJerilyn
2 months agoFidelia
2 months agoYun
2 months agoCathrine
2 months agoGail
2 months agoShenika
2 months agoSanda
3 months agoDaniela
3 months agoDorsey
3 months agoMargart
4 months agoRashad
5 months agoSvetlana
5 months agoDesmond
5 months agoPansy
6 months agoKarl
6 months agoVenita
6 months ago