Free Preparation Discussions
MENU
Eccouncil 212-82 Exam Questions
- Topic 1: Information Security Threats and Vulnerabilities: This module is about the concepts related to cybersecurity threats and vulnerabilities.
- Topic 2: Information Security Attacks: In this module, the focus is given to various security attacks and threats and strategies used by attackers.
- Topic 3: Network Security Fundamentals: In this section, concepts discussed relate to the comprehension of security networks.
- Topic 4: Identification, Authentication, Authorization: In this section, focus is given on the identification, Authentication, and Authorization (IAA) to improve access mechanisms to safeguard information.
- Topic 5: Network Security Controls- Administrative Controls: In this section, the focus is given to non-technical rules for ensuring the security of networks.
- Topic 6: Network Security Controls- Physical Controls: This section covers how to secure the physical environment of the entire computer network.
- Topic 7: Network Security Controls: Technical Controls: In this section, the exam covers the aspects of software and hardware that help to safeguard networks.
- Topic 8: Application Security: In this module, the focus is given to the know-how of safeguarding the applications from various attackers.
- Topic 9: Virtualization and Cloud Computing: In this section, topics discussed include the way these tools operate and secure networks.
- Topic 10: Mobile Device Security: This section of the 212-82 exam covers smartphone and gadget security to ensure they are safe from different types of malware.
- Topic 11: IoT and OT Security: In this exam section, the topics covered relate to IoT and OT Security and how to safeguard online IoT) devices and streamline OT from malicious attacks.
- Topic 12: Cryptography: This module covers how to secure data by scrambling it with algorithms and keys.
- Topic 13: Data Security: In this exam section, the focus is given to safeguarding information in transit and data that is utilized.
- Topic 14: Network Troubleshooting: This section of the exam covers the Network Troubleshooting competencies that aim to pinpoint and diagnose various network problems and provide guidance for solving connectivity issues.
- Topic 15: Network Traffic Monitoring: This section of the exam covers techniques to examine information flow through a network to improve its health.
- Topic 16: Networks Log Monitoring and Analysis: This section of the exam covers the analysis of network device logs to mitigate security issues to perform fixes.
- Topic 17: Incident Response: The section deals with using an effective strategy to pinpoint, remove, and recover from security issues.
- Topic 18: Computer Forensics: This section of the exam covers data collection, analysis, and saving of digital evidence to reduce cybersecurity issues.
- Topic 19: Business Continuity and Disaster Recovery: In this section, topics discussed include strategies and policies to ensure smooth operations and how to recover from various disruptions.
- Topic 20: Risk Management: The Risk Management section deals with the knowledge of how to pinpoint, examine, and solve potential cybersecurity threats and manage risks.
Free Eccouncil 212-82 Exam Actual Questions
Note: Premium Questions for 212-82 were last updated On Feb. 14, 2025 (see below)
A disgruntled employee has set up a RAT (Remote Access Trojan) server in one of the machines in the target network to steal sensitive corporate documents. The IP address of the target machine where the RAT is installed is 20.20.10.26. Initiate a remote connection to the target machine from the "Attacker Machine-1" using the Theef client. Locate the "Sensitive Corporate Documents" folder in the target machine's Documents directory and determine the number of files. Mint: Theef folder is located at Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef of the Attacker Machine1.
The number of files in the ''Sensitive Corporate Documents'' folder is 4. This can be verified by initiating a remote connection to the target machine from the ''Attacker Machine-1'' using Theef client. Theef is a Remote Access Trojan (RAT) that allows an attacker to remotely control a victim's machine and perform various malicious activities. To connect to the target machine using Theef client, one can follow these steps:
Launch Theef client from Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef on the ''Attacker Machine-1''.
Enter the IP address of the target machine (20.20.10.26) and click on Connect.
Wait for a few seconds until a connection is established and a message box appears saying ''Connection Successful''.
Click on OK to close the message box and access the remote desktop of the target machine.
Navigate to the Documents directory and locate the ''Sensitive Corporate Documents'' folder.
Open the folder and count the number of files in it. The screenshot below shows an example of performing these steps: Reference: [Theef Client Tutorial], [Screenshot of Theef client showing remote desktop and folder]
You have been assigned to perform a vulnerability assessment of a web server located at IP address 20.20.10.26. Identify the vulnerability with a severity score of &
TCP Timestamps is the vulnerability with a severity score of 8.0. This can be verified by performing a vulnerability assessment of the web server located at IP address 20.20.10.26 using the OpenVAS vulnerability scanner, available with the Parrot Security machine, with credentials admin/password. To perform the vulnerability assessment, one can follow these steps:
Launch the Parrot Security machine and open a terminal.
Enter the command sudo openvas-start to start the OpenVAS service and wait for a few minutes until it is ready.
Open a web browser and navigate to https://127.0.0.1:9392 to access the OpenVAS web interface.
Enter the credentials admin/password to log in to OpenVAS.
Click on Scans -> Tasks from the left menu and then click on the blue icon with a star to create a new task.
Enter a name and a comment for the task, such as ''Web Server Scan''.
Select ''Full and fast'' as the scan config from the drop-down menu.
Click on the icon with a star next to Target to create a new target.
Enter a name and a comment for the target, such as ''Web Server''.
Enter 20.20.10.26 as the host in the text box and click on Save.
Select ''Web Server'' as the target from the drop-down menu and click on Save.
Click on the green icon with a play button next to the task name to start the scan and wait for it to finish.
Click on the task name to view the scan report and click on Results from the left menu to see the list of vulnerabilities found.
