DUMPS
BASE
EXAM DUMPS
EC-COUNCIL
212-82
28% OFF Automatically For You
Certified Cybersecurity Technician(C|CT)
,1.Thomas, an employee of an organization, is restricted from accessing specific
websites from his office system. He is trying to obtain admin credentials to remove the
restrictions. While waiting for an opportunity, he sniffed communication between the
administrator and an application server to retrieve the admin credentials. Identify the
type of attack performed by Thomas in the above scenario.
A. Vishing
B. Eavesdropping
C. Phishing
D. Dumpster diving
Answer: B
Explanation:
The correct answer is B, as it identifies the type of attack performed by Thomas in the
above scenario. Eavesdropping is a type of attack that involves intercepting and
m
xa
listening to the communication between two parties without their knowledge or
E
r
consent. Thomas performed eavesdropping by sniffing communication between the
ou
Y
administrator and an application server to retrieve the admin credentials.
s
as
-P
Option A is incorrect, as it does not identify the type of attack performed by Thomas in
s
er
the above scenario. Vishing is a type of attack that involves using voice calls to trick
w
ns
people into revealing sensitive information or performing malicious actions. Thomas
A
d
an
did not use voice calls but sniffed network traffic.
ns
Option C is incorrect, as it does not identify the type of attack performed by Thomas in
io
st
the above scenario. Phishing is a type of attack that involves sending fraudulent
ue
lQ
emails or messages that appear to be from legitimate sources to lure people into
ea
R
revealing sensitive information or performing malicious actions. Thomas did not send
h
it
w
any emails or messages but sniffed network traffic.
2)
.0
Option D is incorrect, as it does not identify the type of attack performed by Thomas in
11
(V
the above scenario. Dumpster diving is a type of attack that involves searching
ps
um
through trash or discarded items to find valuable information or resources. Thomas
D
did not search through trash or discarded items but sniffed network traffic.
82
2-
Reference: Section 2.2
21
il
nc
ou
-C
C
2.Kayden successfully cracked the final round of interviews at an organization. After a
E
few days, he received his offer letter through an official company email address. The
email stated that the selected candidate should respond within a specified time.
Kayden accepted the opportunity and provided an e-signature on the offer letter, then
replied to the same email address. The company validated the e-signature and added
his details to their database. Here, Kayden could not deny the company's message,
and the company could not deny Kayden's signature.
Which of the following information security elements was described in the above
scenario?
A. Availability
B. Non-repudiation
,C. Integrity
D. Confidentiality
Answer: B
Explanation:
The correct answer is B, as it describes the information security element that was
described in the above scenario. Non-repudiation is an information security element
that ensures that a party cannot deny sending or receiving a message or performing
an action. In the above scenario, non-repudiation was described, as Kayden could not
deny company’s message, and company could not deny Kayden’s signature.
Option A is incorrect, as it does not describe the information security element that was
described in the above scenario. Availability is an information security element that
ensures that authorized users can access and use information and resources when
needed. In the above scenario, availability was not described, as there was no
m
xa
mention of access or use of information and resources.
E
r
Option C is incorrect, as it does not describe the information security element that
ou
Y
was described in the above scenario. Integrity is an information security element that
s
as
-P
ensures that information and resources are accurate and complete and have not been
s
er
modified by unauthorized parties. In the above scenario, integrity was not described,
w
ns
as there was no mention of accuracy or completeness of information and resources.
A
d
an
Option D is incorrect, as it does not describe the information security element that
ns
was described in the above scenario. Confidentiality is an information security
io
st
element that ensures that information and resources are protected from unauthorized
ue
lQ
access and disclosure. In the above scenario, confidentiality was not described, as
ea
R
there was no mention of protection or disclosure of information and resources.
h
it
w
Reference: , Section 3.1
2)
.0
11
(V
ps
um
3.Sam, a software engineer, visited an organization to give a demonstration on a
D
software tool that helps in business development. The administrator at the
82
2-
organization created a least privileged account on a system and allocated that system
21
il
to Sam for the demonstration. Using this account, Sam can only access the files that
nc
ou
are required for the demonstration and cannot open any other file in the system.
-C
C
Which of the following types of accounts the organization has given to Sam in the
E
above scenario?
A. Service account
B. Guest account
C. User account
D. Administrator account
Answer: B
Explanation:
The correct answer is B, as it identifies the type of account that the organization has
given to Sam in the above scenario. A guest account is a type of account that allows
temporary or limited access to a system or network for visitors or users who do not
, belong to the organization. A guest account typically has minimal privileges and
permissions and can only access certain files or applications. In the above scenario,
the organization has given Sam a guest account for the demonstration. Using this
account, Sam can only access the files that are required for the demonstration and
cannot open any other file in the system.
