Free 312-50v11 Exam Braindumps (page: 66)

Page 66 of 127

An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?

  1. Phishing
  2. Vlishing
  3. Spoofing
  4. DDoS

Answer(s): A



Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company. What is the social engineering technique Steve employed in the above scenario?

  1. Diversion theft
  2. Baiting
  3. Honey trap
  4. Piggybacking

Answer(s): C

Explanation:

The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.

Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a legitimate company's logo, thereby tricking end-users into trusting it and opening it on their systems. Once the victim connects and opens the device, a malicious file downloads. It infects the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and greed, the victim picks up the device and opens it up on their system, which downloads the bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system, giving the attacker access.



Daniel Is a professional hacker who Is attempting to perform an SQL injection attack on a target website. www.movlescope.com. During this process, he encountered an IDS that detects SQL Injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘'or '1'='1" In any bask injection statement such as "or 1=1." Identify the evasion technique used by Daniel in the above scenario.

  1. Null byte
  2. IP fragmentation
  3. Char encoding
  4. Variation

Answer(s): D

Explanation:

One may append the comment “–” operator along with the String for the username and whole avoid executing the password segment of the SQL query. Everything when the — operator would be considered as comment and not dead.
To launch such an attack, the value passed for name could be ’OR ‘1’=‘1’ ; — Statement = “SELECT * FROM ‘CustomerDB’ WHERE ‘name’ = ‘ ”+ userName + “ ‘ AND ‘password’ = ‘ ” + passwd + “ ‘ ; ”
Statement = “SELECT * FROM ‘CustomerDB’ WHERE ‘name’ = ‘ ’ OR ‘1’=‘1‘;– + “ ‘ AND ‘password’ = ‘ ” + passwd + “ ‘ ; ”
All the records from the customer database would be listed.
Yet, another variation of the SQL Injection Attack can be conducted in dbms systems that allow multiple SQL injection statements. Here, we will also create use of the vulnerability in sure dbms whereby a user provided field isn’t strongly used in or isn’t checked for sort constraints.
This could take place once a numeric field is to be employed in a SQL statement; but, the programmer makes no checks to validate that the user supplied input is numeric.



While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed. What most likely happened?

  1. Matt inadvertently provided the answers to his security questions when responding to the post.
  2. Matt's bank-account login information was brute forced.
  3. Matt Inadvertently provided his password when responding to the post.
  4. Matt's computer was infected with a keylogger.

Answer(s): A



Page 66 of 127



Post your Comments and Discuss EC-Council 312-50v11 exam with other Community members:

Casandra commented on December 05, 2024
Do not book your exam if you don't know the topics and the questions. The test is super duper hard and almost impossible to pass without knowing the questions.
EUROPEAN UNION
upvote

Joseph commented on December 04, 2024
VERY HELPFUL TO ME
Anonymous
upvote

aam commented on November 20, 2024
great lesson
Anonymous
upvote

Naomie commented on November 12, 2024
Good material very helpful.
Anonymous
upvote

mo commented on October 08, 2024
a good practice thanks
Anonymous
upvote

Last-Minute Miracles commented on September 21, 2024
Thanks to this exam dumps and for posting it free.
Anonymous
upvote

Yorika commented on September 14, 2024
Quite impressive and accurate. The full version is well worth it with the Buy 1 Get one free deal. Basically you get 2 exams with 50% discount.
UNITED STATES
upvote

Sunny commented on September 14, 2024
I am pleased to let you know that I passed this exam last Friday. Here are some feedback to share: 1- The exam is tough so you must read and read and prepare 2- They give you enough time. Skip the questions you don't know and come back to it at the end. 3- Use this exam dumps. I saw most these questions in the exam. Good luck.
UNITED STATES
upvote

Emmanuel Fakayode commented on September 10, 2024
This is a great deal and an eyes opener.
Anonymous
upvote

MYSTERY MASTER commented on August 15, 2024
SEEMS HELPFUL
INDIA
upvote

Mohan commented on August 07, 2024
This is one of the most compete and comprehensive exam questions and answers I have came across.
INDIA
upvote

Raks commented on May 28, 2024
No comments till now
Anonymous
upvote

Pranav commented on July 22, 2022
This site keeps its promise. The 100% pass is real. Thank you team.
UNITED STATES
upvote

Nathan commented on June 18, 2021
I bought 2 exams for the 50% sale. I already passed one of them. I am prepareing for my next exam. These exam dumps questions are very helpful.
POLAND
upvote