Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v12 All Questions

View all questions & answers for the 312-50v12 exam
Go to Exam

Exam 312-50v12 topic 1 question 211 discussion

Actual exam question from ECCouncil's 312-50v12
Question #: 211
Topic #: 1
[All 312-50v12 Questions]

As a certified ethical hacker, you are tasked with gaining information about an enterprise's internal network. You are permitted to test the network's security using enumeration techniques. You successfully obtain a list of usernames using email IDs and execute a DNS Zone Transfer. Which enumeration technique would be most effective for your next move given that you have identified open TCP ports 25 (SMTP) and 139 (NetBIOS Session Service)?

  • A. Perform a brute force attack on Microsoft Active Directory to extract valid usernames
  • B. Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system
  • C. Use SNMP to extract usernames given the community strings
  • D. Exploit the NFS protocol on TCP port 2049 to gain control over a remote system
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DarioReymag at Feb. 6, 2024, 10:38 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
przemyslaw1
Highly Voted 9 months, 1 week ago
Selected Answer: B
B. Exploit the NetBIOS SNMP uses UDP ports 161 and 162
upvoted 9 times
John07
7 months, 3 weeks ago
Exploit the NetBIOS Session Service on TCP port 139 to gain unauthorized access to the file system - it's not an enumeration techniques. Correct answer is C.
upvoted 1 times
...
qtygbapjpesdayazko
8 months, 1 week ago
Base on ports available is B NetBIOS
upvoted 1 times
...
...
noyon2002
Most Recent 3 months, 1 week ago
A Brute force active directory, it is the 3rd step in techniques for enumeration : CEH V12 Module 4 Page 403
upvoted 1 times
noyon2002
3 months, 1 week ago
My bad miss read the question, it is mentioned Port 25 SMTP, so it is C the , 6th step in enumeration CEH V12 Module 5 Page 403
upvoted 1 times
...
...
49f4430
6 months ago
Selected Answer: A
A Nothing about 161 and 162, B is a attack..that leave us with A :validate the usernames
upvoted 1 times
...
pranav10
6 months, 2 weeks ago
Selected Answer: C
CEHv12 page number 404
upvoted 1 times
...
jrbobson
6 months, 3 weeks ago
Selected Answer: C
Enumeration is the key - C
upvoted 1 times
...
Rafael_Fontana
7 months ago
Selected Answer: B
You already have usernames so.... Am I missing something?
upvoted 1 times
...
duke_of_kamulu
8 months, 1 week ago
GUYS AGAIN i repeat answers is C go to page 403,404 and check you will find its clear the steps they are six
upvoted 2 times
...
Spam_Protection
8 months, 2 weeks ago
Selected Answer: A
You need to validate your usernames. You can do this brute forcing Active Directory. Module 4: Techniques for Enumeration section - ▪ Brute force Active Directory Microsoft Active Directory is susceptible to username enumeration at the time of user-supplied input verification. This is a design error in the Microsoft Active Directory implementation. If a user enables the “logon hours” feature, then all the attempts at service authentication result in different error messages. Attackers take advantage of this to enumerate valid usernames. An attacker who succeeds in extracting valid usernames can conduct a brute-force attack to crack the respective passwords.
upvoted 1 times
...
sosindi
9 months ago
A, We already extracted emails usernames- "successfully obtained a list of usernames using email IDs and execute a DNS Zone Transfer" the next would be A now to exploit netbios.
upvoted 2 times
...
duke_of_kamulu
9 months ago
according to CEHv12 they follow systematic flow shown clearly on the table pg 403 1-6 so C get Techniques for Enumeration step six last step is Extract usernames using SNMP
upvoted 1 times
...
JustAName
9 months, 1 week ago
Selected Answer: C
I'd choose C because exploitation and brute force attacks are typically considered post-enumeration activities and consider too invasive to be "enumeration" activity
upvoted 1 times
...
insaniunt
9 months, 2 weeks ago
Selected Answer: C
just pay attention, the question asking for "Which enumeration technique", not about perform attack or exploit something
upvoted 3 times
sosindi
9 months ago
We already extracted emails usernames- "successfully obtained a list of usernames using email IDs and execute a DNS Zone Transfer" the next would be A now to exploit netbios.
upvoted 1 times
...
...
cloudgangster
9 months, 2 weeks ago
Selected Answer: C
c, check ceh v12 pg 403
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel