You are performing a penetration test for a client and have gained shell access to a
Windows machine on the internal network. You intend to retrieve all DNS records for the
internal domain, if the DNS server is at 192.168.10.2 and the domain name is
abccorp.local, what command would you type at the nslookup prompt to attempt a zone
transfer?
A.
list server=192.168.10.2 type=all
B.
is-d abccorp.local
C.
Iserver 192.168.10.2-t all
D.
List domain=Abccorp.local type=zone
is-d abccorp.local
if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?
A.
There is no firewall in place.
B.
This event does not tell you encrypting about the firewall.
C.
It is a stateful firewall
D.
It Is a non-stateful firewall.
It is a stateful firewall
While performing online banking using a Web browser, a user receives an email that
contains a link to an interesting Web site. When the user clicks on the link, another Web
browser session starts and displays a video of cats playing a piano. The next business day,
the user receives what looks like an email from his bank, indicating that his bank account
has been accessed from a foreign country. The email asks the user to call his bank and
verify the authorization of a funds transfer that took place. What Web browser-based
security vulnerability was exploited to compromise the user?
A.
Clickjacking
B.
Cross-Site Scripting
C.
Cross-Site Request Forgery
D.
Web form input validation
Cross-Site Request Forgery
Wilson, a professional hacker, targets an organization for financial benefit and plans to
compromise its systems by sending malicious emails. For this purpose, he uses a tool to
track the emails of the target and extracts information such as sender identities, mall
servers, sender IP addresses, and sender locations from different public sources. He also
checks if an email address was leaked using the haveibeenpwned.com API. Which of the
following tools is used by Wilson in the above scenario?
A.
Factiva
B.
Netcraft
C.
infoga
D.
Zoominfo
Factiva
You are a Network Security Officer. You have two machines. The first machine
(192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi
syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is
not receiving the alert message from snort. You decide to run wireshark in the snort
machine to check if the messages are going to the kiwi syslog machine. What Wireshark
filter will show the connections from the snort machine to kiwi syslog machine?
A.
tcp.srcport= = 514 && ip.src= = 192.168.0.99
B.
tcp.srcport= = 514 && ip.src= = 192.168.150
C.
tcp.dstport= = 514 && ip.dst= = 192.168.0.99
D.
tcp.dstport= = 514 && ip.dst= = 192.168.0.150
tcp.dstport= = 514 && ip.dst= = 192.168.0.150
One of your team members has asked you to analyze the following SOA record. What is
the version?
Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800
2400.) (Choose four.)
A.
200303028
B.
3600
C.
604800
D.
2400
E.
60
F.
4800
200303028
During the enumeration phase. Lawrence performs banner grabbing to obtain information
such as OS details and versions of services running. The service that he enumerated runs
directly on TCP port 445.Which of the following services is enumerated by Lawrence in this scenario?
A.
Server Message Block (SMB)
B.
Network File System (NFS)
C.
Remote procedure call (RPC)
D.
Telnet
Server Message Block (SMB)
Bob is going to perform an active session hijack against Brownies Inc. He has found a
target that allows session oriented connections (Telnet) and performs the sequence
prediction on the target operating system. He manages to find an active session due to the
high level of traffic on the network. What is Bob supposed to do next?
A.
Take over the session
B.
Reverse sequence prediction
C.
Guess the sequence numbers
D.
Take one of the parties offline
Guess the sequence numbers
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be
using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?
A.
MD4
B.
DES
C.
SHA
D.
SSL
DES
Samuel a security administrator, is assessing the configuration of a web server. He noticed
that the server permits SSlv2 connections, and the same private key certificate is used on a
different server that allows SSLv2 connections. This vulnerability makes the web server
vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?
A.
DROWN attack
B.
Padding oracle attack
C.
Side-channel attack
D.
DUHK attack
DROWN attack
Explanation:
DROWN is a serious vulnerability that affects HTTPS and other services that deem SSL
and TLS, some of the essential cryptographic protocols for net security. These protocols
allow everyone on the net to browse the net, use email, look on-line, and send instant
messages while not third-parties being able to browse the communication.
DROWN allows attackers to break the encryption and read or steal sensitive
communications, as well as passwords, credit card numbers, trade secrets, or financial
data. At the time of public disclosure on March 2016, our measurements indicated thirty
third of all HTTPS servers were vulnerable to the attack. fortuitously, the vulnerability is
much less prevalent currently. As of 2019, SSL Labs estimates that one.2% of HTTPS
servers are vulnerable.
What will the attackers gain?Any communication between users and the server. This
typically includes, however isn’t limited to, usernames and passwords, credit card numbers,
emails, instant messages, and sensitive documents. under some common scenarios, an
attacker can also impersonate a secure web site and intercept or change the content the
user sees.
Who is vulnerable?Websites, mail servers, and other TLS-dependent services are in
danger for the DROWN attack. At the time of public disclosure, many popular sites were
affected. we used Internet-wide scanning to live how many sites are vulnerable:
What is the known plaintext attack used against DES which gives the result that encrypting
plaintext with one DES key followed by encrypting it with a second DES key is no more
secure than using a single key?
A.
Man-in-the-middle attack
B.
Meet-in-the-middle attack
C.
Replay attack
D.
Traffic analysis attack
Meet-in-the-middle attack
Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS
tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the
firewalls. On which of the following ports should Robin run the NSTX tool?
A.
Port 53
B.
Port 23
C.
Port 50
D.
Port 80
Port 53
Many worms and scanners are created to seek out and exploit systems running telnet.
Given these facts, it’s really no surprise that telnet is usually seen on the highest Ten
Target Ports list. Several of the vulnerabilities of telnet are fixed. They require only an
upgrade to the foremost current version of the telnet Daemon or OS upgrade. As is usually
the case, this upgrade has not been performed on variety of devices. this might flow from to
the very fact that a lot of systems administrators and users don’t fully understand the risks
involved using telnet. Unfortunately, the sole solution for a few of telnets vulnerabilities is to
completely discontinue its use. the well-liked method of mitigating all of telnets
ECCouncil 312-50v11 : Practice Test
105
| Page 16 out of 44 Pages |
| Previous |