212-82 Online Practice Questions

Home / EC-Council / 212-82

Latest 212-82 Exam Practice Questions

The practice questions for 212-82 exam was last updated on 2025-09-15 .

Viewing page 1 out of 11 pages.

Viewing questions 1 out of 57 questions.

Question#1

Brielle. a security professional, was instructed to secure her organization's network from malicious activities. To achieve this, she started monitoring network activities on a control system that collected event data from various sources. During this process. Brielle observed that a malicious actor had logged in to access a network device connected to the organizational network.
Which of the following types of events did Brielle identify in the above scenario?

A. Failure audit
B. Error
C. Success audit
D. Warning

Explanation:
Success audit is the type of event that Brielle identified in the above scenario. Success audit is a type of event that records successful attempts to access a network device or resource. Success audit can be used to monitor authorized activities on a network, but it can also indicate unauthorized activities by malicious actors who have compromised credentials or bypassed security controls4.
Reference: Success Audit Event

Question#2

FusionTech, a leading tech company specializing in quantum computing, is based in downtown San Francisco, with its headquarters situated In a multi-tenant skyscraper. Their office spans across three floors. The cutting-edge technology and the proprietary data that FusionTech possesses make it a prime target for both cyber and physical threats. Recently, during an internal security review, it was discovered that an unauthorized individual was spotted on one of the floors. There was no breach, but it raised an alarm. The management wants to address this vulnerability without causing too much inconvenience to its 2000+ employees and the other tenants of the building.
Given FusionTech's unique challenges, which measure should it primarily consider to bolster its workplace security?

A. Implement retina scanning at every floor entrance.
B. Introduce an employee badge system with time-based access control.
C. Station security personnel on every floor.
D. Build a separate entrance and elevator for FusionTech employees.

Explanation:
Access Control:
Implementing an employee badge system with time-based access control ensures that only authorized personnel can access specific areas within the office, reducing the risk of unauthorized access.
Reference: NIST SP 800-116, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security.
Monitoring and Accountability:
The badge system provides a log of entries and exits, which can be monitored to detect any unusual activity. This enhances security and accountability within the organization.
Reference: ISO/IEC 27002:2013, Information technology ― Security techniques ― Code of practice for information security controls.
Minimal Inconvenience:
The badge system is minimally invasive and does not cause significant inconvenience to employees or other tenants in the building, making it a practical solution.
Reference: CIS Controls, Control 14 - Controlled Access Based on the Need to Know.
Enhanced Security Measures:
Time-based access control ensures that employees can only access the building during their designated working hours, further reducing the risk of unauthorized access during off-hours.
Reference: SANS Institute's Guide to Physical Security Controls.
Given the need for enhanced security without causing too much inconvenience, an employee badge system with time-based access control is the most effective measure for FusionTech.

Question#3

An attacker with malicious intent used SYN flooding technique to disrupt the network and gain advantage over the network to bypass the Firewall. You are working with a security architect to design security standards and plan for your organization. The network traffic was captured by the SOC team and was provided to you to perform a detailed analysis. Study the Synflood.pcapng file and determine the source IP address. Note: Synflood.pcapng file is present in the Documents folder of Attacker-1 machine.

A. 20.20.10.180
B. 20.20.10.19
C. 20.20.10.60
D. 20.20.10.59

Explanation:

Question#4

Kevin, a professional hacker, wants to penetrate CyberTech Inc.’s network. He employed a technique, using which he encoded packets with Unicode characters. The company’s IDS cannot recognize the packet, but the target web server can decode them.
What is the technique used by Kevin to evade the IDS system?

A. Desynchronization
B. Obfuscating
C. Session splicing
D. Urgency flag

Explanation:
Obfuscating is the technique used by Kevin to evade the IDS system in the above scenario. Obfuscating is a technique that involves encoding or modifying packets or data with various methods or characters to make them unreadable or unrecognizable by an IDS (Intrusion Detection System). Obfuscating can be used to bypass or evade an IDS system that relies on signatures or patterns to detect malicious activities. Obfuscating can include encoding packets with Unicode characters, which are characters that can represent various languages and symbols. The IDS system cannot recognize the packet, but the target web server can decode them and execute them normally. Desynchronization is a technique that involves creating discrepancies or inconsistencies between the state of a connection as seen by an IDS system and the state of a connection as seen by the end hosts. Desynchronization can be used to bypass or evade an IDS system that relies on stateful inspection to track and analyze connections. Desynchronization can include sending packets with invalid sequence numbers, which are numbers that indicate the order of packets in a connection. Session splicing is a technique that involves splitting or dividing packets or data into smaller fragments or segments to make them harder to detect by an IDS system. Session splicing can be used to bypass or evade an IDS system that relies on packet size or content to detect malicious activities. Session splicing can include sending packets with small MTU (Maximum Transmission Unit) values, which are values that indicate the maximum size of packets that can be transmitted over a network. An urgency flag is a flag in the TCP (Transmission Control Protocol) header that indicates that the data in the packet is urgent and should be processed immediately by the receiver. An urgency flag is not a technique to evade an IDS system, but it can be used to trigger an IDS system to generate an alert or a response.

Question#5

A web application, www.moviescope.com. hosted on your tarqet web server is vulnerable to SQL injection attacks. Exploit the web application and extract the user credentials from the moviescope database. Identify the UID (user ID) of a user, John, in the database. Note: Vou have an account on the web application, and your credentials are samAest. (Practical Question)

A. 3
B. 4
C. 2
D. 5

Explanation:
4 is the UID (user ID) of a user, John, in the database in the above scenario. A web application is a software application that runs on a web server and can be accessed by users through a web browser. A web application can be vulnerable to SQL injection attacks, which are a type of web application attack that exploit a vulnerability in a web application that allows an attacker to inject malicious SQL statements into an input field, such as a username or password field, and execute them on the database server. SQL injection can be used to bypass authentication, access or modify sensitive data, execute commands, etc. To exploit the web application and extract the user credentials from the moviescope database, one has to follow these steps: Open a web browser and type www.moviescope.com
Press Enter key to access the web application.
Enter sam as username and test as password.
Click on Login button.
Observe that a welcome message with username sam is displayed.
Click on Logout button.
Enter sam’ or ‘1’='1 as username and test as password.
Click on Login button.
Observe that a welcome message with username admin is displayed, indicating that SQL injection was successful.
Click on Logout button.
Enter sam’; SELECT * FROM users; C as username and test as password.
Click on Login button.
Observe that an error message with user credentials from users table is displayed.
The user credentials from users table are:



The UID that is mapped to user john is 4

Exam Code: 212-82Q & A: 161 Q&AsUpdated:  2025-09-15

 Get All 212-82 Q&As

Top 20 Exams

CertQuestionsBank doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All CertQuestionsBank content is sourced from the Internet.

Important Links

Know Us

Follow Us

Copyright © 2025 CertQuestionsBank NETWORK CO.,LIMITED. All Rights Reserved.