EC-Council CEH V11 Exam Questions For Passing 312-50v11 Exam

Regina2021-09-18T02:47:35+00:00

What is the real online materials to ensure your success in Certified Ethical Hacker Exam – C|EH v11 certification exam? We recommend EC-Coucil CEH V11 312-50v11 exam questions, which have been updated with the most accurate exam questions and answers recently. The current version of 312-50v11 exam questions contains 522 Q&As, which are all based on the CEH V11 exam topics and descriptions. You can pass 312-50v11 Certified Ethical Hacker Exam – C|EH v11 exam easily with the updated EC-Council CEH V11 exam questions.

Updated CEH V11 exam questions are real, you can check 312-50v11 free questions below first:

Page 1 of 6

1. Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization .

Which of the following cloud attacks did Alice perform in the above scenario?

Cloud hopper attack

Cloud cryptojacking

Cloudborne attack

Man-in-the-cloud (MITC) attack

2. Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

Error-based injection

Boolean-based blind SQL injection

Blind SQL injection

Allnion SQL injection

3. Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

tcptrace

Nessus

OpenVAS

tcptraceroute

4. Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs.

Which two SQL Injection types would give her the results she is looking for?

Out of band and boolean-based

Time-based and union-based

union-based and error-based

Time-based and boolean-based

5. What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

The attacker queries a nameserver using the DNS resolver.

The attacker makes a request to the DNS resolver.

The attacker forges a reply from the DNS resolver.

The attacker uses TCP to poison the ONS resofver.

6. The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

The buffer overflow attack has been neutralized by the IDS

The attacker is creating a directory on the compromised machine

The attacker is attempting a buffer overflow attack and has succeeded

The attacker is attempting an exploit that launches a command-line shell

7. What hacking attack is challenge/response authentication used to prevent?

Replay attacks

Scanning attacks

Session hijacking attacks

Password cracking attacks

8. John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP .

What should John do to communicate correctly using this type of encryption?

Use his own public key to encrypt the message.

Use Marie's public key to encrypt the message.

Use his own private key to encrypt the message.

Use Marie's private key to encrypt the message.

9. Which of the following steps for risk assessment methodology refers to vulnerability identification?

Determines if any flaws exist in systems, policies, or procedures

Assigns values to risk probabilities; Impact values.

Determines risk probability that vulnerability will be exploited (High. Medium, Low)

Identifies sources of harm to an IT system. (Natural, Human. Environmental)

10. Which system consists of a publicly available set of databases that contain domain name registration contact information?

WHOIS

CAPTCHA

IANA

IETF

Page 2 of 6

11. You want to do an ICMP scan on a remote computer using hping2 .

What is the proper syntax?

hping2 host.domain.com

hping2 --set-ICMP host.domain.com

hping2 -i host.domain.com

hping2 -1 host.domain.com

12. Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking the device remotely and record audio, capture screenshots, and monitor all phone calls and SMS messages .

What is the type of spyware that Jake used to infect the target device?

DroidSheep

Androrat

Zscaler

Trident

13. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

0x60

0x80

0x70

0x90

14. How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

There is no way to tell because a hash cannot be reversed

The right most portion of the hash is always the same

The hash always starts with AB923D

The left most portion of the hash is always the same

A portion of the hash will be all 0's

15. You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network .

What testing method did you use?

Social engineering

Piggybacking

Tailgating

Eavesdropping

16. BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory .

What is this mechanism called in cryptography?

Key archival

Key escrow.

Certificate rollover

Key renewal

17. Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

Compound SQLi

Blind SQLi

Classic SQLi

DMS-specific SQLi

18. Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Use the built-in Windows Update tool

Use a scan tool like Nessus

Check MITR

org for the latest list of CVE findings

Create a disk image of a clean Windows installation

19. Which results will be returned with the following Google search query?

site:target.com C site: Marketing.target.com accounting

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

Results matching all words in the query.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

20. Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server .

Which of the following tools is used by Jack to perform vulnerability scanning?

Infoga

WebCopier Pro

Netsparker

NCollector Studio

Page 3 of 6

21. Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes in these websites and injected a malicious script that can redirect users from the web page and download malware onto a victim's machine. Joel waits for the victim to access the infected web application so as to compromise the victim's machine .

Which of the following techniques is used by Joel in the above scenario?

DNS rebinding attack

Clickjacking attack

MarioNet attack

Watering hole attack

22. John is investigating web-application firewall logs and observers that someone is attempting to inject the following:

char buff[10];

buff[>o] - 'a':

What type of attack is this?

CSRF

XSS

Buffer overflow

SQL injection

23. In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information .

How can he achieve this?

Privilege Escalation

Shoulder-Surfing

Hacking Active Directory

Port Scanning

24. Which is the first step followed by Vulnerability Scanners for scanning a network?

OS Detection

Firewall detection

TCP/UDP Port scanning

Checking if the remote host is alive

25. Which of these is capable of searching for and locating rogue access points?

HIDS

WISS

WIPS

NIDS

26. John, a security analyst working for an organization, found a critical vulnerability on the

organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later .

What would John be considered as?

Acybercriminal

Black hat

White hat

Gray hat

27. During an Xmas scan what indicates a port is closed?

No return response

RST

ACK

SYN

28. You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet .

How will you achieve this without raising suspicion?

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

29. Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers.

The time a hacker spends performing research to locate this information about a company is known as?

