Here you have the best EC-Council 212-82 practice exam questions
Thomas, an employee of an organization, is restricted to access specific websites from his office system. He is trying to obtain admin credentials to remove the restrictions. While waiting for an opportunity, he sniffed communication between the administrator and an application server to retrieve the admin credentials. Identify the type of attack performed by Thomas in the above scenario.
The type of attack Thomas performed is eavesdropping. Eavesdropping involves intercepting and listening to communication or data transmission between parties without their consent. In this scenario, Thomas is sniffing communication between the administrator and an application server to retrieve admin credentials, which fits the definition of eavesdropping as it involves unauthorized interception of data.
Kayden successfully cracked the final round of interview at an organization. After few days, he received his offer letter through an official company email address. The email stated that the selected candidate should respond within a specified time. Kayden accepted the opportunity and provided e-signature on the offer letter, then replied to the same email address. The company validated the e-signature and added his details to their database. Here, Kayden could not deny company's message, and company could not deny Kayden's signature.
Which of the following information security elements was described in the above scenario?
Non-repudiation is the assurance that someone cannot deny the validity of something. In this scenario, Kayden cannot deny that he accepted and signed the offer letter, and the company cannot deny that they sent the offer and received his acceptance. This matches the core concept of non-repudiation, which prevents either party from refuting their involvement.
Sam, a software engineer, visited an organization to give a demonstration on a software tool that helps in business development. The administrator at the organization created a least privileged account on a system and allocated that system to Sam for the demonstration. Using this account, Sam can only access the files that are required for the demonstration and cannot open any other file in the system.
Which of the following type of accounts the organization has given to Sam in the above scenario?
The organization has given Sam a guest account. Guest accounts are designed to be least privileged, allowing temporary access to system resources without giving permission to modify system files, directories, or settings. This matches the scenario where Sam can only access files required for the demonstration and nothing else.
Myles, a security professional at an organization, provided laptops for all the employees to carry out the business processes from remote locations. While installing necessary applications required for the business, Myles has also installed antivirus software on each laptop following the company's policy to detect and protect the machines from external malicious events over the Internet.
Identify the PCI-DSS requirement followed by Myles in the above scenario.
The action described involves installing antivirus software on laptops to protect against malicious events, which aligns with PCI-DSS requirement no 5.1. This requirement specifically addresses the deployment of anti-virus software on systems commonly affected by malicious software, such as personal computers and servers.
Ashton is working as a security specialist in SoftEight Tech. He was instructed by the management to strengthen the Internet access policy. For this purpose, he implemented a type of Internet access policy that forbids everything and imposes strict restrictions on all company computers, whether it is system or network usage.
Identify the type of Internet access policy implemented by Ashton in the above scenario.
Ashton implemented a paranoid policy. This type of policy forbids everything and imposes strict restrictions on all company computers, including both system and network usage. The paranoid policy is known for its highest level of security and restriction, often resulting in either no Internet connection or extremely limited usage.