[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 312-50 Dumps with VCE and PDF 311-320

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 311 – (Topic 9)

What is the most common vehicle for social engineering attacks?

  1. Phone

  2. Email

  3. In person

  4. P2P Networks

Answer: A

Explanation: Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone.

Question No: 312 – (Topic 9)

Study the following e-mail message. When the link in the message is clicked, it will take you to an address like: http://hacker.xsecurity.com/in.htm. Note that hacker.xsecurity.com is not an official SuperShopper site!

What attack is depicted in the below e-mail?

Dear SuperShopper valued member,

Due to concerns, for the safety and integrity of the SuperShopper community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports.

If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result to your account cancellation. This notification expires within 24 hours.

Once you have updated your account records your SuperShopper will not be interrupted and will continue as normal.

Please follow the link below and renew your account information. https://www.supershopper.com/cgi-bin/webscr?cmd=update-run SuperShopper Technical Support http://www.supershopper.com

  1. Phishing attack

  2. E-mail spoofing

  3. social engineering

  4. Man in the middle attack

Answer: A

Explanation: Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.

Question No: 313 – (Topic 9)

Which type of hacker represents the highest risk to your network?

  1. script kiddies

  2. grey hat hackers

  3. black hat hackers

  4. disgruntled employees

Answer: D

Explanation: The disgruntled users have some permission on your database, versus a hacker who might not get into the database. Global Crossings is a good example of how a disgruntled employee – who took the internal payroll database home on a hard drive – caused big problems for the telecommunications company. The employee posted the names, Social Security numbers and birthdates of company employees on his Web site.

He may have been one of the factors that helped put them out of business.

Question No: 314 – (Topic 9)

Jack Hacker wants to break into Brown Co.#39;s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password #39;just to double check our records#39;. Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.#39;s computers, to find the cookie recipe. This is an example of what kind of attack?

  1. Reverse Psychology

  2. Social Engineering

  3. Reverse Engineering

  4. Spoofing Identity

  5. Faking Identity

Answer: B

Explanation: This is a typical case of pretexting. Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone.

Question No: 315 – (Topic 9)

What is the most common vehicle for social engineering attacks?

  1. Email

  2. Direct in person

  3. Local Area Networks

  4. Peer to Peer Networks

Answer: B

Explanation: All social engineering techniques are based on flaws in human logic known as cognitive biases.

Question No: 316 – (Topic 9)

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

  1. issue special cards to access secured doors at the company and provide a one-time only brief description of use of the special card

  2. to post a sign that states “no tailgating” next to the special card reader adjacent to the secured door

  3. setup a mock video camera next to the special card reader adjacent to the secured door

  4. to educate all of the employees of the company on best security practices on a recurring basis

Answer: D

Explanation: Tailgating will not work in small company’s where everyone knows everyone, and neither will it work in very large companies where everyone is required to swipe a card to pass, but it’s a very simple and effective social engineering attack against mid-sized

companies where it’s common for one employee not to know everyone. There is two ways of stop this attack either by buying expensive perimeter defense in form of gates that only let on employee pass at every swipe of a card or by educating every employee on a recurring basis.

Question No: 317 – (Topic 9)

A majority of attacks come from insiders, people who have direct access to a company#39;s computer system as part of their job function or a business relationship. Who is considered an insider?

  1. The CEO of the company because he has access to all of the computer systems

  2. A government agency since they know the company computer system strengths and weaknesses

  3. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants

  4. A competitor to the company because they can directly benefit from the publicity generated by making such an attack

Answer: C

Explanation: An insider is anyone who already has an foot inside one way or another.

Question No: 318 – (Topic 9)

What are the six types of social engineering?(Choose six).

  1. Spoofing

  2. Reciprocation

  3. Social Validation

  4. Commitment

  5. Friendship

  6. Scarcity

  7. Authority

  8. Accountability

Answer: B,C,D,E,F,G

Explanation: All social engineering is performed by taking advantage of human nature. For in-depth information on the subject review, read Robert Cialdini#39;s book, Influence: Science and Practice.

Question No: 319 – (Topic 9)

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason#39;s behavior within a security context?

  1. Trailing

  2. Tailgating

  3. Swipe Gating

  4. Smooth Talking

Answer: B

Explanation: Tailgating, in which an unauthorized person follows someone with a pass into an office, is a very simple social engineering attack. The intruder opens the door, which the authorized user walks through, and then engages them in conversation about the weather or weekend sport while they walk past the reception area together.

Question No: 320 – (Topic 9)

Sabotage, Advertising and Covering are the three stages of

  1. Social engineering

  2. Reverse Social Engineering

  3. Reverse Software Engineering

  4. Rapid Development Engineering

Answer: B

Explanation: Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No