Certified Ethical Hacker CEH v11 Certification Exam 312-50v11 Practice Test Questions

Regina2021-07-23T06:47:00+00:00

Do you want to get the latest learning materials to prepare for 312-50v11 Certified Ethical Hacker CEH v11 certification exam? We recommend to choose the 312-50v11 practice test questions from ITExamShop online. We all know that Certified Ethical Hacker CEH v11 will teach you the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization. The latest EC-Council 312-50v11 practice test questions are based on the exam skills and knowledge points, which ensure that you can pass EC-Council CEH v11 312-50v11 exam.

Read 312-50v11 Free Questions To Verify The Quality of EC-Council CEH v11 312-50v11 Practice Test Questions

Page 1 of 10

1. Cross-site request forgery involves:

A request sent by a malicious user from a browser to a server

Modification of a request by a proxy between client and server

A browser making a request to a server without the user’s knowledge

A server making a request to another server without the user’s knowledge

2. John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server.

What is the technique employed by John to bypass the firewall?

DNS cache snooping

DNSSEC zone walking

DNS tunneling method

DNS enumeration

3. While using your bank’s online servicing you notice the following string in the URL bar:

“http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21”

You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.

Which type of vulnerability is present on this site?

Cookie Tampering

SQL Injection

Web Parameter Tampering

XSS Reflection

4. in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values.

What is this attack called?

Chop chop attack

KRACK

Evil twin

Wardriving

5. These hackers have limited or no training and know how to use only basic techniques or tools.

What kind of hackers are we talking about?

Black-Hat Hackers A

Script Kiddies

White-Hat Hackers

Gray-Hat Hacker

6. Which of the following is an extremely common IDS evasion technique in the web world?

Spyware

Subnetting

Unicode Characters

Port Knocking

7. is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

DNSSEC

Resource records

Resource transfer

Zone transfer

8. To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected. In the core components of the operating system.

What is this type of rootkit an example of?

Mypervisor rootkit

Kernel toolkit

Hardware rootkit

Firmware rootkit

9. Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

Bob can be right since DMZ does not make sense when combined with stateless firewalls

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

Bob is partially right. DMZ does not make sense when a stateless firewall is available

10. While browsing his Facebook teed, Matt sees a picture one of his friends posted with the caption. "Learn more about your friends!", as well as a number of personal questions. Matt is suspicious and texts his friend, who confirms that he did indeed post it. With assurance that the post is legitimate. Matt responds to the questions on the post, a few days later. Mates bank account has been accessed, and the password has been changed.

What most likely happened?

Matt inadvertently provided the answers to his security questions when responding to the post.

Matt's bank-account login information was brute forced.

Matt Inadvertently provided his password when responding to the post.

Matt's computer was infected with a keylogger.

Page 2 of 10

11. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

All are hacking tools developed by the legion of doom

All are tools that can be used not only by hackers, but also security personnel

All are DDOS tools

All are tools that are only effective against Windows

All are tools that are only effective against Linux

12. jane invites her friends Alice and John over for a LAN party. Alice and John access Jane's wireless network without a password. However. Jane has a long, complex password on her router.

What attack has likely occurred?

Wireless sniffing

Piggybacking

Evil twin

Wardriving

13. What would you enter if you wanted to perform a stealth scan using Nmap?

nmap -sM

nmap -sU

nmap -sS

nmap -sT

14. During an Xmas scan what indicates a port is closed?

No return response

RST

ACK

SYN

15. You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log.

Which file does NOT belongs to the list:

user.log

auth.fesg

wtmp

btmp

16. Which of the following is not a Bluetooth attack?

Bluedriving

Bluesmacking

Bluejacking

Bluesnarfing

17. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

What testing method did you use?

Social engineering

Piggybacking

Tailgating

Eavesdropping

18. The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames that the controller is intended to receive.

Which of the following is being described?

Multi-cast mode

Promiscuous mode

WEM

Port forwarding

19. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

The switches will drop into hub mode if the ARP cache is successfully flooded.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

The switches will route all traffic to the broadcast address created collisions.

20. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B.

How do you prevent DNS spoofing?

Install DNS logger and track vulnerable packets

Disable DNS timeouts

Install DNS Anti-spoofing

Disable DNS Zone Transfer

Page 3 of 10

21. John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform.

Which of the following actions should John take to overcome this problem with the least administrative effort?

