Eccouncil 312-50 practice test

Question 1

What is the known plaintext attack used against DES which gives the result that encrypting plaintext
with one DES key followed by encrypting it with a second DES key is no more secure than using a
single key?
A. Man-in-the-middle attack
B. Meet-in-the-middle attack
C. Replay attack
D. Traffic analysis attack

Question 2

Why is a penetration test considered to be more thorough than vulnerability scan?

• A. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
• B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
• C. It is not a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
• D. Vulnerability scans only do host discovery and port scanning by default.

Question 3

Suppose your company has just passed a security risk assessment exercise. The results display that
the risk of the breach in the main company application is 50%. Security staff has taken some
measures and implemented the necessary controls. After that another security risk assessment was
performed showing that risk has decreased to 10%. The risk threshold for the application is 20%.
Which of the following risk decisions will be the best for the project in terms of its successful
continuation with most business profit?
A. Avoid the risk
B. Accept the risk
C. Introduce more controls to bring risk to 0%
D. Mitigate the risk

Question 4

Which of the following Linux commands will resolve a domain name into IP address?

• A. >host -t AXFR hackeddomain.com
• B. >host -t a hackeddomain.com
• C. >host -t soa hackeddomain.com
• D. >host -t ns hackeddomain.com

Question 5

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the
internal email used by the target company. This includes using logos, formatting, and names of the
target company. The phishing message will often use the name of the company CEO, president, or
managers. The time a hacker spends performing research to locate this information about a company
is known as?

• A. Enumeration
• B. Investigation
• C. Exploration
• D. Reconnaissance

Question 6

Peter is surfing the internet looking for information about DX Company. Which hacking process is
Peter doing?

• A. Scanning
• B. System Hacking
• C. Footprinting
• D. Enumeration

Question 7

The tools which receive event logs from servers, network equipment, and applications, and perform
analysis and correlation on those logs, and can generate alarms for security relevant issues, are
known as what?

• A. network Sniffer
• B. Vulnerability Scanner
• C. Intrusion prevention Server
• D. Security incident and event Monitoring

Question 8

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt
may be logged on several files located in /var/log. Which file does NOT belongs to the list:

• A. user.log
• B. auth.fesg
• C. wtmp
• D. btmp

Question 9

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to.
1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

• A. 210.1.55.200
• B. 10.1.4.254
• C. 10..1.5.200
• D. 10.1.4.156

Question 10

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which
will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

• A. wireshark --fetch ''192.168.8*''
• B. wireshark --capture --local masked 192.168.8.0 ---range 24
• C. tshark -net 192.255.255.255 mask 192.168.8.0
• D. sudo tshark -f''net 192 .68.8.0/24''

Question 11

Which command can be used to show the current TCP/IP connections?

• A. Netsh
• B. Netstat
• C. Net use connection
• D. Net use

Question 12

While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences.
He then decided to conduct: nmap -Pn -p- -si kiosk.adobe.com
www.riaa.com
. kiosk.adobe.com is
the host with incremental IP ID sequence. What is the purpose of using "-si" with Nmap?

• A. Conduct stealth scan
• B. Conduct ICMP scan
• C. Conduct IDLE scan
• D. Conduct silent scan

Question 13

Which of the following statements is FALSE with respect to Intrusion Detection Systems?
A. Intrusion Detection Systems can be configured to distinguish specific content in network packets
B. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic
C. Intrusion Detection Systems require constant update of the signature library
D. Intrusion Detection Systems can examine the contents of the data n context of the network
protocol

Question 14

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He
begins by running a scan which looks for common misconfigurations and outdated software versions.
Which of the following tools is he most likely using?

• A. Nikto
• B. Nmap
• C. Metasploit
• D. Armitage

Question 15

What kind of detection techniques is being used in antivirus softwares that identifies malware by
collecting data from multiple protected systems and instead of analyzing files locally it's made on the
premiers environment-

• A. VCloud based
• B. Honypot based
• C. Behaviour based
• D. Heuristics based