312-50v13 EC-Council Exam Questions and Free Practice Test

Question 91

- (Topic 3)
Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To encrypt the messages, she implemented a security model in which every user in the network maintains a ring of public keys. In this model, a user needs to encrypt a message using the receiver's public key, and only the receiver can decrypt the message using their private key. What is the security model implemented by Jane to secure corporate messages?

A. Zero trust network

B. Transport Layer Security (TLS)

C. Secure Socket Layer (SSL)

D. Web of trust (WOT)

Correct Answer:D

Question 92

- (Topic 1)
Study the following log extract and identify the attack.
312-50v13 dumps exhibit

A. Hexcode Attack

B. Cross Site Scripting

C. Multiple Domain Traversal Attack

D. Unicode Directory Traversal Attack

Correct Answer:D

Question 93

- (Topic 3)
A well-resourced attacker intends to launch a highly disruptive DDoS attack against a major online retailer. The attacker aims to exhaust all the network resources while keeping their identity concealed. Their method should be resistant to simple defensive measures such as IP-based blocking. Based on these objectives, which of the following attack strategies would be most effective?

A. The attacker should instigate a protocol-based SYN flood attack, consuming connection state tables on the retailer's servers

B. The attacker should execute a simple ICMP flood attack from a single IP, exploiting the retailer's ICMP processing

C. The attacker should leverage a botnet to launch a Pulse Wave attack, sending high- volume traffic pulses at regular intervals

D. The attacker should initiate a volumetric flood attack using a single compromised machine to overwhelm the retailer's network bandwidth

Correct Answer:A
A Pulse Wave attack is a type of DDoS attack that uses a botnet to send high-volume traffic pulses at regular intervals, typically lasting for a few minutes each. The attacker can adjust the frequency and duration of the pulses to maximize the impact and evade detection. A Pulse Wave attack can exhaust the network resources of the target, as well as the resources of any DDoS mitigation service that the target may use. A Pulse Wave attack can also conceal the attacker??s identity, as the traffic originates from multiple sources that are part of the botnet. A Pulse Wave attack can bypass simple defensive measures, such as IP-based blocking, as the traffic can appear legitimate and vary in source IP addresses.
The other options are less effective or feasible for the attacker??s objectives. A protocol- based SYN flood attack is a type of DDoS attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. This consumes the connection state tables on the server, preventing it from
accepting new connections. However, a SYN flood attack can be easily detected and mitigated by using SYN cookies or firewalls. A SYN flood attack can also expose the attacker??s identity, as the source IP addresses of the SYN requests can be traced back to the attacker. An ICMP flood attack is a type of DDoS attack that sends a large number of ICMP packets, such as ping requests, to the target server, overwhelming its ICMP processing capacity. However, an ICMP flood attack from a single IP can be easily blocked by using IP-based filtering or disabling ICMP responses. An ICMP flood attack can also reveal the attacker??s identity, as the source IP address of the ICMP packets can be identified. A volumetric flood attack is a type of DDoS attack that sends a large amount of traffic to the target server, saturating its network bandwidth and preventing legitimate users from accessing it. However, a volumetric flood attack using a single compromised machine may not be sufficient to overwhelm the network bandwidth of a major online retailer, as the attacker??s machine may have limited bandwidth itself. A volumetric flood attack can also be detected and mitigated by using traffic shaping or rate limiting techniques. References:
✑ Pulse Wave DDoS Attacks: What You Need to Know
✑ DDoS Attack Prevention: 7 Effective Mitigation Strategies
✑ DDoS Attack Types: Glossary of Terms
✑ DDoS Attacks: What They Are and How to Protect Yourself
✑ DDoS Attack Prevention: How to Protect Your Website

Question 94

- (Topic 2)
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?

A. it is not necessary to perform any actions, as SNMP is not carrying important information.

B. SNMP and he should change it to SNMP V3

C. RPC and the best practice is to disable RPC completely

D. SNMP and he should change it to SNMP v2, which is encrypted

Correct Answer:B
We have various articles already in our documentation for setting up
SNMPv2 trap handling in Opsview, but SNMPv3 traps are a whole new ballgame. They can be quite confusing and complicated to set up the first time you go through the process, but when you understand what is going on, everything should make more sense.
SNMP has gone through several revisions to improve performance and security (version 1, 2c and 3). By default, it is a UDP port based protocol where communication is based on a ??fire and forget?? methodology in which network packets are sent to another device, but there
is no check for receipt of that packet (versus TCP port when a network packet must be acknowledged by the other end of the communication link).
There are two modes of operation with SNMP – get requests (or polling) where one device requests information from an SNMP enabled device on a regular basis (normally using UDP port 161), and traps where the SNMP enabled device sends a message to another device when an event occurs (normally using UDP port 162). The latter includes instances such as someone logging on, the device powering up or down, or a wide variety of other problems that would need this type of investigation.
This blog covers SNMPv3 traps, as polling and version 2c traps are covered elsewhere in our documentation.
SNMP trapsSince SNMP is primarily a UDP port based system, traps may be ??lost?? when sending between devices; the sending device does not wait to see if the receiver got the trap. This means if the configuration on the sending device is wrong (using the wrong receiver IP address or port) or the receiver isn??t listening for traps or rejecting them out of hand due to misconfiguration, the sender will never know.
The SNMP v2c specification introduced the idea of splitting traps into two types; the original ??hope it gets there?? trap and the newer ??INFORM?? traps. Upon receipt of an INFORM, the receiver must send an acknowledgement back. If the sender doesn??t get the acknowledgement back, then it knows there is an existing problem and can log it for sysadmins to find when they interrogate the device.

Question 95

- (Topic 2)
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

A. 210.1.55.200

B. 10.1.4.254

C. 10..1.5.200

D. 10.1.4.156

Correct Answer:C

Question 96

- (Topic 1)
Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:
312-50v13 dumps exhibit
From the above list identify the user account with System Administrator privileges.

A. John

B. Rebecca

C. Sheela

D. Shawn

E. Somia

F. Chang

G. Micah

Correct Answer:F

START 312-50v13 EXAM