Certified Ethical Hacker Exam
Last Update 2 days ago
Total Questions : 614
312-50 is stable now with all latest exam questions are added 2 days ago. Just download our Full package and start your journey with ECCouncil Certified Ethical Hacker Exam certification. All these ECCouncil 312-50 practice exam questions are real and verified by our Experts in the related industry fields.
Bluetooth uses which digital modulation technique to exchange information between paired devices?
Which of the following describes the characteristics of a Boot Sector Virus?
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
In order to show improvement of security over time, what must be developed?
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
Which of the following is an application that requires a host application for replication?
Which of the following programs is usually targeted at Microsoft Office products?
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?
The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:
What type of activity has been logged?
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?
A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?
Which initial procedure should an ethical hacker perform after being brought into an organization?
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?
How does an operating system protect the passwords used for account logins?
Fingerprinting VPN firewalls is possible with which of the following tools?
Which of the following programming languages is most vulnerable to buffer overflow attacks?
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?
Which type of access control is used on a router or firewall to limit network activity?
Which type of scan measures a person's external features through a digital video camera?
Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?
What is the main advantage that a network-based IDS/IPS system has over a host-based solution?
A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.
Which cryptography attack is the student attempting?
The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?
In the software security development life cycle process, threat modeling occurs in which phase?
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?
The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?
Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)
A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?
Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular expressions.
Which command-line utility are you most likely to use?
Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?
In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.
Which of the following statement is incorrect related to this attack?
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
Which of the following is a characteristic of Public Key Infrastructure (PKI)?
Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?
Which security strategy requires using several, varying methods to protect IT systems against attacks?
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?
An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?
Which of the following guidelines or standards is associated with the credit card industry?
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
How do employers protect assets with security policies pertaining to employee surveillance activities?
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
Which type of security document is written with specific step-by-step details?
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?
TESTED 25 Apr 2024
Hi this is Romona Kearns from Holland and I would like to tell you that I passed my exam with the use of exams4sure dumps. I got same questions in my exam that I prepared from your test engine software. I will recommend your site to all my friends for sure.
Our all material is important and it will be handy for you. If you have short time for exam so, we are sure with the use of it you will pass it easily with good marks. If you will not pass so, you could feel free to claim your refund. We will give 100% money back guarantee if our customers will not satisfy with our products.