Free Preparation Discussions
MENU
Eccouncil 212-82 Exam Questions
- Topic 1: Information Security Threats and Vulnerabilities: This module is about the concepts related to cybersecurity threats and vulnerabilities.
- Topic 2: Information Security Attacks: In this module, the focus is given to various security attacks and threats and strategies used by attackers.
- Topic 3: Network Security Fundamentals: In this section, concepts discussed relate to the comprehension of security networks.
- Topic 4: Identification, Authentication, Authorization: In this section, focus is given on the identification, Authentication, and Authorization (IAA) to improve access mechanisms to safeguard information.
- Topic 5: Network Security Controls- Administrative Controls: In this section, the focus is given to non-technical rules for ensuring the security of networks.
- Topic 6: Network Security Controls- Physical Controls: This section covers how to secure the physical environment of the entire computer network.
- Topic 7: Network Security Controls: Technical Controls: In this section, the exam covers the aspects of software and hardware that help to safeguard networks.
- Topic 8: Application Security: In this module, the focus is given to the know-how of safeguarding the applications from various attackers.
- Topic 9: Virtualization and Cloud Computing: In this section, topics discussed include the way these tools operate and secure networks.
- Topic 10: Mobile Device Security: This section of the 212-82 exam covers smartphone and gadget security to ensure they are safe from different types of malware.
- Topic 11: IoT and OT Security: In this exam section, the topics covered relate to IoT and OT Security and how to safeguard online IoT) devices and streamline OT from malicious attacks.
- Topic 12: Cryptography: This module covers how to secure data by scrambling it with algorithms and keys.
- Topic 13: Data Security: In this exam section, the focus is given to safeguarding information in transit and data that is utilized.
- Topic 14: Network Troubleshooting: This section of the exam covers the Network Troubleshooting competencies that aim to pinpoint and diagnose various network problems and provide guidance for solving connectivity issues.
- Topic 15: Network Traffic Monitoring: This section of the exam covers techniques to examine information flow through a network to improve its health.
- Topic 16: Networks Log Monitoring and Analysis: This section of the exam covers the analysis of network device logs to mitigate security issues to perform fixes.
- Topic 17: Incident Response: The section deals with using an effective strategy to pinpoint, remove, and recover from security issues.
- Topic 18: Computer Forensics: This section of the exam covers data collection, analysis, and saving of digital evidence to reduce cybersecurity issues.
- Topic 19: Business Continuity and Disaster Recovery: In this section, topics discussed include strategies and policies to ensure smooth operations and how to recover from various disruptions.
- Topic 20: Risk Management: The Risk Management section deals with the knowledge of how to pinpoint, examine, and solve potential cybersecurity threats and manage risks.
Free Eccouncil 212-82 Exam Actual Questions
Note: Premium Questions for 212-82 were last updated On Mar. 25, 2026 (see below)
A John-the-Ripper hash dump of an FTP server's login credentials is stored as "target-file" on the Desktop of Attacker Machine-2. Crack the password hashes in the file to recover the login credentials of the FTP server. The FTP root directory hosts an exploit file. Read the exploit file and enter the name of the exploit's author as the answer. Hint: Not all the credentials will give access to the FTP. (Practical Question)
John-the-Ripper Usage:
John-the-Ripper is a popular open-source password cracking tool used to detect weak passwords. It works by performing dictionary attacks and brute force attacks on password hashes.
Cracking the Hashes:
Load the hash file into John-the-Ripper using the command:
bash
Copy code
john target-file
John will then attempt to crack the passwords using its internal mechanisms.
Accessing the FTP Server:
Once the hashes are cracked, use the recovered credentials to log in to the FTP server. Not all credentials may be valid, so try each until successful access is gained.
Reading the Exploit File:
Navigate to the FTP root directory and locate the exploit file. Use a command like cat to read its contents:
cat exploit-file
The content of the file will include the author's name, which is 'nullsecurlty' in this scenario.
Shawn, a forensic officer, was appointed to investigate a crime scene that had occurred at a coffee shop. As a part of investigation, Shawn collected the mobile device from the victim, which may contain potential evidence to identify the culprits.
Which option best points must Shawn follow while preserving the digital evidence? (Choose three.)
Turn the device ON if it is OFF, do not leave the device as it is if it is ON, and make sure that the device is charged are some of the points that Shawn must follow while preserving the digital evidence in the above scenario. Digital evidence is any information or data stored or transmitted in digital form that can be used in a legal proceeding or investigation. Digital evidence can be found on various devices, such as computers, mobile phones, tablets, etc. Preserving digital evidence is a crucial step in forensic investigation that involves protecting and maintaining the integrity and authenticity of digital evidence from any alteration or damage. Some of the points that Shawn must follow while preserving digital evidence are:
Turn the device ON if it is OFF: If the device is OFF, Shawn must turn it ON to prevent any data loss or encryption that may occur when the device is powered off. Shawn must also document any password or PIN required to unlock or access the device.
Do not leave the device as it is if it is ON: If the device is ON, Shawn must not leave it as it is or use it for any purpose other than preserving digital evidence. Shawn must also disable any network connections or communication features on the device, such as Wi-Fi, Bluetooth, cellular data, etc., to prevent any remote access or deletion of data by unauthorized parties.
Make sure that the device is charged: Shawn must ensure that the device has enough battery power to prevent any data loss or corruption that may occur due to sudden shutdown or low battery. Shawn must also use a write blocker or a Faraday bag to isolate the device from any external interference or signals.