Option A is incorrect, as it does not identify the type of account that the organization
has given to Sam in the above scenario. A service account is a type of account that
allows applications or services to run on a system or network under a specific identity.
A service account typically has high privileges and permissions and can access
various files or applications. In the above scenario, the organization has not given
Sam a service account for the demonstration.
Option C is incorrect, as it does not identify the type of account that the organization
has given to Sam in the above scenario. A user account is a type of account that
m
xa
allows regular access to a system or network for employees or members of an
E
r
organization. A user account typically has moderate privileges and permissions and
ou
Y
can access various files or applications depending on their role. In the above
s
as
-P
scenario, the organization has not given Sam a user account for the demonstration.
s
er
Option D is incorrect, as it does not identify the type of account that the organization
w
ns
has given to Sam in the above scenario. An administrator account is a type of account
A
d
an
that allows full access to a system or network for administrators or managers of an
ns
organization. An administrator account typically has the highest privileges and
io
st
permissions and can access and modify any files or applications. In the above
ue
lQ
scenario, the organization has not given Sam an administrator account for the
ea
R
demonstration.
h
it
w
Reference: , Section 4.1
2)
.0
11
(V
ps
um
4.Myles, a security professional at an organization, provided laptops for all the
D
employees to carry out the business processes from remote locations. While installing
82
2-
necessary applications required for the business, Myles has also installed antivirus
21
il
software on each laptop following the company's policy to detect and protect the
nc
ou
machines from external malicious events over the Internet. Identify the PCI-DSS
-C
C
requirement followed by Myles in the above scenario.
E
A. PCI-DSS requirement no 1.3.2
B. PCI-DSS requirement no 1.3.5
C. PCI-DSS requirement no 5.1
D. PCI-DSS requirement no 1.3.1
Answer: C
Explanation:
The correct answer is C, as it identifies the PCI-DSS requirement followed by Myles in
the above scenario. PCI-DSS is a set of standards that aims to protect cardholder
data and ensure secure payment transactions. PCI-DSS has 12 requirements that
cover various aspects of security such as network configuration, data encryption,
BASE
EXAM DUMPS
EC-COUNCIL
212-82
28% OFF Automatically For You
Certified Cybersecurity Technician(C|CT)
,1.Thomas, an employee of an organization, is restricted from accessing specific
websites from his office system. He is trying to obtain admin credentials to remove the
restrictions. While waiting for an opportunity, he sniffed communication between the
administrator and an application server to retrieve the admin credentials. Identify the
type of attack performed by Thomas in the above scenario.
A. Vishing
B. Eavesdropping
C. Phishing
D. Dumpster diving
Answer: B
Explanation:
The correct answer is B, as it identifies the type of attack performed by Thomas in the
above scenario. Eavesdropping is a type of attack that involves intercepting and
m
xa
listening to the communication between two parties without their knowledge or
E
r
consent. Thomas performed eavesdropping by sniffing communication between the
ou
Y
administrator and an application server to retrieve the admin credentials.
s
as
-P
Option A is incorrect, as it does not identify the type of attack performed by Thomas in
s
er
the above scenario. Vishing is a type of attack that involves using voice calls to trick
w
ns
people into revealing sensitive information or performing malicious actions. Thomas
A
d
an
did not use voice calls but sniffed network traffic.
ns
Option C is incorrect, as it does not identify the type of attack performed by Thomas in
io
st
the above scenario. Phishing is a type of attack that involves sending fraudulent
ue
lQ
emails or messages that appear to be from legitimate sources to lure people into
ea
R
revealing sensitive information or performing malicious actions. Thomas did not send
h
it
w
any emails or messages but sniffed network traffic.
2)
.0
Option D is incorrect, as it does not identify the type of attack performed by Thomas in
11
(V
the above scenario. Dumpster diving is a type of attack that involves searching
ps
um
through trash or discarded items to find valuable information or resources. Thomas
D
did not search through trash or discarded items but sniffed network traffic.
82
2-
Reference: Section 2.2
21
il
nc
ou
-C
C
2.Kayden successfully cracked the final round of interviews at an organization. After a
E
few days, he received his offer letter through an official company email address. The
email stated that the selected candidate should respond within a specified time.
Kayden accepted the opportunity and provided an e-signature on the offer letter, then
replied to the same email address. The company validated the e-signature and added
his details to their database. Here, Kayden could not deny the company's message,
and the company could not deny Kayden's signature.
