As a Certified Ethical Hacker, you are conducting a footprinting and reconnaissance operation against a target organization. You discover a range of IP addresses associated with the target using the SecurityTrails tool. Now, you need to perform a reverse DNS lookup on these IP addresses to find the associated domain names, as well as determine the nameservers and mail exchange (MX) records. Which of the following DNSRecon commands would be most effective for this purpose?
Answer(s): C
The -t std option performs standard DNS reconnaissance, including reverse lookups, NS, and MX discovery across the target range, making it suitable for mapping domain names and mail/nameserver records.A) Uses -t axfr (zone transfer) which requires server允许 zone transfer; not universally allowed and not focused on reverse lookups for NS/MX.B) Uses -t zonewalk which enumerates zones via zone walking; not specifically tailored for reverse DNS/NS/MX for the given range.D) Uses -d rather than -n for target domain; brt mode is brute force heavy and not ideal for efficient reverse DNS and record discovery.
You are an ethical hacker tasked with conducting an enumeration of a company's network. Given a Windows Answered Marked for Review 37.6% system with NetBIOS enabled, port 139 open, and file and printer sharing active, you are about to run some nbtstat commands to enumerate NetBIOS names. The company uses IPv6 for its network. Which of the following actions should you take next?
Answer(s): A
NetBIOS enumeration over IPv6 requires a tool that supports IPv6; switching to a compatible enumeration tool ensures proper discovery and name resolution in an IPv6 environment.A) Correct: IPv6 support is required for accurate NetBIOS enumeration in this network.B) Incorrect: nbtstat operates over NetBIOS/IPv4; IPv6 address usage is unsupported here.C) Incorrect: nbtstat -c accesses the NetBIOS cache, not appropriate for initial enumeration in IPv6 contexts.D) Incorrect: NSE can perform NetBIOS-related checks, but the explicit need is an IPv6-capable enumeration tool; NSE is not a direct requirement and may not handle IPv6 as needed.
During a red team assessment, a CEH is given a task to perform network scanning on the target network without revealing its IP address. They are also required to find an open port and the services available on the target machine. What scanning technique should they employ, and which command in Zenmap should theyuse?
Answer(s): D
Using IDLE/IPID header scan (stealth scan) via -sI hides the source IP and fingerprinting while discovering open ports and services, aligning with anonymous network enumeration in red team assessments. It leverages a zombie host to probe target ports without directly revealing the scanning host.A) SCTP INIT Scan (-sY) targets SCTP and is not appropriate for stealthy generic port/service discovery on IPv4 host networks.B) UDP Raw ICMP Port Unreachable (-sU) tests UDP ports but is noisy and often blocked, not ideal for stealthy comprehensive service discovery.C) ACK flag probe (-sA) determines firewall/filtering state, not reliable for identifying open ports or services.
A large corporation is planning to implement preventive measures to counter a broad range of social engineering techniques. The organization has implemented a signature-based IDS, intrusion detection system, to detect known attack payloads and network flow analysis to monitor data entering and leaving the network. The organization is deliberating on the next step. Considering the information provided about various social engineering techniques, what should be the organization's next course of action?
A concise training-first approach is essential to counter social engineering; regular employee awareness training equips staff to recognize and resist social manipulation, reducing successful breaches beyond technical controls. It complements signature-based IDS and data flow monitoring by addressing human factors.A) Endpoint detection and response focuses on endpoint threats but does not directly reduce susceptibility to social engineering at the human level. B) Honeypots attract attackers for analysis but do not mitigate social engineering risks or educate employees. C) Increasing physical security personnel addresses access control but not the broader spectrum of social engineering techniques or user awareness. D) Regular training directly mitigates social engineering risk through knowledge and behavioral change.
An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given 'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?
A) The correct choice. With m=90 and b=15, the attacker can exceed the server’s per-second capacity and each connection lasts 15 seconds, causing sustained resource contention and longer unavailability as new connections continually arrive and persist. The attack duration D=a*b=100*15=1500 units; the server’s intake is overwhelmed, delaying normal processing.B) Although m=105 > 100, the server can absorb the attack rate, and shorter hold-up (b=12) reduces persistence, limiting duration of unavailability.C) m=110 > 100 and b=20 would still allow load acceptance; higher b increases duration per connection but the capacity surplus minimizes impact, reducing outage time.D) m=95 < 100 means overcapacity; however, b=10 is shorter than A, reducing persistence, making outage shorter than with A.
A large organization has recently performed a vulnerability assessment using Nessus Professional, and the security team is now preparing the final report. They have identified a high-risk vulnerability, named XYZ, which could potentially allow unauthorized access to the network. In preparing the report, which of the followingelements would NOT be typically included in the detailed documentation for this specific vulnerability?
A) PoC of the vulnerability, if possible, to demonstrate its potential impact on the system, would not typically be included in detailed vulnerability documentation for a single vulnerability due to potential safety and misuse concerns; PoCs are often kept internal or redacted when sharing publicly. B) The total counts of vulnerabilities by risk level are part of the overall assessment reporting. C) A list of affected systems is essential for remediation planning and risk prioritization. D) CVE ID and mapping to the vulnerability name provide standard identification and traceability.
Recently, the employees of a company have been receiving emails that seem to be from their colleagues, but with suspicious attachments. When opened, these attachments appear to install malware on their systems. The IT department suspects that this is a targeted malware attack. Which of the following measures would be the most effective in preventing such attacks?
A targeted phishing/malware campaign is best mitigated by keeping software up to date with the latest patches and updates, closing known vuln vectors and reducing exploit opportunities. A) Disabling Autorun helps against removable-media malware, not primarily targeted email attachments. B) Avoiding outdated browsers/software reduces risk but does not guarantee protection against evolving exploits in emails. C) Regular scans help detect infections after the fact, not prevent initial compromise from malicious attachments. D) Applying latest patches addresses known vulnerabilities exploited by email-borne malware, strengthening defense in depth.
A network security analyst, while conducting penetration testing, is aiming to identify a service account password using the Kerberos authentication protocol. They have a valid user authentication ticket (TGT) and decided to carry out a Kerberoasting attack. In the scenario described, which of the following steps should the analyst take next?
Kerberoasting requires requesting a service ticket for the target service principal name to obtain TGS tickets that can be offline crystalline-cracked for service account credentials.A) Passive wire sniffing is irrelevant to Kerberoasting and Kerberos ticket extraction.B) PRINCE attack is unrelated to Kerberos service tickets or Kerberoasting flows.C) Mimikatz can extract credentials but after obtaining a service ticket, not as the immediate next step of Kerberoasting.D) Correct: requesting a service ticket for the service principal name enables extraction of the TGS for offline cracking.
Share your comments for EC-Council 312-50v13 exam with other users:
please i need dumps for isc2 cybersecuity
ans is coldline i think
very helpful
can you please provide dumps so that it helps me more
thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
how i can see exam questions?
can you please upload please?
question 75: option c is correct answer
please add this exam
please upoad
has anyone recently attended safe 6.0 certification? is it the samq question from here.
expository experience
52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
great help!!!
very useful tools
looks a good platform to prepare az-104
want to pass the exam
good resource
question 11 : d
only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
good questions. thanks.
good for practice.
great case study
the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
thanks, very relevant
wrong answer. it is true not false.
please i need the mo-100 questions
very good use full
very valid questions
will these question help me to clear pl-300 exam?
please provide me with these dumps questions. thanks
in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable