312-50V12 Online Practice Questions and Answers

Questions 4

Which of the following statements is TRUE?

A. Packet Sniffers operate on the Layer 1 of the OSI model.

B. Packet Sniffers operate on Layer 2 of the OSI model.

C. Packet Sniffers operate on both Layer 2 and Layer 3 of the OSI model.

D. Packet Sniffers operate on Layer 3 of the OSI model.

Questions 5

Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

A. Rootkit

B. Trojan

C. Worm

D. Adware

Buy Now

Questions 6

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

A. Attacker generates TCP SYN packets with random destination addresses towards a victim host

B. Attacker floods TCP SYN packets with random source addresses towards a victim host

C. Attacker generates TCP ACK packets with random source addresses towards a victim host

D. Attacker generates TCP RST packets with random source addresses towards a victim host

Buy Now

Questions 7

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

A. ACK flag probe scanning

B. ICMP Echo scanning

C. SYN/FIN scanning using IP fragments

D. IPID scanning

Buy Now

Questions 8

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is this?

A. MAC spoofing attack

B. Evil-twin attack

C. War driving attack

D. Phishing attack

Buy Now

Questions 9

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have

configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Buy Now

Questions 10

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

A. The computer is not using a private IP address.

B. The gateway is not routing to a public IP address.

C. The gateway and the computer are not on the same network.

D. The computer is using an invalid IP address.

Buy Now

Questions 11

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool "SIDExtractor". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

A. John

B. Rebecca

C. Sheela

D. Shawn

E. Somia

F. Chang

G. Micah

Buy Now

Questions 12

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

A. Copy the system files from a known good system

B. Perform a trap and trace

C. Delete the files and try to determine the source

D. Reload from a previous backup

E. Reload from known good media

Buy Now

Questions 13

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

A. Produces less false positives

B. Can identify unknown attacks

C. Requires vendor updates for a new threat

D. Cannot deal with encrypted network traffic

Buy Now

Correct Answer: B

An anomaly-based intrusion detection system is an intrusion detection system for detecting both network and computer intrusions and misuse by monitoring system activity and classifying it as either normal or anomalous. The classification is based on heuristics or rules, rather than patterns or signatures, and attempts to detect any type of misuse that falls out of normal system operation. This is as opposed to signature-based systems, which can only detect attacks for which a signature has previously been created. In order to positively identify attack traffic, the system must be taught to recognize normal system activity. The two phases of a majority of anomaly detection systems consist of the training phase (where a profile of normal behaviors is built) and the testing phase (where current traffic is compared with the profile created in the training phase). Anomalies are detected in several ways, most often with artificial intelligence type techniques. Systems using artificial neural networks have been used to great effect. Another method is to define what normal usage of the system comprises using a strict mathematical model, and flag any deviation from this as an attack. This is known

as strict anomaly detection.[3] Other techniques used to detect anomalies include data mining methods, grammar-based methods, and the Artificial Immune System.

Network-based anomalous intrusion detection systems often provide a second line of defense to detect anomalous traffic at the physical and network layers after it has passed through a firewall or other security appliance on the border of a

network. Host-based anomalous intrusion detection systems are one of the last layers of defense and reside on computer endpoints. They allow for fine-tuned, granular protection of endpoints at the application level.

Anomaly-based Intrusion Detection at both the network and host levels have a few shortcomings; namely a high false-positive rate and the ability to be fooled by a correctly delivered attack. Attempts have been made to address these issues

through techniques used by PAYL and MCPAD.

Exam Code: 312-50V12

Exam Name: Certified Ethical Hacker Exam (CEHv12)

Last Update: Apr 20, 2024

Questions: 528

10%OFF Coupon Code: SAVE10

PDF (Q&A)

$45.99

ADD TO CART

VCE

$49.99

ADD TO CART

PDF + VCE

$59.99

ADD TO CART