Certified Ethical Hacker Exam (C|EH v10) 312-50v10 Exam Prepartation Questions

Regina2021-09-30T03:00:27+00:00

By Regina CEH, EC-Council, Free Questions Online, SAP Certified Specialist 312-50v10, 312-50v10 exam questions, 312-50v10 free questions, Certified Ethical Hacker Exam (C|EH v10)

Some one took their Certified Ethical Hacker Exam (C|EH v10) 312-50v10 and passed recently with the real exam preparation questions. EC-Council 312-50v10 exam questions updated by the top experts are real, which help you be getting familiar with all the Q&As by actually enhancing up your understanding of 312-50v10 issues. It is good decision of choosing 312-50v10 Exam Prepartation Questions to prepare for Certified Ethical Hacker Exam (C|EH v10) certification exam. We can be sure that 312-50v10 exam questions are valid, which are highly recommended.

Certified Ethical Hacker Exam (C|EH v10) 312-50v10 Free Questions For Checking

Page 1 of 6

1. As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic.

What command in Wireshark will help you to find this kind of traffic?

request smtp 25

tcp.port eq 25

smtp port

tcp.contains port 25

2. An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to"www.MyPersonalBank.com", that the user is directed to a phishing site.

Which file does the attacker need to modify?

Boot.ini

Sudoers

Networks

Hosts

3. Which type of security features tops vehicles from crashing through the doors of a building?

Turnstile

Bollards

Man trap

Receptionist

4. Log monitoring tools performing behavioral analysis have alerted several suspicious login son a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that

none of the logins have occurred during typical work hours. A Linux administrator who is investigating this

problem realized the system time on the Linux server is wrong by more than twelve hours.

What protocol used on Linux serves to synchronize the time has stopped working?

NTP

TimeKeeper

OSPF

PPP

5. An enterprise recent y moved to a new of ice and the new neighborhood is a littler is risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours.

What is the best option to do this job?

Use fences in the entrance doors.

Install a CCTV with cameras pointing to the entrance doors and the street

Use an IDS in the entrance doors and install some of them near the corners.

Use lights in all the entrance doors and along the company's perimeter.

6. Bob, a network administrator at Big University, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware activities in the network.

What should Bob do to avoid this problem?

Disable unused ports in the switches

Separate students in a different VLAN

Use the 802.1x protocol

Ask students to use the wireless network

7. Which is the first step followed by Vulnerability Scanners for scanning a network?

TCP/UDP Port scanning

Firewall detection

OS Detection

Checking if the remote host is alive

8. Security Policy is a definition of what it means to be secure for a system, organization or other entity. For Information Technologies, there are sub-policies like Computer Security Policy, Information Protection Policy, Information Security Policy, network Security Policy, Physical Security Policy, Remote Access Policy, and User Account Policy.

What is the main theme of the sub-policies for Information Technologies?

Availability, Non-repudiation, Confidentiality

Authenticity, Integrity, Non-repudiation

Confidentiality, Integrity, Availability

Authenticity, Confidentiality, Integrity

9. The "Gray-box testing" methodology enforces what kind of restriction?

Only the internal operation of a system is known to the tester.

The internal operation of a system is completely known to the tester.

The internal operation of a system is only partly accessible to the tester

Only the external operation of a system is accessible to the tester.

10. Which results will be returned with the following Google search query? site: target.com site: Marketing target.com accounting

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

Results matching all words in the query.

Results for matches on target.com and Marketing,target.com that include the word "accounting"

Results matching "accounting" in domain target.com but not on the site Marketing.target.com

Page 2 of 6

11. How can rainbow tables be defeated?

Password salting

Use of non-dictionary words

All uppercase character passwords

Lockout accounts under brute force password cracking attempts

12. What is correct about digital signatures?

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party

Digital signatures maybe used in different documents of the same type.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

Digital signatures are issued once for each user and can be used everywhere until they expire.

13. While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences.

He then decided to conduct: nmap-Pn-p-sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with increment all PID sequence.

What is the purpose of using-sl with Nmap?

Conduct stealth scan

Conduct ICMP scan

Conduct IDLE scan

Conduct silent scan

14. What type of OS fingerprinting techniques ends specially crafted packets to the remote OS and analyzes the received response?

Passive

Active

Reflective

Distributive

15. Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.

Suppose a malicious user Rob tries to get access to the account of a benign user Ned.

Which of the following requests best i lust rates an attempt to exploit an insecure direct object reference vulnerability?

“GET/restricted/goldtransfer?to=Rob&from=1or1=1'HTTP/1.1Hostwestbank.com"

“GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”

“GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”

“GET/restricted/r
%00account%00Ned%00accessHTTP/1.1Host: westbank.com"

16. What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK

Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK

Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK

Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN

17. User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email.

At what layer of the OSI layer does the encryption and decryption of the message take place?

Application

Transport

Session

Presentation

18. Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer's activity on the site. These tools are located on the servers of the marketing company.

What is the main security risk associated with this scenario?

External script contents could be maliciously modified without the security team knowledge

External scripts have direct access to the company servers and can steal the data from there

There is no risk at all as the marketing services are trustworthy

External scripts increase the outbound company data traffic which leads greater financial losses

19. The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122.192.168.1.123 and 192.168.1.124.

An attacker is trying to find those servers but he can not see them in his scanning. The command he is using is: nmap192.168.1.64/28

Why he cannot see the servers?

He needs to change the address to 192.168.1.0 with the same mask

He needs to add the command “ip address" just before the IP address.

He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask/ 28 and the servers are not in that range.

The network must be down and then map command and IP address are ok

20. What is the purpose of a demilitarized zone on a network?

To scan all traffic coming through the DMZ to the internal network

To only provide direct access to the nodes within the DMZ and protect the network behind it

To provide a place to put the honeypot

To contain the network devices you wish to protect

Page 3 of 6

21. You are doing an internal security audit and intend to find out what ports are open on all the servers.

What is the best way to find out?

Scan servers with Nmap

Scan servers with MBSA

Telnet to every port on each server

Physically go to each server

22. Alice encrypts her data using her public key PK and stores the encrypted data in the cloud.

Which of the following attack scenarios will compromise the privacy of her data?

None of these scenarios compromise the privacy of Alice's data

Agent Andrew subpoenas Alice, forcing her to reveal her private key. However, the cloud server successfully resists Andrew's attempt to access the stored data

Hacker Harry breaks into the cloud server and steals the encrypted data

Alice also stores her private key in the cloud, and Harry breaks into the cloud server as before

23. Which of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?

Command Injection Attacks

File Injection Attack

Cross-Site Request Forgery (CSRF)

Hidden Field Manipulation Attack

24. Which of the following is not a Bluetooth attack?

Bluesnarfing

Bluedriving

Bluesmacking

Bluejacking

25. Which service in a PKI will vouch for the identity of an individual or company?

CBC

KDC

26. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not matchup.

What is the most likely cause?

The network devices are not all synchronized

Proper chain of custody was not observed while collecting the logs.

The attacker altered or erased events from the logs.

The security breach was a false positive.

27. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email and you send her an email changing the source email to her boss's email(boss@company). In this email you ask for a pdf with information. She reads your email and sends back a pdf with inks. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don't work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.

What testing method did you use?

Social engineering

Piggybacking

Tailgating

Eavesdropping

28. What is the role of test automation in security testing?

It is an option but it tends to be very expensive.

It should be used exclusively. Manual testing is outdated because of low spend and possible test setup inconsistencies.

Test automation is not usable in security due to the complexity of the tests.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it can not replace manual testing completely.

29. What is the minimum number of network connections in a multihomed firewall?

30. A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention can either be to simply gain knowledge or to illegally make changes.

Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

White Hat

Suicide Hacker

Gray Hat

Black Hat

Page 4 of 6

31. Your business has decided to add credit card numbers to the data it backs up to tape.

Which of the following represents the best practice your business should observe?

Do not backup either the credit card numbers or their hashes.

Encrypt backup tapes that are sent off-site.

Backup the hashes of the credit card numbers not the actual credit card numbers.

Hire a security consultant to provide direction.

32. This international organization regulates bi lions of transactions daily and provides security guidelines to protect personally identifiable information (PI). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.

Which of the following organization is being described?

Institute of Electrical and Electronics Engineers (IEEE)

International Security Industry Organization (ISIO)

Center for Disease Control (CDC)

Payment Card Industry (PCI)

33. Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

Use security policies and procedures to define and implement proper security settings.

Use digital certificates to authenticate a server prior to sending data

Validate and escape all information sent to a server.

Verify access right before allowing access to protected information and Ul controls.

34. Which security strategy requires using several varying methods to protect IT systems against attacks?

Defense in depth

Covert channels

Exponential backoff algorithm

Three-way handshake

35. Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

PKI

SOA

biometrics

single sign on

36. You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/ 8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.

After further analysis, you find out that this Public I Pisa blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

Botnet Attack

Spear Phishing Attack

Advanced Persistent Threats

Rootkit Attack

37. John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Usernames

File permissions

Firewall rulesets

Passwords

38. A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing-Reports https://ibt1.prometric.com/users/custom/reportqueue/rgstr...corporate network.

What tool should the analyst use to perform a Blackjacking attack?

Paros Proxy

BBProxy

Bloover

BBCrack

39. It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.

Which of the following regulations best matches the description?

FISMA

ISO/IEC 27002

HIPAA

COBIT

40. A company's security policy states that all Web browsers must automatically delete their HTTP browser

cookies upon terminating.

What sort of security breach is this policy attempting to mitigate?

Attempts by attackers to access the user and password information stored in the company's

Attempts by attackers to access Websites that trust the Web browser user by stealing the

Attempts by attackers to access password stored on the user's computer without the user's

Attempts by attackers to determine the user's Web browser usage patterns, including when

Page 5 of 6

41. Peter is surfing the internet looking for if main about DX Company.

Which hacking process is Peer doing?

Scanning

Footprinting

Enumeration

System Hacking

42. A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating.

What sort of security breach is this policy attempting to mitigate?

Attempts by attackers to access the user and password information stored in the company's SQL database.

Attempts by attackers to access Websites that trust the Web browser user by stealing the user's authentication credentials.

Attempts by attackers to access password stored on the user's computer without the user's knowledge

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

43. Peter issuing the internet looking for i format in about DX Company.

Which hacking process is Peer doing?

Scanning

Footprinting

Enumeration

System Hacking

44. Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system.

If a scanned port is open, what happens?

The port will ignore the packets.

The port will send an RS

The port will send an AC

The port will send a SYN

45. An LDAP directory can be used to store information similar to a SQL database. LDAP uses a______ database structure instead of SQL's________ structure.

Because of this, LDAP has difficulty representing many-to-one relationships.

Strict, Abstract

Simple, Complex

Relational, Hierarchical

Hierarchical, Relational

46. You want to analyze packets on your wireless network.

Which program would you use?

Wireshark with Airpcap

Airsnort with Airpcap

Wireshark with Winpcap

Ethereal with Winpcap

47. What is not a PCI compliance recommendation?

Use a firewall between the pubic network and the payment card data.

Use encryption to protect all transmission of cardholder data over any public network.

Rotate employees handling credit card transactions on a yearly basis to different departments.

Limit access to cardholder data to as few individuals as possible.

48. An attacker scans a host with the below command.

Which three flags are set? (Choose three.)

#nmap-sXhost.domain.com

This is ACK scan. ACK flag is set

This is Xmas scan. SYN and ACK flags are set

This is Xmas scan. URG, PUSH and FIN are set

This is SYN scan. SYN flag is set

49. A hacker has managed to gain access to a Linux host and stolen the password file from/etc/passwd.

How can he use it?

The file reveals the passwords to the root user only.

The password file does not contain the passwords themselves.

He cannot read it because it is encrypted

He can open it and read the user ids and corresponding passwords.

50. Which of the following parameters describe LM Hash (see exhibit):

I, II, and III

I and II

Page 6 of 6

51. You are attempting to man-in-the-middle a session.

Which protocol will allow you to guess a sequence number?

ICMP

TCP

UP X

UPD

52. Which of the following will perform an Xmas scan using NMAP?

nmap -sA 192.168.1.254

nmap -sP 192.168.1.254

nmap -sX 192.168.1.254

nmap -sV 192.168.1.254

53. Which command can be used to show the current TCP/IP connections?

Netsh

Net use connection

Netstat

Net use

54. Which of the following is the least likely physical characteristic to be used in biometric control that supports a large company?

Voice

Fingerprints

Iris patterns

Height and Weight

55. Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

[cache:]

[site:]

[inurl:]

[link:]

56. Jim's company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim's company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year's audit show a risk because backup tapes are not stored off-site.

The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

Encrypt the backup tapes and transport them in a lockbox.

Degauss the backup tapes and transport them in a lockbox.

Hash the backup tapes and transport them in a lockbox.

Encrypt the backup tapes and use a courier to transport them.

57. Risks=Threats x Vulnerabilities is referred to as the:

BIA equation

Disaster recovery formula

Risk equation

Threat assessment

58. An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.

In which order should he perform these steps?

The sequence does not matter. Both steps have to be performed against all hosts.

First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.

First the ping sweep to ident fy live hosts and then the ports canon the live hosts. This way he saves time.

The port scan alone is adequate. This way he saves time.

59. A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

Place a front-end webserver in a demilitarized zone that only handles external web traffic

Require all employees to change their anti-virus program with a new one

Move the financial data to another server on the same IP subnet

ls sue new certificates to the webservers from the root certificate authority

60. Which of the following tools can be used for passive OS fingerprinting?

tcpdump

nmap

ping

tracert

Welcome To Choose Required IT Certification Exams Online

Certified Ethical Hacker Exam (C|EH v10) 312-50v10 Exam Prepartation Questions

Certified Ethical Hacker Exam (C|EH v10) 312-50v10 Free Questions For Checking

Author