Never record the screen display of the device is not a point that Shawn must follow while preserving digital evidence. On contrary, Shawn should record or photograph the screen display of the device to capture any relevant information or messages that may appear on the screen. Recording or photographing the screen display of the device can also help document any changes or actions performed on the device during preservation.
RAT has been setup in one of the machines connected to the network to steal the important Sensitive corporate docs located on Desktop of the server, further investigation revealed the IP address of the server 20.20.10.26. Initiate a remote connection using thief client and determine the number of files present in the folder.
Hint: Thief folder is located at: Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Thief of Attacker Machine-1.
3 is the number of files present in the folder in the above scenario. A RAT (Remote Access Trojan) is a type of malware that allows an attacker to remotely access and control a compromised system or network. A RAT can be used to steal sensitive data, spy on user activity, execute commands, install other malware, etc. To initiate a remote connection using thief client, one has to follow these steps:
Navigate to the thief folder located at Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Thief of Attacker Machine-1.
Double-click on thief.exe file to launch thief client.
Enter 20.20.10.26 as IP address of server.
Enter 1234 as port number.
Click on Connect button.
After establishing connection with server, click on Browse button.
Navigate to Desktop folder on server.
Count number of files present in folder.
The number of files present in folder is 3, which are:
Sensitive corporate docs.docx
Sensitive corporate docs.pdf
Sensitive corporate docs.txt
You are investigating a data leakage incident where an insider is suspected of using image steganography to send sensitive information to a competitor. You have also recovered a VeraCrypt volume file S3cr3t from the suspect. The VeraCrypt volume file is available In the Pictures folder of the Attacker Machined. Your task Is to mount the VeraCrypt volume, find an image file, and recover the secret code concealed in the file. Enter the code as the answer. Hint: If required, use sniffer@123 as the password to mount the VeraCrypt volume file. (Practical Question)
Mounting the VeraCrypt Volume:
Use VeraCrypt to mount the volume file S3cr3t located in the Pictures folder. The provided password sniffer@123 is required to mount the volume.
Locating the Image File:
After mounting the volume, browse through the files to locate the image file that may contain the secret code through steganography.
Extracting the Secret Code:
Use steganography tools to analyze the image file and extract the hidden secret code. Tools such as Stegsolve or Steghide can be used for this purpose.
Recovering the Code:
The extracted secret code from the image file is H364F9F4FD3H.
The recovered secret code from the image file is H364F9F4FD3H.
A threat intelligence feed data file has been acquired and stored in the Documents folder of Attacker Machine-1 (File Name: Threatfeed.txt). You are a cybersecurity technician working for an ABC organization. Your organization has assigned you a task to analyze the data and submit a report on the threat landscape. Select the IP address linked with http://securityabc.s21sec.com.
5.9.188.148 is the IP address linked with http://securityabc.s21sec.com in the above scenario. A threat intelligence feed is a source of data that provides information about current or potential threats and attacks that can affect an organization's network or system. A threat intelligence feed can include indicators of compromise (IoCs), such as IP addresses, domain names, URLs, hashes, etc., that can be used to detect or prevent malicious activities. To analyze the threat intelligence feed data file and determine the IP address linked with http://securityabc.s21sec.com, one has to follow these steps:
Navigate to the Documents folder of Attacker-1 machine.
Open Threatfeed.txt file with a text editor.
Search for http://securityabc.s21sec.com in the file.
Observe the IP address associated with the URL.
The IP address associated with the URL is 5.9.188.148, which is the IP address linked with http://securityabc.s21sec.com.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Luther
2 days agoApolonia
10 days agoLeonor
17 days agoVeronica
24 days agoCrissy
1 month agoMan
1 month agoFiliberto
2 months agoLayla
2 months agoElinore
2 months agoJolanda
2 months agoShanda
3 months agoLauran
3 months agoMona
3 months agoNu
3 months agoLisha
4 months agoVeronique
4 months agoMelodie
4 months agoJesusita
5 months agoParis
5 months agoGregoria
5 months agoIn
5 months agoFletcher
6 months agoJackie
6 months agoNicolette
6 months agoGlory
6 months agoBonita
6 months agoMelita
6 months agoSherell
7 months agoAmos
7 months agoDaniela
7 months agoRicki
9 months agoTamra
9 months agoCathern
9 months agoChantell
10 months agoDaniel
11 months agoZachary
12 months agoElke
1 year agoTimothy
1 year agoRoosevelt
1 year agoMelvin
1 year agoLatosha
1 year agoAlverta
1 year agoSabina
1 year agoDelsie
1 year agoSheldon
1 year agoHershel
1 year agoLillian
1 year agoLigia
1 year agoRonnie
1 year agoLawana
1 year agoDoyle
1 year agoKing
1 year agoEmeline
1 year agoAlverta
1 year agoTimothy
1 year agoXuan
1 year agoLennie
1 year agoPok
1 year agoDeja
1 year agoRoxanne
2 years agoMaurine
2 years agoTomas
2 years agoCharlie
2 years agoAzalee
2 years agoBarrie
2 years agoJulie
2 years agoGladys
2 years agoShasta
2 years agoGeorgiann
2 years agoAsuncion
2 years agoBernardine
2 years agoAdaline
2 years agoMargurite
2 years agoGladys
2 years ago