Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70track

Free ECCouncil 312-50v13 Practice Exam with Questions & Answers | Set: 4

Questions 46

You detect the presence of a kernel-level rootkit embedded deeply within an operating system. Given the critical nature of the infection, which remediation strategy should be followed to effectively remove the rootkit while minimizing long-term risk?

Options:
A.

Use specialized rootkit detection tools followed by tailored removal procedures

B.

Deploy high-interaction honeypots to observe attacker behavior

C.

Perform a complete system format and reinstall the operating system from a trusted source

D.

Immediately power down the system and disconnect it from the network

ECCouncil 312-50v13 Premium Access
Questions 47

During a penetration test at Triangle FinTech in Raleigh, North Carolina, ethical hacker Ethan attempts to bypass the company ' s perimeter firewall. Instead of sending obvious malicious payloads, he encapsulates his traffic inside standard web requests on port 80, blending in with normal browsing activity. This method allows his packets to slip past perimeter defenses that are not performing deep application inspection.

Which firewall evasion technique is Ethan most likely using?

Options:
A.

HTTP Tunneling

B.

Source Routing

C.

Tiny Fragments

D.

DNS Tunneling

Questions 48

A Java app uses outdated libraries with known CVEs. What risk does this create?

Options:
A.

CSRF

B.

DoS

C.

Supply chain risk

D.

XSS

Questions 49

A large chemical plant uses operational technology (OT) networks to control its industrial processes. Recently, abnormal behavior is observed from PLCs, suggesting a stealthy compromise via malicious firmware. Which action should the team take FIRST to verify and neutralize the issue?

Options:
A.

Immediately isolate suspicious devices

B.

Perform detailed inspections of device software for unauthorized modifications

C.

Implement enhanced IDS rules

D.

Restrict remote administrative access

Questions 50

A payroll management portal used by a manufacturing firm in Toledo, Ohio allows administrators to configure customizable notification templates that are later incorporated into automated reporting functions. During an authorized assessment, an ethical hacker submits specially structured input into a template field while creating a test notification.

The application accepts and stores the value without any noticeable disruption to the interface. Days later, when a scheduled reporting task executes, the resulting dataset includes records beyond the expected scope defined by the report criteria.

Further review reveals that the reporting engine dynamically constructs database queries using previously stored template values during execution.

Determine the SQL injection variant illustrated in this scenario.

Options:
A.

Stored Procedure Injection

B.

Second-Order SQL Injection

C.

Error-Based SQL Injection

D.

Piggybacked Query Injection

Questions 51

Which attack abuses scheduled tasks?

Options:
A.

Reconnaissance

B.

Persistence

C.

Sniffing

D.

DoS

Questions 52

Which method of password cracking takes the most time and effort?

Options:
A.

Dictionary attack

B.

Rainbow tables

C.

Shoulder surfing

D.

Brute force

Questions 53

During an internal penetration test within a large corporate environment, the red team gains access to an unrestricted network port in a public-facing meeting room. The tester deploys an automated tool that sends thousands of DHCPDISCOVER requests using randomized spoofed MAC addresses. The DHCP server’s lease pool becomes fully depleted, preventing legitimate users from obtaining IP addresses. What type of attack did the penetration tester perform?

Options:
A.

DHCP starvation

B.

Rogue DHCP relay injection

C.

DNS cache poisoning

D.

ARP spoofing

Questions 54

During a cryptographic audit of a legacy system, a security analyst observes that an outdated block cipher is leaking key-related information when analyzing large sets of plaintext–ciphertext pairs. What approach might an attacker exploit here?

Options:
A.

Launch a key replay through IV duplication

B.

Use linear approximations to infer secret bits

C.

Modify the padding to obtain plaintext

D.

Attack the hash algorithm for collisions

Questions 55

A system allows execution from /tmp directory. What risk exists?

Options:
A.

Malware execution

B.

SQLi

C.

XSS

D.

DoS

Questions 56

Bob, a seasoned security analyst at XYZ Aerospace, was investigating a series of misaligned transaction timestamps coming from one of the data archival systems. Suspecting that the server might be syncing with an unstable time source, Bob decided to extract a detailed list of all peer servers associated with the target machine, including metrics such as delay, offset, and jitter, to determine whether the issue stemmed from time synchronization drift.

Which of the following commands should Bob use to retrieve this information?

Options:
A.

ntptrace [-n] [-m maxhosts] [servername/IP_address]

B.

ntpq -p [host]

C.

ntpdc [-n] [-s] [-c command] [host] [...]

D.

ntpq [-n] [-l] [-c command] [host] [...]

Questions 57

During a covert red team engagement, a penetration tester is tasked with identifying live hosts in a target organization’s internal subnet (10.0.0.0/24) without triggering intrusion detection systems (IDS). To remain undetected, the tester opts to use the command nmap -sn -PE 10.0.0.0/24, which results in several " Host is up " responses, even though the organization’s IDS is tuned to detect high-volume scans. After the engagement, the client reviews the logs and is surprised that the scan was not flagged. What allowed the scan to complete without triggering alerts?

Options:
A.

It used TCP ACK packets that were allowed through.

B.

It used UDP packets that bypassed ICMP inspection.

C.

It scanned only the ports open in the firewall whitelist.

D.

It performed an ICMP Echo ping sweep without port probing.

Questions 58

During an internal red team engagement, an operator discovers that TCP port 389 is open on a target system identified as a domain controller. To assess the extent of LDAP exposure, the operator runs the command ldapsearch -h < Target IP > -x -s base namingcontexts and receives a response revealing the base distinguished name (DN): DC=internal,DC=corp. This naming context indicates the root of the LDAP directory structure. With this discovery, the operator plans the next step to continue LDAP enumeration and expand visibility into users and objects in the domain. What is the most logical next action?

Options:
A.

Launch a brute-force attack against user passwords via SMB

B.

Conduct an ARP scan on the local subnet

C.

Attempt an RDP login to the domain controller

D.

Use the base DN in a filter to enumerate directory objects

Questions 59

A penetration tester is assessing a company’s vulnerability to advanced social engineering attacks targeting its legal department. Using detailed knowledge of mergers and legal proceedings, the tester crafts a highly credible pretext to deceive legal employees into sharing confidential case documents. What is the most effective technique?

Options:
A.

Send a spear-phishing email referencing specific merger details and requesting document access

B.

Create a fake LinkedIn profile to connect with legal employees and request document sharing

C.

Visit the office in person posing as a new legal intern to request document access

D.

Conduct a mass phishing campaign with generic legal templates attached

Questions 60

During a quarterly security audit at a multinational logistics firm, network security manager Priya initiates a scheduled vulnerability assessment across the organization’s hybrid infrastructure. Her team begins by identifying all active IT assets and assigning them risk scores based on business criticality. The following week, they deploy scanning tools to detect security weaknesses, validate the findings manually, and classify vulnerabilities based on severity and exploitability. After coordinating with the IT operations team, they develop a structured timeline to address the confirmed vulnerabilities, giving priority to high-risk findings affecting mission-critical systems. Finally, after the vulnerabilities are addressed, Priya ensures the affected systems are rescanned to confirm resolution and generates a compliance report for executive review.

Based on this workflow, which phase of the Vulnerability-Management Life Cycle is Priya executing?

Options:
A.

Remediation

B.

Vulnerability Analysis

C.

Verification

D.

Risk Assessment