ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 137 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 137
Topic #: 1
[All 312-50v11 Questions]

What is the port to block first in case you are suspicious that an IoT device has been compromised?

  • A. 22
  • B. 48101
  • C. 80
  • D. 443
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Armyal3x at April 13, 2021, 5:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Grezavi
Highly Voted 3 years, 6 months ago
48101 https://us-cert.cisa.gov/ncas/alerts/TA16-288A
upvoted 10 times
...
netloony
Highly Voted 3 years, 6 months ago
This is not an old question, i got this one on my exam 2 months ago.
upvoted 7 times
palverz
3 years, 3 months ago
+1 a few weeks ago
upvoted 5 times
...
...
sistani
Most Recent 1 year ago
Selected Answer: C
it is c
upvoted 1 times
...
Geofreykimbi46
2 years, 2 months ago
Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor
upvoted 1 times
...
Daniel8660
2 years, 2 months ago
Selected Answer: B
How to Defend Against IoT Hacking Mirai, look for suspicious traffic on port 48101. Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor.Monitor traffic on port 48101 as infected devices attempt to spread malicious file. (P.2678/2662)
upvoted 2 times
...
MasterMark
2 years, 7 months ago
Selected Answer: B
IOT Uses port 48101 and that is the port to monitor for potential issues then closing that port will stop IOT from communication with the network
upvoted 4 times
...
msnarf
2 years, 8 months ago
Selected Answer: D
B Cannot be the right answer, just because there was a one-off piece of malware eight years ago that used this port. Port 80 and 443 are both valid, but I would think nowadays HTTPS is more common that HTTP, so D it is.
upvoted 1 times
...
Average_Joe
2 years, 8 months ago
From Viktor Afimov (Udemy's CEHv11 Practice Exams). Explanation: https://us-cert.cisa.gov/ncas/alerts/TA16-288A The question is incorrect, it is not about knowledge of the IoT security concept, but about knowledge of one of the largest DDos attacks using Mirai in 2016: On September 20, 2016, Brian Krebs’ security blog (krebsonsecurity.com) was targeted by a massive DDoS attack, one of the largest on record, exceeding 620 gigabits per second (Gbps). An IoT botnet powered by Mirai malware created the DDoS attack. The Mirai malware continuously scans the Internet for vulnerable IoT devices, which are then infected and used in botnet attacks. The Mirai bot uses a short list of 62 common default usernames and passwords to scan for vulnerable devices. Because many IoT devices are unsecured or weakly secured, this short dictionary allows the bot to access hundreds of thousands of devices. And one of Preventive Steps was: - Look for suspicious traffic on port 48101. Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor.
upvoted 6 times
...
cazzobsb
2 years, 9 months ago
Selected Answer: B
correct
upvoted 1 times
...
pawel_ceh
2 years, 9 months ago
Selected Answer: C
Erratum: Port 80 is answer C.
upvoted 1 times
...
pawel_ceh
2 years, 9 months ago
Selected Answer: B
ioT uses HTTP i.e. 80. 443 is HTTPS. 48101 Is not assigned.
upvoted 1 times
...
semselim
2 years, 10 months ago
You should block 443
upvoted 1 times
...
whysoserious1199
3 years, 4 months ago
B is correct, though a weird way to put it. Ans is verifiable by process of elimination: port 22 = SSH port 80 = http port 443 = https
upvoted 2 times
...
ANDRESCB1988
3 years, 5 months ago
correct
upvoted 1 times
...
czarul79
3 years, 8 months ago
This is old question and not on the exam anymore.
upvoted 2 times
...
cerzocuspi
3 years, 8 months ago
Infected devices often attempt to spread malware by using port 48101 to send results to the threat actor.
upvoted 2 times
...
Yass07
3 years, 8 months ago
i think that 443 is the correct answer , i couldn't find any other informations on Google , so please help ?
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel