Free Eccouncil 312-50 Exam Dumps and 312-50 Exam Questions

Question No: 11

MultipleChoice

Company XYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of Company XYZ. The employee of Company XYZ is aware of your test.

Your email message looks like this:

From: jim_miller@companyxyz.com

To: michelle_saunders@companyxyz.com

Subject: Test message

Date: 4/3/2017 14:37

The employee of Company XYZ receives your email message. This proves that Company XYZ's email gateway doesn't prevent what?

Options

AEmail Phishing

BEmail Masquerading

CEmail Spoofing

DEmail Harvesting

Question No: 12

MultipleChoice

In the field of cryptanalysis, what is meant by a ''rubber-hose' attack?

Options

AAttempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.

BExtraction of cryptographic secrets through coercion or torture.

CForcing the targeted key stream through a hardware-accelerated device such as an ASIC.

DA backdoor placed into a cryptographic algorithm by its creator.

Question No: 13

MultipleChoice

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options

AThere is no way to tell because a hash cannot be reversed

BThe right most portion of the hash is always the same

CThe hash always starts with AB923D

DThe left most portion of the hash is always the same

EA portion of the hash will be all 0's

Question No: 14

MultipleChoice

What is the main difference between a ''Normal'' SQL Injection and a ''Blind'' SQL Injection vulnerability?

Options

AThe request to the web server is not visible to the administrator of the vulnerable application.

BThe attack is called ''Blind'' because, although the application properly filters user input, it is still vulnerable to code injection.

CThe successful attack does not show an error message to the administrator of the affected application.

DThe vulnerable application does not display errors with information about the injection results to the attacker.

Question No: 15

MultipleChoice

What is the outcome of the comm''nc -l -p 2222 | nc 10.1.0.43 1234"?

Options

ANetcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

BNetcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

CNetcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

DNetcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Question No: 16

MultipleChoice

While using your bank's online servicing you notice the following string in the URL bar: ''http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21''

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.

Which type of vulnerability is present on this site?

Options

AWeb Parameter Tampering

BCookie Tampering

CXSS Reflection

DSQL injection

Question No: 17

MultipleChoice

In Risk Management, how is the term "likelihood" related to the concept of "threat?"

Options

ALikelihood is the probability that a threat-source will exploit a vulnerability.

BLikelihood is a possible threat-source that may exploit a vulnerability.

CLikelihood is the likely source of a threat that could exploit a vulnerability.

DLikelihood is the probability that a vulnerability is a threat-source.

Question No: 18

MultipleChoice

The "black box testing" methodology enforces which kind of restriction?

Options

AOnly the external operation of a system is accessible to the tester.

BOnly the internal operation of a system is known to the tester.

CThe internal operation of a system is only partly accessible to the tester.

DThe internal operation of a system is completely known to the tester.

Question No: 19

MultipleChoice

What is the most common method to exploit the ''Bash Bug'' or ''ShellShock" vulnerability?

Options

AThrough Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

BManipulate format strings in text fields

CSSH

DSYN Flood

Question No: 20

MultipleChoice

You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

Options

AScan servers with Nmap

BPhysically go to each server

CScan servers with MBSA

DTelent to every port on each server