Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free ECCouncil 312-50v13 Practice Exam with Questions & Answers | Set: 14

Questions 196

During a targeted intrusion against a cloud infrastructure company in Salt Lake City, Utah, an attacker distributes a modified installation package of a legitimate network diagnostic utility widely used by employees. Before distributing the package, the attacker binds a malicious remote-access payload with the original executable so that both components are installed together.

When users launch the diagnostic tool, it performs its normal troubleshooting functions, while the hidden payload simultaneously executes in the background and establishes communication with a remote command server.

From a malware deployment perspective, what technique best describes this approach?

Options:
A.

Wrapper

B.

Downloader

C.

Packer

D.

Dropper

ECCouncil 312-50v13 Premium Access
Questions 197

As part of an authorized security assessment at a maritime logistics firm in Charleston, South Carolina, an ethical hacker evaluated the organization’s resilience to coordinated endpoint compromise.

Employees received a carefully crafted email attachment disguised as a routine operational update. After execution on several systems, monitoring tools later revealed that the infected machines periodically contacted an external host controlled by the tester.

Over time, the compromised systems began receiving commands from a centralized control server and simultaneously generated coordinated network traffic toward designated targets when instructed, without any direct user interaction.

From a malware classification standpoint, what component is being simulated in this scenario?

Options:
A.

Spyware

B.

Scareware

C.

Potentially Unwanted Applications (PUAs)

D.

Botnet Agents

Questions 198

At a Miami-based cryptocurrency exchange, investigator Jake uncovers that attackers exploited exposed API keys to issue unauthorized cloud commands, leading to resource abuse and lateral movement inside the cloud environment. Which cloud hacking technique is most directly demonstrated in this incident?

Options:
A.

Cryptojacking

B.

Enumerating S3 buckets

C.

Wrapping attack

D.

Compromising secrets

Questions 199

During a quarterly security audit at a financial services company in Charlotte, North Carolina, you are tasked with reviewing exposed services on legacy servers inherited from a third-party vendor. While scanning, you discover that TCP port 1434 is open on a database node that is not listed in the company ' s active inventory. The IT team has no records explaining why this service is running, and you are asked to determine whether the exposure of this port could indicate an unnecessary database-related risk. Based on standardized port assignments, which service is most likely running on this port and requires further review?

Options:
A.

ms-sql-m

B.

sqlsrv

C.

sql*net

D.

ms-sql-s

Questions 200

You are Alex, a forensic responder at HarborHealth in Seattle, Washington. During a live incident response you must secure an enterprise Windows server ' s system partition and attached data volumes without rebooting user machines or disrupting domain authentication. The IT team prefers a solution that integrates with Windows platform features (including hardware-backed startup protection and centralized key escrow via Active Directory/management policies) and provides transparent full-disk protection for the OS volume. Which disk-encryption solution should you deploy?

Options:
A.

FileVault

B.

BitLocker Drive Encryption

C.

VeraCrypt

D.

Rohos Disk Encryption

Questions 201

A multinational corporation recently survived a severe Distributed Denial-of-Service (DDoS) attack and has implemented enhanced security measures. During an audit, you discover that the organization uses both hardware- and cloud-based solutions to distribute incoming traffic in order to absorb and mitigate DDoS attacks while ensuring legitimate traffic remains available. What type of DDoS mitigation strategy is the company utilizing?

Options:
A.

Black Hole Routing

B.

Load Balancing

C.

Rate Limiting

D.

Sinkholing

Questions 202

A regional investment firm in Denver, Colorado, recently migrated to a fully switched Ethernet infrastructure. During an authorized security evaluation, a consultant connected a test device to an access-layer switch and initiated a scripted network interaction.

Within minutes, administrators observed irregular switching behavior. Frames that were normally delivered directly between specific workstations began appearing across multiple switch ports. Users reported brief connectivity instability, but no configuration changes were made to the switch. After the activity subsided, forwarding operations gradually stabilized.

Based on the observed behavior, which sniffing technique was most likely performed?

Options:
A.

Switch Port Stealing

B.

ARP Poisoning

C.

MAC Flooding

D.

DNS Poisoning

Questions 203

Which method best bypasses client-side controls without triggering server-side alarms?

Options:
A.

Disable JavaScript in the browser

B.

Intercept and modify requests using a proxy tool

C.

Inject malicious JavaScript into the login form

D.

Reverse-engineer the encryption algorithm

Questions 204

Who are “script kiddies” in the context of ethical hacking?

Options:
A.

Highly skilled hackers who write custom scripts

B.

Novices who use scripts developed by others

C.

Ethical hackers using scripts for penetration testing

D.

Hackers specializing in scripting languages

Questions 205

You are Riley, an incident responder at NovaEx Crypto in San Antonio, Texas, tasked with investigating a recent double-spend reported by a retail merchant that accepts the exchange ' s token. Your telemetry shows that a reseller node used by the merchant received blocks only from a small, fixed set of peers for several hours and accepted a conflicting history that later allowed the attacker to reverse a confirmed payment. The attacker appears to have controlled which peers that node communicated with and supplied it a private chain until they were ready to reveal it. Which blockchain attack does this behavior most closely describe?

Options:
A.

Finney Attack

B.

DeFi Sandwich Attack

C.

51% Attack

D.

Eclipse Attack

Questions 206

During a red team engagement at a healthcare organization in Chicago, ethical hacker Devon intercepts Kerberos authentication material from a compromised workstation. Instead of cracking the data, he reuses the stolen tickets to authenticate directly to other systems within the domain. This allows him to access shared resources and servers without needing the users ' plaintext credentials. No NTLM hashes or broadcast poisoning were involved.

Which attack technique did Devon most likely perform?

Options:
A.

LLMNR/NBT-NS Poisoning

B.

Pass-the-Ticket Attack

C.

Kerberoasting

D.

Pass-the-Hash

Questions 207

A Nessus scan reports a CVSS 9.0 SSH vulnerability allowing remote code execution. What should be immediately prioritized?

Options:
A.

Apply the vendor patch and reboot during maintenance

B.

Dismiss it as a false positive if unverified

C.

Reroute SSH traffic to another server

D.

Isolate the server, audit it, and apply patches

Questions 208

You perform a FIN scan and observe that many ports do not respond to FIN packets. How should these results be interpreted?

Options:
A.

Conclude the ports are closed

B.

Escalate as an active breach

C.

Attribute it to network congestion

D.

Suspect firewall filtering and investigate further

Questions 209

During a penetration test at Horizon Tech in Austin, ethical hacker Michael sets up a man-in-the-middle attack to intercept traffic between employees and the company ' s internal web applications. He uses a lightweight tool capable of performing ARP spoofing, DNS manipulation, and packet injection while providing an interactive interface for real-time monitoring. This allows him to capture and manipulate session tokens in transit, which he later presents to the security team as proof of risk.

Which tool is Michael most likely using in this exercise?

Options:
A.

Wireshark

B.

Hetty

C.

Caido

D.

Bettercap

Questions 210

A compromised endpoint communicates with C2 using DNS queries. What system-level indicator exists?

Options:
A.

DNS anomalies

B.

Memory leaks

C.

CPU spikes

D.

Disk usage