Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

312-50v12 Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Questions 4

A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?

Options:

A.

Botnet Trojan

B.

Banking Trojans

C.

Turtle Trojans

D.

Ransomware Trojans

Buy Now
Questions 5

Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?

Options:

A.

MITM attack

B.

Birthday attack

C.

DDoS attack

D.

Password attack

Buy Now
Questions 6

Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key to an algorithm that generated an enhanced key that is resistant to brute-force attacks. What is the technique employed by Kevin to improve the security of encryption keys?

Options:

A.

Key derivation function

B.

Key reinstallation

C.

A Public key infrastructure

D.

Key stretching

Buy Now
Questions 7

Jack, a professional hacker, targets an organization and performs vulnerability scanning on the target web server to identify any possible weaknesses, vulnerabilities, and misconfigurations. In this process, Jack uses an automated tool that eases his work and performs vulnerability scanning to find hosts, services, and other vulnerabilities in the target server. Which of the following tools is used by Jack to perform vulnerability scanning?

Options:

A.

Infoga

B.

WebCopier Pro

C.

Netsparker

D.

NCollector Studio

Buy Now
Questions 8

Peter, a system administrator working at a reputed IT firm, decided to work from his home and login remotely. Later, he anticipated that the remote connection could be exposed to session hijacking. To curb this possibility, he implemented a technique that creates a safe and encrypted tunnel over a public network to securely send and receive sensitive information and prevent hackers from decrypting the data flow between the endpoints. What is the technique followed by Peter to send files securely through a remote connection?

Options:

A.

DMZ

B.

SMB signing

C.

VPN

D.

Switch network

Buy Now
Questions 9

A skilled ethical hacker was assigned to perform a thorough OS discovery on a potential target. They decided to adopt an advanced fingerprinting technique and sent a TCP packet to an open TCP port with specific flags enabled. Upon receiving the reply, they noticed the flags were SYN and ECN-Echo. Which test did the ethical hacker conduct and why was this specific approach adopted?

Options:

A.

Test 3: The test was executed to observe the response of the target system when a packet with URG, PSH, SYN, and FIN flags was sent, thereby identifying the OS

B.

Qrest 1: The test was conducted because SYN and ECN-Echo flags enabled to allow the hacker to probe the nature of the response and subsequently determine the OS fingerprint

C.

Test 2: This test was chosen because a TCP packet with no flags enabled is known as a NULL packet and this would allow the hacker to assess the OS of the target

D.

Test 6; The hacker selected this test because a TCP packet with the ACK flag enabled sent to a closed TCP port would yield more information about the OS

Buy Now
Questions 10

Which of the following provides a security professional with most information about the system’s security posture?

Options:

A.

Phishing, spamming, sending trojans

B.

Social engineering, company site browsing tailgating

C.

Wardriving, warchalking, social engineering

D.

Port scanning, banner grabbing service identification

Buy Now
Questions 11

Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to access the network is not an authentic entity and verifies every incoming connection before allowing access to the network. Using this technique, he also imposed conditions such that employees can access only the resources required for their role.

What is the technique employed by Eric to secure cloud resources?

Options:

A.

Serverless computing

B.

Demilitarized zone

C.

Container technology

D.

Zero trust network

Buy Now
Questions 12

A Certified Ethical Hacker (CEH) is given the task to perform an LDAP enumeration on a target system. The system is secured and accepts connections only on secure LDAP. The CEH uses Python for the enumeration process. After successfully installing LDAP and establishing a connection with the target, he attempts to fetch details like the domain name and naming context but is unable to receive the expected response. Considering the circumstances, which of the following is the most plausible reason for this situation?

Options:

A.

The Python version installed on the CEH's machine is incompatible with the Idap3 library

B.

The secure LDAP connection was not properly initialized due to a lack of 'use_ssl = True' in the server object creation

C.

The enumeration process was blocked by the target system's intrusion detection system

D.

The system failed to establish a connection due to an incorrect port number

Buy Now
Questions 13

What is the following command used for?

sqlmap.py-u ,,https://10.10.1.20/?p=1 &forumaction=search" -dbs

Options:

A.

