While browsing his Facebook feed, Matt sees a picture one of his friends posted with the caption, "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate, Matt responds to the questions on the post. A few days later, Matt's bank account has been accessed, and the password has been changed.What most likely happened?
Answer(s): A
Matt’s responses to the post likely revealed security questions’ answers, enabling social engineering to access his bank. A) Correct: posting “Learn more about your friends” and answering questions supplied by a trusted contact provided the exact security questions/answers needed for account recovery or authentication, enabling attacker to impersonate Matt. B) Incorrect: there’s no evidence he disclosed his login credentials; only security-question answers were provided. C) Incorrect: keylogger would capture keystrokes locally, not rely on friend’s social-media questions. D) Incorrect: brute-forcing requires password or data access; it’s less plausible given social-engineering leakage of security-question data.
Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMv1 by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks.What is the type of attack performed by Simon?
Answer(s): D
The attack is an Internal monologue attack because the attacker leverages legitimate credentials and session tokens from active processes to impersonate a valid user and continue compromising the environment without immediate detection.A) Combinator attack is incorrect as it pertains to combining partial credentials or data to guess a password, not token harvesting or credential impersonation.B) Dictionary attack is incorrect since it uses a list of words to guess passwords, not extracting tokens to masquerade as a user.C) Rainbow table attack is incorrect because it uses precomputed hash chains to crack passwords, not live token reuse or process token extraction.D) Internal monologue attack
Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days, Steve started asking about her company details and eventually gathered all the essential information regarding her company.What is the social engineering technique Steve employed in the above scenario?
Steve used social media deception to lure and extract sensitive information by creating a fake online identity and gradually gaining trust. This aligns with baiting, where a deceptive lure entices victims to disclose information or perform actions.A) Baiting: correct - attacker uses a counterfeit profile to entice information disclosure over time.B) Piggybacking: incorrect - involves unauthorized access by following an authorized user, not social media manipulation.C) Diversion theft: incorrect - typically refers to misdirection of funds or valuables, not information harvesting via profiles.D) Honey trap: incorrect - implies a trap designed to entrap a target for a physical or explicit purpose; social-engineering lure on a profile qualifies as baiting rather than a honey trap.
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?
Answer(s): C
A short description: The time spent researching to locate information about a company for social engineering is Reconnaissance.A) Exploration — not the standard term used in infoSec for targeted info gathering during an attack.B) Investigation — generic term; lacks the canonical connect to attacker information gathering phases.C) Reconnaissance — correct; aligns with identifying and collecting open-source intel about targets to craft credible phishing.D) Enumeration — typically involves active probing to reveal services/accounts, not passive data gathering for social engineering.
Attacker Lauren has gained the credentials of an organization's internal server system, and she was often logging in during irregular times to monitor the network activities. The organization was skeptical about the login times and appointed security professional Robert to determine the issue. Robert analyzed the compromised device to find incident details such as the type of attack, its severity, target, impact, method of propagation, and vulnerabilities exploited.What is the incident handling and response (IH&R) phase, in which Robert has determined these issues?
The correct answer is A) incident triage because it involves quickly assessing incident details (type, severity, target, impact, propagation, vulnerabilities) to determine priority and response actions.B) Preparation is the proactive phase (policies, tools, training) taken before incidents occur, not the analysis of an actual event.C) Incident recording and assignment focuses on documenting events and assigning handlers, not initial risk assessment of the incident.D) Eradication is the containment and removal of threats after triage and containment, not the initial analysis and classification step.
At what stage of the cyber kill chain theory model does data exfiltration occur?
Answer(s): B
Exfiltration occurs during Actions on Objectives, when the attacker achieves the intended mission and transfers data out of the target environment.A) Weaponization is the pairing of exploit and payload, prior to intrusion. C) Command and control is the stage for maintaining access and data channels, not the actual data transfer out. D) Installation involves deploying malware on the host, enabling foothold, not the data exfiltration phase.
Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson's machine.What is the social engineering technique Steve employed in the above scenario?
A short summary: Elicitation is used to coax information by building rapport and prompting the target to reveal details or follow instructions, which fits Johnson’s deceptive interactions to obtain access and data.A) Diversion theft - Incorrect: Involves stealing physical assets by distracting the victim; not used to obtain information or induce malware installation.B) Quid pro quo - Incorrect: Involves offering a benefit in exchange for information or actions; here the attacker did not promise a return benefit beyond coercive instruction.C) Elicitation - Correct: Social engineering through conversation to extract sensitive data and entice execution of malicious steps.D) Phishing - Incorrect: Typically involves fraudulent emails/websites; here the attacker directly contacted and guided the victim rather than lure via deceitful messages.
An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks.Which of the following security scanners will help John perform the above task?
A short summary: Syhunt Hybrid is a web application security scanner capable of automated testing for XSS, SQLi, directory traversal, fault injection, and command execution, matching John’s needs.A) AlienVault OSSIM is a SIEM/OTM/IDS platform for security monitoring, not primarily a web app vulnerability scanner.B) Syhunt Hybrid performs automated web application security testing, including XSS, SQL injection, directory traversal, and fault injection.C) Saleae Logic Analyzer is a hardware logic analyzer for embedded systems, not a web application security scanner.D) Cisco ASA is a network firewall appliance, not a web app vulnerability scanner.
Share your comments for EC-Council 312-50v13 exam with other users:
nice questions bring out the best in you.
really helpful
question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
are the question real or fake?
thank you for providing such assistance.
nice questions
my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
found it good
excellent material
very helpfull
well explained.
i need the pdf, please.
a good source for exam preparation
i need ielts general training audio guide questions
please make this content available
content is good
latest dumps please
aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
for question 4, the righr answer is :recover automatically from failures
question number 4s answer is 3, option c. i
very good questions
i am confused about the answers to the questions. are the answers correct?
very usefull
need certification.
great exam prep
i require dump
good morning, could you please upload this exam again,