Which of the following information security elements was described in the above
scenario?
A. Availability
B. Non-repudiation
,C. Integrity
D. Confidentiality
Answer: B
Explanation:
The correct answer is B, as it describes the information security element that was
described in the above scenario. Non-repudiation is an information security element
that ensures that a party cannot deny sending or receiving a message or performing
an action. In the above scenario, non-repudiation was described, as Kayden could not
deny company’s message, and company could not deny Kayden’s signature.
Option A is incorrect, as it does not describe the information security element that was
described in the above scenario. Availability is an information security element that
ensures that authorized users can access and use information and resources when
needed. In the above scenario, availability was not described, as there was no
m
xa
mention of access or use of information and resources.
E
r
Option C is incorrect, as it does not describe the information security element that
ou
Y
was described in the above scenario. Integrity is an information security element that
s
as
-P
ensures that information and resources are accurate and complete and have not been
s
er
modified by unauthorized parties. In the above scenario, integrity was not described,
w
ns
as there was no mention of accuracy or completeness of information and resources.
A
d
an
Option D is incorrect, as it does not describe the information security element that
ns
was described in the above scenario. Confidentiality is an information security
io
st
element that ensures that information and resources are protected from unauthorized
ue
lQ
access and disclosure. In the above scenario, confidentiality was not described, as
ea
R
there was no mention of protection or disclosure of information and resources.
h
it
w
Reference: , Section 3.1
2)
.0
11
(V
ps
um
3.Sam, a software engineer, visited an organization to give a demonstration on a
D
software tool that helps in business development. The administrator at the
82
2-
organization created a least privileged account on a system and allocated that system
21
il
to Sam for the demonstration. Using this account, Sam can only access the files that
nc
ou
are required for the demonstration and cannot open any other file in the system.
-C
C
Which of the following types of accounts the organization has given to Sam in the
E
above scenario?
A. Service account
B. Guest account
C. User account
D. Administrator account
Answer: B
Explanation:
The correct answer is B, as it identifies the type of account that the organization has
given to Sam in the above scenario. A guest account is a type of account that allows
temporary or limited access to a system or network for visitors or users who do not
, belong to the organization. A guest account typically has minimal privileges and
permissions and can only access certain files or applications. In the above scenario,
the organization has given Sam a guest account for the demonstration. Using this
account, Sam can only access the files that are required for the demonstration and
cannot open any other file in the system.
Option A is incorrect, as it does not identify the type of account that the organization
has given to Sam in the above scenario. A service account is a type of account that
allows applications or services to run on a system or network under a specific identity.
A service account typically has high privileges and permissions and can access
various files or applications. In the above scenario, the organization has not given
Sam a service account for the demonstration.
Option C is incorrect, as it does not identify the type of account that the organization
has given to Sam in the above scenario. A user account is a type of account that
m
xa
allows regular access to a system or network for employees or members of an
E
r
organization. A user account typically has moderate privileges and permissions and
ou
Y
can access various files or applications depending on their role. In the above
s
as
-P
scenario, the organization has not given Sam a user account for the demonstration.
s
er
Option D is incorrect, as it does not identify the type of account that the organization
w
ns
has given to Sam in the above scenario. An administrator account is a type of account
A
d
an
that allows full access to a system or network for administrators or managers of an
ns
organization. An administrator account typically has the highest privileges and
io
st
permissions and can access and modify any files or applications. In the above
ue
lQ
scenario, the organization has not given Sam an administrator account for the
ea
R
demonstration.
h
it
w
Reference: , Section 4.1
2)
.0
11
(V
ps
um
4.Myles, a security professional at an organization, provided laptops for all the
D
employees to carry out the business processes from remote locations. While installing
82
2-
necessary applications required for the business, Myles has also installed antivirus
21
il
software on each laptop following the company's policy to detect and protect the
nc
ou
machines from external malicious events over the Internet. Identify the PCI-DSS
-C
C
requirement followed by Myles in the above scenario.
E
A. PCI-DSS requirement no 1.3.2
B. PCI-DSS requirement no 1.3.5
C. PCI-DSS requirement no 5.1
D. PCI-DSS requirement no 1.3.1
Answer: C
Explanation:
The correct answer is C, as it identifies the PCI-DSS requirement followed by Myles in
the above scenario. PCI-DSS is a set of standards that aims to protect cardholder
data and ensure secure payment transactions. PCI-DSS has 12 requirements that
cover various aspects of security such as network configuration, data encryption,