Create an incident checklist.

Select someone else to check the procedures.

Increase his technical skills.

Read the incident manual every time it occurs.

22. You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan)

xxxxxxx xxxxxx

xxxxxxxxx. QUITTING!

What seems to be wrong?

The nmap syntax is wrong.

This is a common behavior for a corrupted nmap application.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

OS Scan requires root privileges.

23. You just set up a security system in your network.

In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

A firewall IPTable

FTP Server rule

A Router IPTable

An Intrusion Detection System

24. Which of these is capable of searching for and locating rogue access points?

HIDS

WISS

WIPS

NIDS

25. Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

Yancey would be considered a Suicide Hacker

Since he does not care about going to jail, he would be considered a Black Hat

Because Yancey works for the company currently; he would be a White Hat

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

26. The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it.

What would be a good step to have in the procedures for a situation like this?

Have the network team document the reason why the rule was implemented without prior manager approval.

Monitor all traffic using the firewall rule until a manager can approve it.

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

Immediately roll back the firewall rule until a manager can approve it

27. infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?

Reconnaissance

Maintaining access

Scanning

Gaining access

28. An attacker with access to the inside network of a small company launches a successful STP manipulation attack.

What will he do next?

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

He will activate OSPF on the spoofed root bridge.

He will repeat this action so that it escalates to a DoS attack.

He will repeat the same attack against all L2 switches of the network.

29. You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information.

How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

One day

One hour

One week

One month

30. A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating.

What sort of security breach is this policy attempting to mitigate?

Attempts by attackers to access the user and password information stored in the company’s SQL database.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.

Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.

Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Page 4 of 10

31. What did the following commands determine?

That the Joe account has a SID of 500

These commands demonstrate that the guest account has NOT been disabled

These commands demonstrate that the guest account has been disabled

That the true administrator is Joe

Issued alone, these commands prove nothing

32. An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush.

What type of breach has the individual just performed?

Reverse Social Engineering

Tailgating

Piggybacking

Announced

33. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

0x60

0x80

0x70

0x90

34. As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.

What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

Service Level Agreement

Project Scope

Rules of Engagement

Non-Disclosure Agreement

35. Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

DROWN attack

Padding oracle attack

Side-channel attack

DUHK attack

36. The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

network Sniffer

Vulnerability Scanner

Intrusion prevention Server

Security incident and event Monitoring

37. Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

Confront the client in a respectful manner and ask her about the data.

Copy the data to removable media and keep it in case you need it.

Ignore the data and continue the assessment until completed as agreed.

Immediately stop work and contact the proper legal authorities.

38. Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone.

Which of the following attacks is performed by Clark in above scenario?

IOS trustjacking

lOS Jailbreaking

Exploiting SS7 vulnerability

Man-in-the-disk attack

39. Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.

Which TCP and UDP ports must you filter to check null sessions on your network?

137 and 139

137 and 443

139 and 443

139 and 445

40. When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed.

Which of the following best describes what it is meant by processing?

The amount of time and resources that are necessary to maintain a biometric system

How long it takes to setup individual user accounts

The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information

The amount of time it takes to convert biometric data into a template on a smart card

Page 5 of 10

41. A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

Cross-site scripting vulnerability

SQL injection vulnerability

Web site defacement vulnerability

Gross-site Request Forgery vulnerability

42. Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

SFTP

Ipsec

SSL

FTPS

43. You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal."

You realize that this network uses WPA3 encryption, which of the following vulnerabilities is the promising to exploit?

Dragonblood

Cross-site request forgery

Key reinstallation attack

AP Myconfiguration

44. Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server.

In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’

select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’

select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’

select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

45. Password cracking programs reverse the hashing process to recover passwords. (True/False.)

True

False

46. You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan.

What flag will you use to satisfy this requirement?

The -A flag

The -g flag

The -f flag

The -D flag

47. An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine.

What is the name of this kind of attack?

MAC Flooding

Smurf Attack

DNS spoofing

ARP Poisoning

48. If you want to only scan fewer ports than the default scan using Nmap tool, which option would you use?

CsP

49. Why containers are less secure that virtual machines?

Host OS on containers has a larger surface attack.

Containers may full fill disk space of the host.

A compromise container may cause a CPU starvation of the host.

Containers are attached to the same virtual network.

50. Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.

What is Bob supposed to do next?

