Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack.What is the type of vulnerability assessment performed by Johnson in the above scenario?
Answer(s): A
A) A wireless network assessment is correct because the rogue access point and traffic aimed at cracking authentication indicate focusing on wireless controls, access mechanisms, and related vulnerabilities within the wireless domain.B) Application assessment is incorrect since the scenario centers on wireless access and network-level weaknesses, not application-layer flaws or insecure software.C) Host-based assessment is incorrect because the focus is on the wireless network itself and its access point, not individual hosts, services, or host configurations.D) Distributed assessment is incorrect since there is no mention of a coordinated, multi-system assessment framework; the emphasis is on the single wireless entry point and its impact.
In this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values.What is this attack called?
Answer(s): D
The attack is KRACK because it targets the WPA2 four-way handshake to reinstall a key and reset replay counters, enabling packet replay and decryption of data by manipulating handshake messages.A) Evil twin is incorrect as it describes a rogue AP deception, not specifically the WPA2 handshake replay attack.B) Chop chop attack is incorrect; it refers to a vulnerability in fragment reassembly in certain routers, not the WPA2 key reinstall/replay in handshakes.C) Wardriving is incorrect; it is locating wireless networks by vehicle movement, unrelated to handshake exploitation.D) KRACK is correct; it exploits the WPA2 handshake to reinstall a key and reset sequence numbers, enabling various cryptographic attacks.
https://www.krackattacks.com/
After an audit, the auditors inform you that there is a critical finding that you must tackle immediately. You read the audit report, and the problem is the service running on port 389.Which service is this and how can you tackle the problem?
Answer(s): B
Port 389 is LDAP (Lightweight Directory Access Protocol), commonly exposed for directory services; LDAPS uses port 636 for encrypted LDAP over TLS, so moving to 636 mitigates the risk by encrypting traffic. A) NTP uses port 123, not 389; changing UDP to TCP does not apply for LDAP. C) The prompt states a critical finding requiring immediate action, not merely suggestions. D) SMTP uses port 25 with optional SMTPS, not 389, and SMIME is for email encryption, not a protocol replacement on port 389.
Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks.What is the countermeasure Mike applied to defend against jamming and scrambling attacks?
J) Implement cognitive radios in the physical layer is correct because cognitive radios enable dynamic spectrum access, spectrum sensing, and agile frequency hopping to detect and mitigate jamming and scrambling attacks at the physical layer. A) Allowing all packet types at the ISP level does not address jamming or scrambling and can worsen DoS via amplification of traffic. B) Disabling TCP SYN cookies increases susceptibility to DoS via SYN flood. C) Using gets/strcpy is unsafe and irrelevant to mitigating jamming; it increases risk of buffer overflows. D) Implement cognitive radios correctly strengthens resilience against spectrum-based interference and scrambling techniques.
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic.If you did not have a VPN, how would you identify whether someone is performing an ARP spoofing attack on your laptop?
Using ARP table inconsistencies can indicate spoofing, but only scanning for MAC address anomalies with network discovery helps verify ARP spoofing across hosts. ARP spoofing typically involves mapping one IP to a forged MAC; Nmap can reveal duplicate or unexpected MAC/IP pairs on the LAN, signaling ARP manipulation.A) ARP table alone may show a duplicate IP, but spoofing can be distributed; not comprehensive for all hosts. B) Nmap scan identifies MAC/IP inconsistencies and unusual ARP-related fingerprints across the network. C) netstat shows active connections, not direct ARP spoofing indicators on the LAN. D) VPN affects traffic confidentiality, not detection of ARP spoofing.
Lewis, a professional hacker, targeted the IoT cameras and devices used by a target venture-capital firm. He used an information-gathering tool to collect information about the IoT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network.Which of the following tools was employed by Lewis in the above scenario?
Answer(s): C
C) Censys provides internet-wide asset discovery, collects data on hosts, open ports, services, and attack surface, and generates usage and trend reports, enabling continuous monitoring of reachable devices. A) NeuVector is a container security platform focused on runtime security, not internet-wide asset discovery. B) Lacework is a cloud security platform for workload and compliance, not primarily an internet-wide scan and inventory tool. D) Wapiti is a web vulnerability scanner for testing web applications, not IoT asset enumeration or network-wide monitoring.
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered.John decided to perform a TCP SYN ping scan on the target network.Which of the following Nmap commands must John use to perform the TCP SYN ping scan?
Ricardo has discovered the username for an application in his target's environment. As he has a limited amount of time, he decides to attempt to use a list of common passwords he found on the Internet. He compiles them into a list and then feeds that list as an argument into his password-cracking application.What type of attack is Ricardo performing?
Using a list of common passwords as input to a cracking tool is a dictionary attack, where a precompiled set of likely passwords is tested against the target credential.A) Brute force is incorrect because brute force exhaustively tests all possible passwords, not a predefined list.B) Known plaintext is incorrect because it involves deriving keys from known pairs of plaintext and ciphertext, not password lists.D) Password spraying is incorrect because it attempts a small number of passwords across many accounts, not a large dictionary against a single credential.
Share your comments for EC-Council 312-50v13 exam with other users:
hello are these questions valid for ms-102
some questions are wrongly answered but its good nonetheless
how to get system serial number using intune
is it really helpful to pass the exam
#229 in incorrect - all the customers require an annual review
kindy upload
fantastic assessment on psm 1
56 question correct answer a,b
thank you for providing the q bank
true quesstions
i can´t believe ms asks things like this, seems to be only marketing material.
hi, could you please add the last update of ns0-527
question #3 refers to vnet4 and vnet5. however, there is no vnet5 listed in the case study (testlet 2).
sometimes it may be good some times it may be
qs 4 answer seems wrong- please check
very detailed explanation !
the interactive nature of the test engine application makes the preparation process less boring.
very useful.
complete question dump should be made available for practice.
i just passed my first exam. i got 2 exam dumps as part of the 50% sale. my second exam is under work. once i write that exam i report my result. but so far i am confident.
nice create dewey stefen
i just wrote this exam and it is still valid. the questions are exactly the same but there are about 4 or 5 questions that are answered incorrectly. so watch out for those. best of luck with your exam.
passed my exam today. this is a good start to 2023.
great sharing
very helpful
thanks.. very helpful
i registered for 1z0-1047-23 but dumps qre available for 1z0-1047-22. help me with this...
please upload oracle 1z0-1110-22 exam pdf
becoming interesting on the logical part of the cdbs and pdbs
some of the answers are incorrect, i would be wary of using this until an admin goes back and reviews all the answers
question # 267: federated operating model is also correct.
its helpful alot.
the questiosn from this braindumps are same as in the real exam. my passing mark was 84%.