최신 312-50v12 무료덤프 - ECCouncil Certified Ethical Hacker

문제1

A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?

A. Request a service ticket for the service principal name of the target service account

B. Extract plaintext passwords, hashes, PIN codes, and Kerberos tickets using a tool like Mimikatz

C. Perform a PRobability INfinite Chained Elements (PRINCE) attack

D. Carry out a passive wire sniffing operation using Internet packet sniffers

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제2

An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

A. Strict, Abstract

B. Relational, Hierarchical

C. Simple, Complex

D. Hierarchical, Relational

정답: D

문제3

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process.
Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

A. VLAN hopping attack

B. STP attack

C. ARP spoofing attack

D. DNS poisoning attack

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

A. Base metric represents the inherent qualities of a vulnerability

B. Environmental metric involves the features that change during the lifetime of the vulnerability

C. Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation

D. Temporal metric represents the inherent qualities of a vulnerability

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제5

Bobby, an attacker, targeted a user and decided to hijack and intercept all their wireless communications. He installed a fake communication tower between two authentic endpoints to mislead the victim. Bobby used this virtual tower to interrupt the data transmission between the user and real tower, attempting to hijack an active session, upon receiving the users request. Bobby manipulated the traffic with the virtual tower and redirected the victim to a malicious website. What is the attack performed by Bobby in the above scenario?

A. aLTEr attack

B. Wardriving

C. KRACK attack

D. jamming signal attack

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

A. http-methods

B. http enum

C. http-headers

D. http-git

정답: A

문제7

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

A. MQTT

B. NB-IoT

C. LPWAN

D. Zigbee

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them.
Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from companyB. How do you prevent DNS spoofing?

A. Disable DNS Zone Transfer

B. Install DNS logger and track vulnerable packets

C. Install DNS Anti-spoofing

D. Disable DNS timeouts

정답: C

문제9

What type of virus is most likely to remain undetected by antivirus software?

A. Cavity virus

B. Macro virus

C. Stealth virus

D. File-extension virus

정답: C

문제10

Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

A. Omnidirectional antenna

B. Dipole antenna

C. Parabolic grid antenna

D. Yagi antenna

정답: D

문제11

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

A. Host-based IDS

B. Open source-based

C. Gateway-based IDS

D. Network-based IDS

정답: A

문제12

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?

A. Split DNS

B. DNS Scheme

C. DynDNS

D. DNSSEC

정답: A

문제13

A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique in which they injected an authentic-looking reset packet using a spoofed source IP address and a guessed acknowledgment number. As a result, the victim's connection was reset. Which of the following hijacking techniques has the attacker most likely used?

A. TCP/IP hijacking

B. Blind hijacking

C. RST hijacking

D. UDP hijacking

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제14

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A. A web server and the database server facing the Internet, an application server on the internal network

B. All three servers need to face the Internet so that they can communicate between themselves

C. A web server facing the Internet, an application server on the internal network, a database server on the internal network

D. All three servers need to be placed internally

정답: C

문제15

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

A. Gross-site Request Forgery vulnerability

B. Web site defacement vulnerability

C. Cross-site scripting vulnerability

D. SQL injection vulnerability

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 312-50v12 무료덤프 - ECCouncil Certified Ethical Hacker

우리와 연락하기

유용한 링크

최신 업데이트