CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 212-82

Free 212-82 Exam Braindumps (page: 13)

Page 12 of 26
PDF with 161 Questions

Cassius, a security professional, works for the risk management team in an organization. The team is responsible for performing various activities involved in the risk management process. In this process, Cassius was instructed to select and implement appropriate controls on the identified risks in order to address the risks based on their severity level.
Which of the following risk management phases was Cassius instructed to perform in the above scenario?

  1. Risk analysis
  2. Risk treatment
  3. Risk prioritization
  4. Risk identification

Answer(s): B

Explanation:

Risk treatment is the risk management phase that Cassius was instructed to perform in the above scenario. Risk management is a process that involves identifying, analyzing, evaluating, treating, monitoring, and reviewing risks that can affect an organization's objectives, assets, or operations. Risk management phases can be summarized as follows: risk identification, risk analysis, risk prioritization, risk treatment, and risk monitoring . Risk identification is the risk management phase that involves identifying and documenting potential sources, causes, events, and impacts of risks. Risk analysis is the risk management phase that involves assessing and quantifying the likelihood and consequences of risks. Risk prioritization is the risk management phase that involves ranking risks based on their severity level and determining which risks need immediate attention or action. Risk treatment is the risk management phase that involves selecting and implementing appropriate controls or strategies to address risks based on their severity level . Risk treatment can include avoiding, transferring, reducing, or accepting risks. Risk monitoring is the risk management phase that involves tracking and reviewing the performance and effectiveness of risk controls or strategies over time.



RAT has been setup in one of the machines connected to the network to steal the important Sensitive corporate docs located on Desktop of the server, further investigation revealed the IP address of the server 20.20.10.26. Initiate a remote connection using thief client and determine the number of files present in the folder.
Hint: Thief folder is located at: Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Thief of Attacker Machine-1.

  1. 2
  2. 4
  3. 3
  4. 5

Answer(s): C

Explanation:

3 is the number of files present in the folder in the above scenario. A RAT (Remote Access Trojan) is a type of malware that allows an attacker to remotely access and control a compromised system or network. A RAT can be used to steal sensitive data, spy on user activity, execute commands, install other malware, etc. To initiate a remote connection using thief client, one has to follow these steps:
Navigate to the thief folder located at Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Thief of Attacker Machine-1. Double-click on thief.exe file to launch thief client.
Enter 20.20.10.26 as IP address of server.
Enter 1234 as port number.
Click on Connect button.
After establishing connection with server, click on Browse button.
Navigate to Desktop folder on server.
Count number of files present in folder.
The number of files present in folder is 3, which are:
Sensitive corporate docs.docx
Sensitive corporate docs.pdf
Sensitive corporate docs.txt



An FTP server has been hosted in one of the machines in the network. Using Cain and Abel the attacker was able to poison the machine and fetch the FTP credentials used by the admin. You're given a task to validate the credentials that were stolen using Cain and Abel and read the file flag.txt

  1. white@hat
  2. red@hat
  3. hat@red
  4. blue@hat

Answer(s): C

Explanation:

hat@red is the FTP credential that was stolen using Cain and Abel in the above scenario. FTP (File Transfer Protocol) is a protocol that allows transferring files between a client and a server over a network. FTP requires a username and a password to authenticate the client and grant access to the server . Cain and Abel is a tool that can perform various network attacks, such as ARP poisoning, password cracking, sniffing, etc. Cain and Abel can poison the machine and fetch the FTP credentials used by the admin by intercepting and analyzing the network traffic . To validate the credentials that were stolen using Cain and Abel and read the file flag.txt, one has to follow these steps:

Navigate to the Documents folder of Attacker-1 machine. Double-click on Cain.exe file to launch Cain and Abel tool.
Click on Sniffer tab.
Click on Start/Stop Sniffer icon.
Click on Configure icon.
Select the network adapter and click on OK button.
Click on + icon to add hosts to scan.
Select All hosts in my subnet option and click on OK button.
Wait for the hosts to appear in the list.
Right-click on 20.20.10.26 (FTP server) and select Resolve Host Name option.
Note down the host name as ftpserver.movieabc.com
Click on Passwords tab.

Click on + icon to add items to list.
Select Network Passwords option.
Select FTP option from Protocol drop-down list.
Click on OK button.
Wait for the FTP credentials to appear in the list.
Note down the username as hat and the password as red
Open a web browser and type ftp://hat:red@ftpserver.movieabc.com Press Enter key to access the FTP server using the stolen credentials.
Navigate to flag.txt file and open it.
Read the file content.



An attacker with malicious intent used SYN flooding technique to disrupt the network and gain advantage over the network to bypass the Firewall. You are working with a security architect to design security standards and plan for your organization. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Study the Synflood.pcapng file and determine the source IP address.
Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.

  1. 20.20.10.180
  2. 20.20.10.19
  3. 20.20.10.60
  4. 20.20.10.59

Answer(s): B

Explanation:

20.20.10.19 is the source IP address of the SYN flooding attack in the above scenario. SYN flooding is a type of denial-of-service (DoS) attack that exploits the TCP (Transmission Control Protocol) three- way handshake process to disrupt the network and gain advantage over the network to bypass the firewall. SYN flooding sends a large number of SYN packets with spoofed source IP addresses to a target server, causing it to allocate resources and wait for the corresponding ACK packets that never arrive. This exhausts the server's resources and prevents it from accepting legitimate requests . To determine the source IP address of the SYN flooding attack, one has to follow these steps:
Navigate to the Documents folder of Attacker-1 machine.

Double-click on Synflood.pcapng file to open it with Wireshark. Click on Statistics menu and select Conversations option. Click on TCP tab and sort the list by Bytes column in descending order. Observe the IP address that has sent the most bytes to 20.20.10.26 (target server). The IP address that has sent the most bytes to 20.20.10.26 is 20.20.10.19 , which is the source IP address of the SYN flooding attack.






Post your Comments and Discuss EC-Council 212-82 exam with other Community members:

212-82 Discussions & Posts