Take over the session

Reverse sequence prediction

Guess the sequence numbers

Take one of the parties offline

Page 6 of 10

51. The network administrator at Spears Technology, Inc has configured the default gateway

Cisco router's access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router.

How would you proceed?

Use the Cisco's TFTP default password to connect and download the configuration file

Run a network sniffer and capture the returned traffic with the configuration file from the router

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

Send a customized SNMP set request with a spoofed source IP address in the range - 192.168.1.0

52. Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app.

What is the attack performed on Don in the above scenario?

SMS phishing attack

SIM card attack

Agent Smith attack

Clickjacking

53. An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization's machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests.

What is the type of vulnerability assessment solution that James employed in the above scenario?

Product-based solutions

Tree-based assessment

Service-based solutions

inference-based assessment

54. Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002.

This law is known by what acronym?

Fed RAMP

PCIDSS

SOX

HIPAA

55. You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page.

What Is the best Linux pipe to achieve your milestone?

dirb https://site.com | grep "site"

curl -s https://sile.com | grep ‘’< a href-’http" | grep "Site-com- | cut -d "V" -f 2

wget https://stte.com | grep "< a href=*http" | grep "site.com"

wgethttps://site.com | cut-d"http-

56. Consider the following Nmap output:

what command-line parameter could you use to determine the type and version number of the web server?

-sv

-Pn

-V

-ss

57. which of the following protocols can be used to secure an LDAP service against anonymous queries?

SSO

RADIUS

WPA

NTLM

58. If executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?

Criminal

International

Common

Civil

59. What is the minimum number of network connections in a multi homed firewall?

60. This kind of password cracking method uses word lists in combination with numbers and special characters:

Hybrid

Linear

Symmetric

Brute Force

Page 7 of 10

61. A zone file consists of which of the following Resource Records (RRs)?

DNS, NS, AXFR, and MX records

DNS, NS, PTR, and MX records

SOA, NS, AXFR, and MX records

SOA, NS, A, and MX records

62. You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

Botnet Attack

Spear Phishing Attack

Advanced Persistent Threats

Rootkit Attack

63. What hacking attack is challenge/response authentication used to prevent?

Replay attacks

Scanning attacks

Session hijacking attacks

Password cracking attacks

64. This TCP flag instructs the sending system to transmit all buffered data immediately.

SYN

RST

PSH

URG

FIN

65. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.

What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

tcp.srcport= = 514 && ip.src= = 192.168.0.99

tcp.srcport= = 514 && ip.src= = 192.168.150

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

66. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Birthday

Brute force

Man-in-the-middle

Smurf

67. By using a smart card and pin, you are using a two-factor authentication that satisfies

Something you are and something you remember

Something you have and something you know

Something you know and something you are

Something you have and something you are

68. Which of the following is the BEST way to defend against network sniffing?

Using encryption protocols to secure network communications

Use Static IP Address

Restrict Physical Access to Server Rooms hosting Critical Servers

69. Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network.

What is the online tool employed by Clark in the above scenario?

AOL

ARIN

DuckDuckGo

Baidu

70. what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

httpd.conf

administration.config

idq.dll

php.ini

Page 8 of 10

71. Which results will be returned with the following Google search query? site:target.com C site:Marketing.target.com accounting

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

Results matching all words in the query.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

72. Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports.

What happens when the CAM table becomes full?

Switch then acts as hub by broadcasting packets to all machines on the network

The CAM overflow table will cause the switch to crash causing Denial of Service

The switch replaces outgoing frame switch factory default MAC address of FF: FF: FF: FF: FF: FF

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

73. What is the proper response for a NULL scan if the port is closed?

SYN

ACK

FIN

PSH

RST

No response

74. During the enumeration phase. Lawrence performs banner grabbing to obtain information such as OS details and versions of services running. The service that he enumerated runs directly on TCP port 445.

Which of the following services is enumerated by Lawrence in this scenario?

Server Message Block (SMB)

Network File System (NFS)

Remote procedure call (RPC)

Telnet

75. Which of the following Linux commands will resolve a domain name into IP address?

>host-t a hackeddomain.com

>host-t ns hackeddomain.com

>host -t soa hackeddomain.com

>host -t AXFR hackeddomain.com

76. in the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

3.0-6.9

40-6.0

4.0-6.9

3.9-6.9

77. Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack.