Sort the list by Severity in descending order and look for the vulnerability with a severity score of 8.0. The screenshot below shows an example of performing these steps: The vulnerability with a severity score of 8.0 is TCP Timestamps, which is an option in TCP packets that can be used to measure round-trip time and improve performance, but it can also reveal information about the system's uptime, clock skew, or TCP sequence numbers, which can be used by attackers to launch various attacks, such as idle scanning, OS fingerprinting, or TCP hijacking1. The vulnerability report provides more details about this vulnerability, such as its description, impact, solution, references, and CVSS score2. Reference: Screenshot of OpenVAS showing TCP Timestamps vulnerability, TCP Timestamps Vulnerability, Vulnerability Report
An loT device placed in a hospital for safety measures has sent an alert to the server. The network traffic has been captured and stored in the Documents folder of the "Attacker Machine-1". Analyze the loTdeviceTraffic.pcapng file and identify the command the loT device sent over the network. (Practical Question)
The loT device sent the command Temp_High over the network, which indicates that the temperature in the hospital was above the threshold level. This can be verified by analyzing the loTdeviceTraffic.pcapng file using a network protocol analyzer tool such as Wireshark4. The command Temp_High can be seen in the data field of the UDP packet sent from the loT device (192.168.0.10) to the server (192.168.0.1) at 12:00:03. The screenshot below shows the packet details5: Reference: Wireshark User's Guide, [loTdeviceTraffic.pcapng]
You have been assigned to perform a vulnerability assessment of a web server located at IP address 20.20.10.26. Identify the vulnerability with a severity score of &
TCP Timestamps is the vulnerability with a severity score of 8.0. This can be verified by performing a vulnerability assessment of the web server located at IP address 20.20.10.26 using the OpenVAS vulnerability scanner, available with the Parrot Security machine, with credentials admin/password. To perform the vulnerability assessment, one can follow these steps:
Launch the Parrot Security machine and open a terminal.
Enter the command sudo openvas-start to start the OpenVAS service and wait for a few minutes until it is ready.
Open a web browser and navigate to https://127.0.0.1:9392 to access the OpenVAS web interface.
Enter the credentials admin/password to log in to OpenVAS.
Click on Scans -> Tasks from the left menu and then click on the blue icon with a star to create a new task.
Enter a name and a comment for the task, such as ''Web Server Scan''.
Select ''Full and fast'' as the scan config from the drop-down menu.
Click on the icon with a star next to Target to create a new target.
Enter a name and a comment for the target, such as ''Web Server''.
Enter 20.20.10.26 as the host in the text box and click on Save.
Select ''Web Server'' as the target from the drop-down menu and click on Save.
Click on the green icon with a play button next to the task name to start the scan and wait for it to finish.
Click on the task name to view the scan report and click on Results from the left menu to see the list of vulnerabilities found.
Sort the list by Severity in descending order and look for the vulnerability with a severity score of 8.0. The screenshot below shows an example of performing these steps: The vulnerability with a severity score of 8.0 is TCP Timestamps, which is an option in TCP packets that can be used to measure round-trip time and improve performance, but it can also reveal information about the system's uptime, clock skew, or TCP sequence numbers, which can be used by attackers to launch various attacks, such as idle scanning, OS fingerprinting, or TCP hijacking1. The vulnerability report provides more details about this vulnerability, such as its description, impact, solution, references, and CVSS score2. Reference: Screenshot of OpenVAS showing TCP Timestamps vulnerability, TCP Timestamps Vulnerability, Vulnerability Report
Elliott, a security professional, was appointed to test a newly developed application deployed over an organizational network using a Bastion host. Elliott initiated the process by configuring the nonreusable bastion host. He then tested the newly developed application to identify the presence of security flaws that were not yet known; further, he executed services that were not secure. identify the type of bastion host configured by Elliott in the above scenario.
Non-routing dual-homed hosts are the type of bastion hosts configured by Elliott in the above scenario. A bastion host is a system or device that is exposed to the public internet and acts as a gateway or a proxy for other systems or networks behind it. A bastion host can be used to provide an additional layer of security and protection for internal systems or networks from external threats and attacks . A bastion host can have different types based on its configuration or functionality. A non-routing dual-homed host is a type of bastion host that has two network interfaces: one connected to the public internet and one connected to the internal network. A non-routing dual-homed host does not allow any direct communication between the two networks and only allows specific services or applications to pass through it . A non-routing dual-homed host can be used to isolate and secure internal systems or networks from external access . In the scenario, Elliott was appointed to test a newly developed application deployed over an organizational network using a bastion host. Elliott initiated the process by configuring the non-reusable bastion host. He then tested the newly developed application to identify the presence of security flaws that were not yet known; further, he executed services that were not secure. This means that he configured a non-routing dual-homed host for this purpose. An external services host is a type of bastion host that provides external services, such as web, email, FTP, etc., to the public internet while protecting internal systems or networks from direct access . A victim machine is not a type of bastion host, but a term that describes a system or device that has been compromised or infected by an attacker or malware . A one-box firewall is not a type of bastion host, but a term that describes a firewall that performs both packet filtering and application proxy functions in one device .
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Latosha
13 days agoAlverta
14 days agoSabina
27 days agoDelsie
1 months agoSheldon
1 months agoHershel
1 months agoLillian
2 months agoLigia
2 months agoRonnie
2 months agoLawana
2 months agoDoyle
2 months agoKing
3 months agoEmeline
3 months agoAlverta
3 months agoTimothy
3 months agoXuan
3 months agoLennie
4 months agoPok
4 months agoDeja
4 months agoRoxanne
5 months agoMaurine
5 months agoTomas
5 months agoCharlie
5 months agoAzalee
5 months agoBarrie
6 months agoJulie
6 months agoGladys
7 months agoShasta
8 months agoGeorgiann
8 months agoAsuncion
8 months agoBernardine
9 months agoAdaline
9 months agoMargurite
9 months agoGladys
9 months ago