Here you have the best ECCouncil 312-50v11 practice exam questions
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?
The described scenario indicates a Cross-Site Request Forgery (CSRF) attack. CSRF exploits authenticated sessions by tricking a user into making unauthorized requests. In this case, the user was logged into their online banking and clicked on a link that initiated a malicious request, resulting in unauthorized activity on their bank account. This type of attack leverages the user's active session with the trusted site to perform actions without the user's explicit consent.
Which service in a PKI will vouch for the identity of an individual or company?
In a Public Key Infrastructure (PKI), the Certification Authority (CA) is the service responsible for vouching for the identity of individuals, companies, or entities. The CA issues digital certificates that bind a public key to a specific identity, effectively verifying and vouching for its authenticity. This ensures the trustworthiness of the parties involved in digital communications and transactions.
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
The correct answer is Cross-Site Scripting (XSS). XSS attacks involve exploiting vulnerabilities in web applications to inject malicious client-side scripts into web pages that other users view. This allows attackers to execute code within the context of a victim's browser, potentially stealing information or performing actions on behalf of the victim without their consent.
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?
The encryption and decryption of the message take place at the Presentation layer of the OSI model. This layer is responsible for translating data between the application layer and the network format, which includes activities such as data encryption and decryption to ensure secure communication.
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
A possible source of the problem is that the Wireless Access Point (WAP) does not recognize the client's MAC address. MAC address filtering is a security feature used on many wireless networks to restrict access based on the MAC addresses of devices. If the WAP has MAC address filtering enabled and the client’s MAC address is not on the allowed list, the WAP will ignore the client’s association requests even though the client can see the network.