What is the type of vulnerability assessment performed by Johnson in the above scenario?

Distributed assessment

Wireless network assessment

Most-based assessment

Application assessment

78. An attacker runs netcat tool to transfer a secret file between two hosts.

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password

Use cryptcat instead of netcat

79. Heather’s company has decided to use a new customer relationship management tool. After performing the appropriate research, they decided to purchase a subscription to a cloud-hosted solution. The only administrative task that Heather will need to perform is the management of user accounts. The provider will take care of the hardware, operating system, and software administration including patching and monitoring.

Which of the following is this type of solution?

SaaS

IaaS

CaaS

PasS

80. Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Produces less false positives

Can identify unknown attacks

Requires vendor updates for a new threat

Cannot deal with encrypted network traffic

Page 9 of 10

81. While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server.

From the following options choose how best you can achieve this objective?

Block port 25 at the firewall.

Shut off the SMTP service on the server.

Force all connections to use a username and password.

Switch from Windows Exchange to UNIX Sendmail.

None of the above.

82. What is the minimum number of network connections in a multihomed firewall?

83. Steve, an attacker, created a fake profile on a social media website and sent a request to Stella. Stella was enthralled by Steve's profile picture and the description given for his profile, and she initiated a conversation with him soon after accepting the request. After a few days. Sieve started asking about her company details and eventually gathered all the essential information regarding her company.

What is the social engineering technique Steve employed in the above scenario?

Diversion theft

Baiting

Honey trap

Piggybacking

84. What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

AndroidManifest.xml

info

resources.asrc

classes.dex

85. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Residual risk

Impact risk

Deferred risk

Inherent risk

86. Which of the following is assured by the use of a hash?

Authentication

Confidentiality

Availability

Integrity

87. What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

VCloud based

Honypot based

Behaviour based

Heuristics based

88. DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

nslookup -fullrecursive update.antivirus.com

dnsnooping Crt update.antivirus.com

nslookup -norecursive update.antivirus.com

dns --snoop update.antivirus.com

89. Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site.

The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

Encrypt the backup tapes and transport them in a lock box.

Degauss the backup tapes and transport them in a lock box.

Hash the backup tapes and transport them in a lock box.

Encrypt the backup tapes and use a courier to transport them.

90. Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob.

What is the type of attack performed by Samuel in the above scenario?

UDP hijacking

Blind hijacking

TCP/IP hacking

Forbidden attack

Page 10 of 10

91. Which system consists of a publicly available set of databases that contain domain name registration contact information?

WHOIS

CAPTCHA

IANA

IETF

92. CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test.

Your email message looks like this:

From: [email protected]

To: [email protected] Subject: Test message

Date: 4/3/2017 14:37

The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ’s email gateway doesn’t prevent what?

Email Masquerading

Email Harvesting

Email Phishing

Email Spoofing

93. Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network.

Which of the following Nmap commands must John use to perform the TCP SVN ping scan?

nmap -sn -pp < target ip address >

nmap -sn -PO < target IP address >

Anmap -sn -PS < target IP address >

nmap -sn -PA < target IP address >

94. DHCP snooping is a great solution to prevent rogue DHCP servers on your network.

Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Spanning tree

Dynamic ARP Inspection (DAI)

Port security

Layer 2 Attack Prevention Protocol (LAPP)

95. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

nessus

tcpdump

ethereal

jack the ripper

96. While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Cross-site scripting

Denial of service

SQL injection

Directory traversal

97. Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.

Which of the following techniques is employed by Susan?

web shells

Webhooks

REST API

SOAP API

98. What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

CPU

GPU

UEFI

TPM

99. Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door.

In this case, we can say:

Although the approach has two phases, it actually implements just one authentication factor

The solution implements the two authentication factors: physical object and physical characteristic

The solution will have a high level of false positives

Biological motion cannot be used to identify people

100. In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Do not reply to email messages or popup ads asking for personal or financial information

Do not trust telephone numbers in e-mails or popup ads

Review credit card and bank account statements regularly

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

Do not send credit card numbers, and personal or financial information via e-mail

Welcome To Choose Required IT Certification Exams Online

Certified Ethical Hacker CEH v11 Certification Exam 312-50v11 Practice Test Questions

Read 312-50v11 Free Questions To Verify The Quality of EC-Council CEH v11 312-50v11 Practice Test Questions

Author