Creating backdoors using SQL injection

B.

A Enumerating the databases in the DBMS for the URL

C.

Retrieving SQL statements being executed on the database

D.

Searching database statements at the IP address given

Buy Now
Questions 14

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

Options:

A.

In-memory exploits

B.

Phishing

C.

Legitimate applications

D.

Script-based injection

Buy Now
Questions 15

A penetration tester is conducting an assessment of a web application for a financial institution. The application uses form-based authentication and does not implement account lockout policies after multiple failed login attempts. Interestingly, the application displays detailed error messages that disclose whether the username or password entered is incorrect. The tester also notices that the application uses HTTP headers to prevent clickjacking attacks but does not implement Content Security Policy (CSP). With these observations, which of the following attack methods would likely be the most effective for the penetration tester to exploit these vulnerabilities and attempt unauthorized access?

Options:

A.

The tester could execute a Brute Force attack, leveraging the lack of account lockout policy and the verbose error messages to guess the correct credentials

B.

The tester could exploit a potential SQL Injection vulnerability to manipulate the application's database

C.

The tester could launch a Cross-Site Scripting (XSS) attack to steal authenticated session cookies, potentially bypassing the clickjacking protection

D.

The tester could execute a Man-in-the-Middle (MitM) attack to intercept and modify the HTTP headers for a Clickjacking attack

Buy Now
Questions 16

Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed.

What is the port scanning technique used by Sam to discover open ports?

Options:

A.

Xmas scan

B.

IDLE/IPID header scan

C.

TCP Maimon scan

D.

ACK flag probe scan

Buy Now
Questions 17

You start performing a penetration test against a specific website and have decided to start from grabbing all the links from the main page.

What Is the best Linux pipe to achieve your milestone?

Options:

A.

dirb https://site.com | grep "site"

B.

curl -s https://sile.com | grep ‘’ < a href-\’http" | grep "Site-com- | cut -d "V" -f 2

C.

wget https://stte.com | grep "< a href=\*http" | grep "site.com"

D.

wgethttps://site.com | cut-d "http-

Buy Now
Questions 18

An experienced cyber attacker has created a fake Linkedin profile, successfully impersonating a high-ranking official from a well-established company, to execute a social engineering attack. The attacker then connected with other employees within the organization, receiving invitations to exclusive corporate events and gaining

access to proprietary project details shared within the network. What advanced social engineering technique has the attacker primarily used to exploit the system and what is the most likely immediate threat to the organization?

Options:

A.

Pretexting and Network Vulnerability

B.

Spear Phishing and Spam

C.

Whaling and Targeted Attacks

D.

Baiting and Involuntary Data Leakage

Buy Now
Questions 19

A certified ethical hacker is conducting a Whois footprinting activity on a specific domain. The individual is leveraging various tools such as Batch IP Converter and Whols Analyzer Pro to retrieve vital details but is unable to gather complete Whois information from the registrar for a particular set of data. As the hacker, what might be the probable data model being utilized by the domain's registrar for storing and looking up

Who is information?

Options:

A.

Thick Whois model with a malfunctioning server

B.

Thick Whois model working correctly

C.

Thin Whois model with a malfunctioning server

D.

Thin Whois model working correctly

Buy Now
Questions 20

Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is a free implementation of the OpenPGP standard that uses both symmetric-key cryptography and asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption software employed by Sam for securing the email messages?

Options:

A.

PGP

B.

S/MIME

C.

SMTP

D.

GPG

Buy Now
Questions 21

Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?

Options:

A.

Produces less false positives

B.

Can identify unknown attacks

C.

Requires vendor updates for a new threat

D.

Cannot deal with encrypted network traffic

Buy Now
Questions 22

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a computer system?

Options:

A.

Wireshark

B.

Maltego

C.

Metasploit

D.

Nessus

Buy Now
Questions 23

As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?

Options:

A.

Use symmetric encryption with the AES algorithm.

B.

Use the Diffie-Hellman protocol for key exchange and encryption.

C.

Apply asymmetric encryption with RSA and use the public key for encryption.

