Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free ECCouncil 312-50v13 Practice Exam with Questions & Answers | Set: 11

Questions 151

An attacker plans to compromise IoT devices to pivot into OT systems. What should be the immediate action?

Options:
A.

Perform penetration testing

B.

Secure IoT–OT communications with encryption and authentication

C.

Deploy ML-based threat prediction

D.

Deploy an IPS

ECCouncil 312-50v13 Premium Access
Questions 152

What is the minimum number of network connections in a multihomed firewall?

Options:
A.

5

B.

2

C.

3

D.

4

Questions 153

A WPA2-PSK wireless network is tested. Which method would allow identification of a key vulnerability?

Options:
A.

De-authentication attack to capture the four-way handshake

B.

MITM to steal the PSK directly

C.

Jamming to force PSK disclosure

D.

Rogue AP revealing PSK

Questions 154

A smart building management company in Seattle, Washington deploys wireless door sensors and badge-based access systems throughout its corporate headquarters. During a security assessment, an analyst captures legitimate radio transmissions between employee access badges and the entry control units.

Later that evening, without modifying or decrypting the original communication, the analyst retransmits the previously captured signal toward a secured entrance. The access control system accepts the transmission as valid and unlocks the door, even though the legitimate badge is not present.

Determine the attack technique demonstrated in this assessment.

Options:
A.

BlueBorne Attack

B.

Replay Attack

C.

Rolling Code Attack

D.

Sybil Attack

Questions 155

A penetration tester is tasked with compromising a company’s wireless network, which uses WPA2-PSK encryption. The tester wants to capture the WPA2 handshake and crack the pre-shared key. What is the most appropriate approach to achieve this?

Options:
A.

Execute a Cross-Site Scripting (XSS) attack on the router ' s admin panel

B.

Use a de-authentication attack to force a client to reconnect, capturing the WPA2 handshake

C.

Perform a brute-force attack directly on the WPA2 encryption

D.

Conduct a Man-in-the-Middle attack by spoofing the router ' s MAC address

Questions 156

A future-focused security audit discusses risks where attackers collect encrypted data now, anticipating that they can decrypt it later with quantum computers. What is this threat known as?

Options:
A.

Saving data today for future quantum decryption

B.

Replaying intercepted quantum messages

C.

Breaking RSA using quantum algorithms

D.

Flipping qubit values to corrupt the output

Questions 157

Which patch management strategy is most effective?

Options:
A.

External-only patches

B.

Automated patch management with monitoring

C.

Manual patching on live servers

D.

Applying all patches regardless of source

Questions 158

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:
A.

John the Ripper

B.

Dsniff

C.

Snort

D.

Nikto

Questions 159

During a red team engagement at a technology startup in Austin, ethical hacker Priya simulates an internal attacker by connecting a laptop to the corporate LAN. Within minutes, nearby workstations begin receiving incorrect network settings such as altered gateways and DNS servers. Employees trying to access the intranet are redirected to fake login portals hosted on Priya’s machine. Security tools record temporary IP conflicts, but no alerts are triggered against the altered traffic paths.

Which attack technique did Priya most likely use?

Options:
A.

DHCP Starvation Attack

B.

DNS Cache Poisoning

C.

Rogue DHCP Server Attack

D.

Packet Sniffing

Questions 160

As an IT security analyst, you perform network scanning using ICMP Echo Requests. During the scan, several IP addresses do not return Echo Replies, yet other network services remain operational. How should this situation be interpreted?

Options:
A.

The non-responsive IP addresses indicate severe network congestion.

B.

A firewall or security control is likely blocking ICMP Echo Requests.

C.

The lack of Echo Replies indicates an active security breach.

D.

The IP addresses are unused and available for reassignment.

Questions 161

What is MAC spoofing used for?

Options:
A.

Encryption

B.

IDS

C.

Bypass filters

D.

Logging

Questions 162

Which technique best exploits session management despite MFA, encrypted cookies, and WAFs?

Options:
A.

CSRF

B.

Side jacking

C.

Session fixation

D.

Insecure deserialization

Questions 163

During a security assessment of a fintech startup in San Francisco, ethical hacker Michael analyzes the company ' s cloud platform. He observes that the system automates deployment, scaling, service discovery, and workload management across multiple nodes, ensuring smooth operation of critical services without requiring manual coordination. Which Kubernetes capability is primarily responsible for these functions?

Options:
A.

Kube-controller-manager

B.

Self-healing

C.

Container orchestration

D.

Container vulnerabilities

Questions 164

At a New York-based e-commerce company preparing for Black Friday sales, analyst Sarah evaluates cloud billing practices. She notices that the provider tracks compute hours, storage usage, and bandwidth consumption in detail, enabling the company to pay only for what is consumed while also supporting audits. Which cloud computing characteristic best explains this feature?

Options:
A.

Measured service

B.

Broad network access

C.

On-demand self-service

D.

Resource pooling

Questions 165

During a red team exercise at Apex Logistics in Denver, ethical hacker Rachel launches controlled packet injection attacks to simulate session hijacking attempts. The client ' s IT team wants a way to automatically detect such abnormal behaviors across the network in real time, instead of relying on manual analysis. They decide to deploy a monitoring system capable of flagging suspicious session activity based on predefined rules and traffic signatures.

Which detection method best fits the IT team ' s requirement?

Options:
A.

Check for predictable session tokens

B.

Perform manual packet analysis using sniffing tools

C.

Monitor for ACK storms

D.

Use an Intrusion Detection System (IDS)