Exploration

Investigation

Reconnaissance

Enumeration

30. Which of the following tactics uses malicious code to redirect users' web traffic?

Spimming

Pharming

Phishing

Spear-phishing

Page 4 of 6

31. What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

logs the incoming connections to /etc/passwd file

loads the /etc/passwd file to the UDP port 55555

grabs the /etc/passwd file when connected to UDP port 55555

deletes the /etc/passwd file when connected to the UDP port 55555

32. This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits .

Which among the following is this encryption algorithm?

Twofish encryption algorithm

HMAC encryption algorithm

IDEA

Blowfish encryption algorithm

33. Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

Xmas scan

IDLE/IPID header scan

TCP Maimon scan

ACK flag probe scan

34. Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives .

What is the tool employed by Mason in the above scenario?

NetPass.exe

Outlook scraper

WebBrowserPassView

Credential enumerator

35. An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password .

What kind of attack is this?

MAC spoofing attack

Evil-twin attack

War driving attack

Phishing attack

36. Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategies for the company's IT infrastructure to thwart DoS/DDoS attacks. Mike deployed some countermeasures to handle jamming and scrambling attacks .

What is the countermeasure Mike applied to defend against jamming and scrambling attacks?

Allow the usage of functions such as gets and strcpy

Allow the transmission of all types of addressed packets at the ISP level

Implement cognitive radios in the physical layer

A Disable TCP SYN cookie protection

37. Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

Rootkit

Trojan

A Worm

Adware

38. Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced .

Which of the following techniques is described in the above scenario?

Dark web footprinting

VoIP footpnnting

VPN footprinting

website footprinting

39. Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer .

How can Fred accomplish this?

Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

He can send an IP packet with the SYN bit and the source address of his computer.

Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

40. in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values .

What is this attack called?

Chop chop attack

KRACK

Evil twin

Wardriving

Page 5 of 6

41. What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Residual risk

Impact risk

Deferred risk

Inherent risk

42. CORRECT TEXT

A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-access wireless network .

What is

this hacking process known as?

GPS mapping

Spectrum analysis

Wardriving Wireless sniffing

43. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.

What is the name of the attack which is mentioned in the scenario?

Session Fixation

HTML Injection

HTTP Parameter Pollution

Clickjacking Attack

44. On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.

What is the name of the process by which you can determine those critical businesses?

Emergency Plan Response (EPR)

Business Impact Analysis (BIA)

Risk Mitigation

Disaster Recovery Planning (DRP)

45. A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

Place a front-end web server in a demilitarized zone that only handles external web traffic

Require all employees to change their anti-virus program with a new one

Move the financial data to another server on the same IP subnet

Issue new certificates to the web servers from the root certificate authority

46. Which of the following DoS tools is used to attack target web applications by starvation of available sessions on the web server?

The tool keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

My Doom

Astacheldraht

R-U-Dead-Yet?(RUDY)

LOIC

47. DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. It may be useful during the examination of the network to determine what software update resources are used, thus discovering what software is installed.

What command is used to determine if the entry is present in DNS cache?

nslookup -fullrecursive update.antivirus.com

dnsnooping Crt update.antivirus.com

nslookup -norecursive update.antivirus.com

dns --snoop update.antivirus.com

48. What is the purpose of DNS AAAA record?

Authorization, Authentication and Auditing record

Address prefix record

Address database record

IPv6 address resolution record

49. Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours .

What protocol used on Linux servers to synchronize the time has stopped working?

Time Keeper

NTP

PPP

OSPP

50. What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Transport layer port numbers and application layer headers

Presentation layer headers and the session layer port numbers

Network layer headers and the session layer port numbers

Application layer port numbers and the transport layer headers

Page 6 of 6

51. An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

The network devices are not all synchronized.

Proper chain of custody was not observed while collecting the logs.

The attacker altered or erased events from the logs.

The security breach was a false positive.

52. To create a botnet. the attacker can use several techniques to scan vulnerable machines. The attacker first collects Information about a large number of vulnerable machines to create a list. Subsequently, they infect the machines. The list Is divided by assigning half of the list to the newly compromised machines. The scanning process runs simultaneously. This technique ensures the spreading and installation of malicious code in little time.

Which technique is discussed here?

Hit-list-scanning technique

Topological scanning technique

Subnet scanning technique

Permutation scanning technique

53. Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user .

What is the enumeration technique used by Henry on the organization?

DNS zone walking

DNS cache snooping

DNS SEC zone walking

DNS cache poisoning

54. Alice needs to send a confidential document to her coworker. Bryan. Their company has public key infrastructure set up. Therefore. Alice both encrypts the message and digitally signs it. Alice uses_______to encrypt the message, and Bryan uses__________to confirm the digital signature.

Bryan’s public key; Bryan’s public key

Alice’s public key; Alice’s public key

Bryan’s private key; Alice’s public key

Bryan’s public key; Alice’s public key

55. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine .

What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

tcp.srcport= = 514 && ip.src= = 192.168.0.99

tcp.srcport= = 514 && ip.src= = 192.168.150

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

56. Which regulation defines security and privacy controls for Federal information systems and organizations?

HIPAA

EU Safe Harbor

PCI-DSS

NIST-800-53

57. Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Iris patterns

Voice

Height and Weight

Fingerprints

58. Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords.

Which of the following tools would not be useful for cracking the hashed passwords?

John the Ripper

Hashcat

netcat

THC-Hydra

59. In Trojan terminology, what is a covert channel?

A channel that transfers information within a computer system or network in a way that violates the security policy

A legitimate communication path within a computer system or network for transfer of data

It is a kernel operation that hides boot processes and services to mask detection

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

60. Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]” .

Which statement below is true?

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

This is a scam because Bob does not know Scott.

Bob should write to [email protected] to verify the identity of Scott.

This is probably a legitimate message as it comes from a respectable organization.