Eccouncil 312-85 Exam Questions

Questions for the 312-85 were updated on : Jul 16 ,2024

Page 1 out of 4. Viewing questions 1-15 out of 49

Question 1

Daniel is a professional hacker whose aim is to attack a system to steal data and money for profit. He
performs hacking to obtain confidential data such as social security numbers, personally identifiable
information (PII) of an employee, and credit card information. After obtaining confidential data, he
further sells the information on the black market to make money.
Daniel comes under which of the following types of threat actor.

  • A. Industrial spies
  • B. State-sponsored hackers
  • C. Insider threat
  • D. Organized hackers
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery
locations in the rapidly changing network of compromised bots. In this particular technique, a single
domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

  • A. DNS zone transfer
  • B. Dynamic DNS
  • C. DNS interrogation
  • D. Fast-Flux DNS
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Kathy wants to ensure that she shares threat intelligence containing sensitive information with the
appropriate audience. Hence, she used traffic light protocol (TLP).
Which TLP color would you signify that information should be shared only within a particular
community?

  • A. Red
  • B. White
  • C. Green
  • D. Amber
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Moses, a threat intelligence analyst at InfoTec Inc., wants to find crucial information about the
potential threats the organization is facing by using advanced Google search operators. He wants to
identify whether any fake websites are hosted at the similar to the organizations URL.
Which of the following Google search queries should Moses use?

  • A. related: www.infothech.org
  • B. info: www.infothech.org
  • C. link: www.infothech.org
  • D. cache: www.infothech.org
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A team of threat intelligence analysts is performing threat analysis on malware, and each of them
has come up with their own theory and evidence to support their theory on a given malware.
Now, to identify the most consistent theory out of all the theories, which of the following analytic
processes must threat intelligence manager use?

  • A. Threat modelling
  • B. Application decomposition and analysis (ADA)
  • C. Analysis of competing hypotheses (ACH)
  • D. Automated technical analysis
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Miley, an analyst, wants to reduce the amount of collected data and make the storing and sharing
process easy. She uses filtering, tagging, and queuing technique to sort out the relevant and
structured data from the large amounts of unstructured data.
Which of the following techniques was employed by Miley?

  • A. Sandboxing
  • B. Normalization
  • C. Data visualization
  • D. Convenience sampling
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Bob, a threat analyst, works in an organization named TechTop. He was asked to collect intelligence
to fulfil the needs and requirements of the Red Tam present within the organization.
Which of the following are the needs of a RedTeam?

  • A. Intelligence related to increased attacks targeting a particular software or operating system vulnerability
  • B. Intelligence on latest vulnerabilities, threat actors, and their tactics, techniques, and procedures (TTPs)
  • C. Intelligence extracted latest attacks analysis on similar organizations, which includes details about latest threats and TTPs
  • D. Intelligence that reveals risks related to various strategic business decisions
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Michael, a threat analyst, works in an organization named TechTop, was asked to conduct a cyber-
threat intelligence analysis. After obtaining information regarding threats, he has started analyzing
the information and understanding the nature of the threats.
What stage of the cyber-threat intelligence is Michael currently in?

  • A. Unknown unknowns
  • B. Unknowns unknown
  • C. Known unknowns
  • D. Known knowns
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis.
While performing data collection process, he used a counterintelligence mechanism where a
recursive DNS server is employed to perform interserver DNS communication and when a request is
generated from any name server to the recursive DNS server, the recursive DNS servers log the
responses that are received. Then it replicates the logged data and stores the data in the central
database. Using these logs, he analyzed the malicious attempts that took place over DNS
infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data
collection?

  • A. Data collection through passive DNS monitoring
  • B. Data collection through DNS interrogation
  • C. Data collection through DNS zone transfer
  • D. Data collection through dynamic DNS (DDNS)
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

John, a professional hacker, is trying to perform APT attack on the target organization network. He
gains access to a single system of a target organization and tries to obtain administrative login
credentials to gain further access to the systems in the network using various techniques.
What phase of the advanced persistent threat lifecycle is John currently in?

  • A. Initial intrusion
  • B. Search and exfiltration
  • C. Expansion
  • D. Persistence
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Jim works as a security analyst in a large multinational company. Recently, a group of hackers
penetrated into their organizational network and used a data staging technique to collect sensitive
dat
a. They collected all sorts of sensitive data about the employees and customers, business tactics of
the organization, financial information, network infrastructure information and so on.
What should Jim do to detect the data staging before the hackers exfiltrate from the network?

  • A. Jim should identify the attack at an initial stage by checking the content of the user agent field.
  • B. Jim should analyze malicious DNS requests, DNS payload, unspecified domains, and destination of DNS requests.
  • C. Jim should monitor network traffic for malicious file transfers, file integrity monitoring, and event logs.
  • D. Jim should identify the web shell running in the network by analyzing server access, error logs, suspicious strings indicating encoding, user agent strings, and so on.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Andrews and Sons Corp. has decided to share threat information among sharing partners. Garry, a
threat analyst, working in Andrews and Sons Corp., has asked to follow a trust model necessary to
establish trust between sharing partners. In the trust model used by him, the first organization makes
use of a body of evidence in a second organization, and the level of trust between two organizations
depends on the degree and quality of evidence provided by the first organization.
Which of the following types of trust model is used by Garry to establish the trust?

  • A. Mediated trust
  • B. Mandated trust
  • C. Direct historical trust
  • D. Validated trust
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

A threat analyst obtains an intelligence related to a threat, where the data is sent in the form of a
connection request from a remote host to the server. From this data, he obtains only the IP address
of the source and destination but no contextual information. While processing this data, he obtains
contextual information stating that multiple connection requests from different geo-locations are
received by the server within a short time span, and as a result, the server is stressed and gradually
its performance has reduced. He further performed analysis on the information based on the past
and present experience and concludes the attack experienced by the client organization.
Which of the following attacks is performed on the client organization?

  • A. DHCP attacks
  • B. MAC spoofing attack
  • C. Distributed Denial-of-Service (DDoS) attack
  • D. Bandwidth attack
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Jame, a professional hacker, is trying to hack the confidential information of a target organization. He
identified the vulnerabilities in the target system and created a tailored deliverable malicious
payload using an exploit and a backdoor to send it to the victim.
Which of the following phases of cyber kill chain methodology is Jame executing?

  • A. Reconnaissance
  • B. Installation
  • C. Weaponization
  • D. Exploitation
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Steve works as an analyst in a UK-based firm. He was asked to perform network monitoring to find
any evidence of compromise. During the network monitoring, he came to know that there are
multiple logins from different locations in a short time span. Moreover, he also observed certain
irregular log in patterns from locations where the organization does not have business relations. This
resembles that somebody is trying to steal confidential information.
Which of the following key indicators of compromise does this scenario present?

  • A. Unusual outbound network traffic
  • B. Unexpected patching of systems
  • C. Unusual activity through privileged user account
  • D. Geographical anomalies
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2