Free Practice Questions for Eccouncil 312-50 Exam

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

• In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name.
• Both pharming and phishing attacks are purely technical and are not considered forms of social engineering.
• Both pharming and phishing attacks are identical.
• In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name.

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, PUT, DELETE, TRACE) using NMAP script engine.What nmap script will help you with this task?

• http-methods
• http enum
• http-headers
• http-git

Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

• http-git
• http-headers
• http enum
• http-methods

> NMAP -sn 192.168.11.200-215The NMAP command above performs which of the following?

• A ping scan
• A trace sweep
• An operating system detect
• A port scan

Which of the following provides a security professional with most information about the system's security posture?

• Wardriving, warchalking, social engineering
• Social engineering, company site browsing, tailgating
• Phishing, spamming, sending trojans
• Port scanning, banner grabbing, service identification

You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

• Scan servers with Nmap
• Physically go to each server
• Scan servers with MBSA
• Telent to every port on each server

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

• [cache:]
• [site:]
• [inurl:]
• [link:]

Which type of scan is used on the eye to measure the layer of blood vessels?

• Facial recognition scan
• Retinal scan
• Iris scan
• Signature kinetics scan

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

• The document can be sent to the accountant using an exclusive USB for that document.
• The CFO can use a hash algorithm in the document once he approved the financial statements.
• The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.
• The CFO can use an excel file with a password.

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

• Firewall-management policy
• Acceptable-use policy
• Remote-access policy
• Permissive policy