[2022] 312-50v10 by Certified Ethical Hacker Actual Free Exam Practice Test [Q115-Q136]

Rate this post

[2022] 312-50v10 by Certified Ethical Hacker Actual Free Exam Practice Test

Free Certified Ethical Hacker 312-50v10 Exam Question

Target Audience and Prerequisites

Putting hard-work in acing the EC-Council 312-50v10 test will bring the most benefits for professionals working in job roles like security officers, security professionals, auditors, and site administrators. Appearing for this exam is only possible if the application process is completed triumphantly. Each candidates has to pass through this phase. Additionally, industry experts insinuate taking-up the associated training to make this learning journey a lot more uncomplicated.

Module 6: System Hacking

The domain encompasses the learners’ understanding of the CEH hacking methodology; familiarity with various techniques to access the system; awareness of privilege escalation methods; understanding of various methods to sustain remote access to the system; familiarity with Rootkits different types; awareness of Steganalysis and Steganograpy; familiarity with the methods of concealing evidence of compromise; understanding of system hacking penetration testing.

NEW QUESTION 115
What two conditions must a digital signature meet?

Has to be legible and neat.

Has to be unforgeable, and has to be authentic.

Must be unique and have special characters.

Has to be the same number of characters as a physical signature and must be unique.

Explanation/Reference:

NEW QUESTION 116
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

He will activate OSPF on the spoofed root bridge.

He will repeat the same attack against all L2 switches of the network.

He will repeat this action so that it escalates to a DoS attack.

NEW QUESTION 117
Why should the security analyst disable/remove unnecessary ISAPI filters?

To defend against social engineering attacks

To defend against webserver attacks

To defend against jailbreaking

To defend against wireless attacks

NEW QUESTION 118
Which of the following is optimized for confidential communications, such as bidirectional voice and video?

RC4

RC5

MD4

MD5

NEW QUESTION 119
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

NEW QUESTION 120
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor.
What should the hacker’s next step be before starting work on this job?

Start by foot printing the network and mapping out a plan of attack.

Ask the employer for authorization to perform the work outside the company.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

Use social engineering techniques on the friend’s employees to help identify areas that may be susceptible to attack.

NEW QUESTION 121
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?

ACK

SYN

RST

SYN-ACK

NEW QUESTION 122
ViruXine.W32 virus hides their presence by changing the underlying executable code.
This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Here is a section of the Virus code:

What is this technique called?

Polymorphic Virus

Metamorphic Virus

Dravidic Virus

Stealth Virus

NEW QUESTION 123
What attack is used to crack passwords by using a precomputed table of hashed passwords?

Brute Force Attack

Rainbow Table Attack

Dictionary Attack

Hybrid Attack

Explanation

NEW QUESTION 124
What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Cross-site request forgery

Cross-site scripting

Session hijacking

Server side request forgery

NEW QUESTION 125
The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access to the ftp, and the permitted hosts cannot access the Internet.
According to the next configuration, what is happening in the network?

The ACL 104 needs to be first because is UDP

The ACL 110 needs to be changed to port 80

The ACL for FTP must be before the ACL 110

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

NEW QUESTION 126
Which property ensures that a hash function will not produce the same hashed value for two different messages?

Collision resistance

Bit length

Key strength

Entropy

NEW QUESTION 127
What are the three types of authentication?

Something you: know, remember, prove

Something you: have, know, are

Something you: show, prove, are

Something you: show, have, prove

NEW QUESTION 128
Joseph was the Web site administrator for the Mason Insurance in New York, who’s main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker’s message ”Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance’s internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

ARP spoofing

SQL injection

DNS poisoning

Routing table injection

NEW QUESTION 129
Emil uses nmap to scan two hosts using this command:
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:

What is his conclusion?

Host 192.168.99.7 is an iPad.

He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7

Host 192.168.99.1 is the host that he launched the scan from.

Host 192.168.99.7 is down.

NEW QUESTION 130
Which regulation defines security and privacy controls for Federal information systems and organizations?

NIST-800-53

PCI-DSS

EU Safe Harbor

HIPAA

Explanation
NIST Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations,” provides a catalog of security controls for all U.S. federal information systems except those related to national security.
References: https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53

NEW QUESTION 131
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

She is using ftp to transfer the file to another hacker named John.

She is using John the Ripper to crack the passwords in the secret.txt file

She is encrypting the file.

She is using John the Ripper to view the contents of the file.

NEW QUESTION 132
Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Nikto

Nmap

Metasploit

Armitage

NEW QUESTION 133
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

Service Level Agreement

Project Scope

Rules of Engagement

Non-Disclosure Agreement

NEW QUESTION 134
Websites and web portals that provide web services commonly use the Simple Object Access Protocol
(SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

Based on XML

Only compatible with the application protocol HTTP

Exchanges data between web services

Provides a structured model for messaging

NEW QUESTION 135
One way to defeat a multi-level security solution is to leak data via

a bypass regulator.

steganography.

a covert channel.

asymmetric routing.

NEW QUESTION 136
How can telnet be used to fingerprint a web server?

telnet webserverAddress 80HEAD / HTTP/1.0

telnet webserverAddress 80PUT / HTTP/1.0

telnet webserverAddress 80HEAD / HTTP/2.0

telnet webserverAddress 80PUT / HTTP/2.0

Loading …

EC-COUNCIL 312-50v10 Actual Questions and Braindumps: https://www.trainingdump.com/EC-COUNCIL/312-50v10-practice-exam-dumps.html

[2022] 312-50v10 by Certified Ethical Hacker Actual Free Exam Practice Test [Q115-Q136]