Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs.What type of malware did the attacker use to bypass the company's application whitelisting?
Answer(s): A
A) File-less malware is correct because it operates in memory or uses legitimate system tools to evade traditional file-based AV and whitelist controls, enabling data exfiltration without dropping persistent executables. B) Zero-day malware relies on unknown exploits but does not specifically address bypassing application whitelisting; it’s about exploit novelty, not evasion by using in-memory techniques. C) Phishing malware involves deceiving users to install or run software, not bypassing whitelisting via in-memory execution. D) Logic bomb malware executes only when a condition is met within legitimate code; it does not inherently evade application whitelisting or exfiltrate data stealthily.
Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?
Answer(s): C
D) C is correct: Dorian signs with his private key; Poly verifies with Dorian’s public key to confirm origin and integrity.A) Incorrect: signing with public key is not possible; public keys are for verification, not signing.B) Incorrect: signing with Poly’s private key would not prove Dorian’s identity; verification would require Poly’s public key, not Dorian’s.C) Correct: digital signatures use the sender’s private key for signing and the corresponding public key for verification.D) Incorrect: Poly’s public key would be used to encrypt or verify, but the signer’s private key is essential for a valid digital signature; this option misattributes key usage.
Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL www.bank.com, the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different.What type of attack he is experiencing?
Answer(s): D
A) DNS hijacking is correct because it describes tampering with the domain name resolution to redirect the user to a fraudulent site that imitates the legitimate bank, causing credential prompts and a deceptive URL. The site appearing different and not secure indicates DNS manipulation or host/user redirection.B) DHCP spoofing is incorrect because it involves fraudulent DHCP responses to assign incorrect IP configuration, not altering website content or credentials redirection at the URL level.C) ARP cache poisoning is incorrect because it disrupts local network traffic by mapping IPs to wrong MAC addresses, not typically changing secure website URLs or phishing-like credential prompts at the application layer.D) DoS attack is incorrect because it aims to exhaust resources to disrupt service, not to redirect users or harvest credentials through a counterfeit site.
Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney's account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney's account.What is the attack performed by Boney in the above scenario?
A successful session fixation attack. It exploits a valid session ID created by the attacker or prior login and forces the victim to use it, tying the victim’s session to the attacker's account page and any subsequent inputs (e.g., payment details) to the attacker.A) Forbidden attack is not a recognized OWASP/attack category. B) CRIME targets TLS compression to leak data, not session linkage. C) Session donation attack is not a standard term in this context. D) Session fixation accurately describes forcing a user to use a known session ID and associating actions with that session.
Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot recognize the packets, but the target web server can decode them.What is the technique used by Kevin to evade the IDS system?
The technique is obfuscating (C) because it involves encoding or altering payloads (e.g., via Unicode encoding) to conceal malicious content from IDS while the target server can decode and process it.A) Session splicing is a method of splitting or rearranging segments across multiple packets to evade IDS, not specifically Unicode encoding. B) Urgency flag refers to TCP flag manipulation to bypass rate limits, not content encoding. D) Desynchronization disrupts protocol state between client and server to confuse IDS, not Unicode-based encoding. C) Obfuscating correctly identifies encoding-based concealment used to evade detection by IDS while enabling the server to decode. Ensure terminology aligns with evasion techniques in the exam context.
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?
Answer(s): B
An SQL injection payload using or 1=1 typically results in a tautology bypass in the WHERE clause, effectively returning all rows when credentials are concatenated into a single string. B demonstrates correct syntax: the username input becomes attack' or 1=1 --, which renders the query: select * from Users where UserName = 'attack' or 1=1 -- and UserPassword = '123456'. A, C, and D are syntactically invalid or alter the intended logic: A includes misplaced quotes around 1=1; C lacks closing quote for UserName string; D places an extra quote before --, breaking the comment and causing errors or incorrect parsing.
Which of the following commands checks for valid users on an SMTP server?
A user verification request on an SMTP server is validated with VRFY to confirm if an address or mailbox exists on the server.A) RCPT is used to specify a recipient during the SMTP dialogue but does not confirm existence by itself.B) CHK is not a standard SMTP command for user verification.C) VRFY is the correct command to query the server for a listed user.D) EXPN expands a mailing list to reveal its members, not simply verify a single user.
Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and passwords are shared in plaintext, paving the way for hackers to perform successful session hijacking. To address this situation, Bella implemented a protocol that sends data using encryption and digital certificates.Which of the following protocols is used by Bella?
The correct answer is A) FTPS because it adds TLS/SSL encryption to FTP, protecting data in transit and verifying identity with digital certificates, mitigating plaintext exposure and session hijacking. FTP alone (B) transmits in plaintext, so it doesn’t secure credentials or sessions. HTTPS (C) uses HTTP over TLS, suitable for web traffic but not the primary FTP-style file transfer protocol described. IP (D) refers to the Internet Protocol, not an application-layer secure file transfer protocol and does not provide encryption or certificate-based authentication.
Share your comments for EC-Council 312-50v13 exam with other users:
admin ii is real technical stuff
could you post the link
hello send me dumps
it is very nice
i gave the amazon dva-c02 tests today and passed. very helpful.
there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
i need it, plz make it available
q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
this is simple but tiugh as well
questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
its very useful
i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
real questions
very helpful assessments
hi there, i would like to get dumps for this exam
i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
please upload 1z0-1072-23 exam dups
i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
i am looking for oracle 1z0-116 exam
where we can get the answer to the questions
nice questions
question 129 is completely wrong.
i need dump
love the site.
can you please upload it back?
could you please re-upload this exam? thanks a lot!
great about shared quiz
goood helping
pay attention to questions. they are very tricky. i waould say about 80 to 85% of the questions are in this exam dump.
wish you would allow more free questions
great simulation
very g inood
q35 should be a