D.

Apply asymmetric encryption with RSA and use the private key for signing.

Buy Now
Questions 24

While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

Options:

A.

-sA

B.

-sX

C.

-sT

D.

-sF

Buy Now
Questions 25

An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent’s management information base (MIB)?

Options:

A.

snmp-check (snmp_enum Module) to gather a wide array of information about the target

B.

Nmap, with a script to retrieve all running SNMP processes and associated ports

C.

Oputits, are mainly designed for device management and not SNMP enumeration

D.

SnmpWalk, with a command to change an OID to a different value

Buy Now
Questions 26

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

Options:

A.

Reverse Social Engineering

B.

Tailgating

C.

Piggybacking

D.

Announced

Buy Now
Questions 27

if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST. what do you know about the firewall you are scanning?

Options:

A.

There is no firewall in place.

B.

This event does not tell you encrypting about the firewall.

C.

It is a stateful firewall

D.

It Is a non-stateful firewall.

Buy Now
Questions 28

You are an ethical hacker tasked with conducting an enumeration of a company’s network. Given a Windows system with NetBIOS enabled, port 139 open, and file and printer sharing active, you are about to run some nbtstat commands to enumerate NetBIOS names. The company uses |Pv6 for its network. Which of the

following actions should you take next?

Options:

A.

Use nbtstat -c to get the contents of the NetBIOS name cache

B.

use nbtstat -a followed by the IPv6 address of the target machine

C.

Utilize Nmap Scripting Engine (NSE) for NetBIOS enumeration

D.

Switch to an enumeration tool that supports IPv6

Buy Now
Questions 29

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that

permits users to authenticate once and gain access to multiple systems?

Options:

A.

Role Based Access Control (RBAC)

B.

Discretionary Access Control (DAC)

C.

Single sign-on

D.

Windows authentication

Buy Now
Questions 30

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

Options:

A.

c:\compmgmt.msc

B.

c:\services.msc

C.

c:\ncpa.cp

D.

c:\gpedit

Buy Now
Questions 31

Given the complexities of an organization’s network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethical Hacker (CEH), you are tasked with enhancing

the organization's security stance. To ensure a comprehensive security defense, you recommend a certain security strategy. Which of the following best represents the strategy you would likely suggest and why?

Options:

A.

Develop an in-depth Risk Management process, involving identification, assessment, treatment, tracking, and review of risks to control the potential effects on the organization.

B.

Establish a Defense-in-Depth strategy, incorporating multiple layers of security measures to increase the complexity and decrease the likelihood of a successful attack.

C.

Adopt a Continual/Adaptive Security Strategy involving ongoing prediction, prevention, detection, and response actions to ensure comprehensive computer network defense.

D.

Implement an Information Assurance (IA) policy focusing on ensuring the integrity, availability, confidentiality, and authenticity of information systems.

Buy Now
Questions 32

An IT company has just implemented new security controls to their network and system setup. As a Certified Ethical Hacker, your responsibility is to assess the possible vulnerabilities in the new setup. You are given the information that the network and system are adequately patched with the latest updates, and all employees have gone through recent cybersecurity awareness training. Considering the potential vulnerability sources,

what is the best initial approach to vulnerability assessment?

Options:

A.

Checking for hardware and software misconfigurations to identify any possible loopholes

B.

Evaluating the network for inherent technology weaknesses prone to specific types of attacks

C.

Investigating if any ex-employees still have access to the company’s system and data

D.

Conducting social engineering tests to check if employees can be tricked into revealing sensitive information

Buy Now
Questions 33

John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the rest of the employees. Before reporting the vulnerability, he examines the information shown by the vulnerability for two days without disclosing any information to third parties or other internal employees. He does so out of curiosity about the other employees and may take advantage of this information later. What would John be considered as?

Options:

A.

Cybercriminal

B.

Black hat

C.

White hat

D.

Gray hat

Buy Now
Questions 34

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.

Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

Options:

A.

.stm

B.

.html

C.

.rss

D.

.cms

Buy Now
Questions 35

Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can be integrated by Tony into the software program?

Options:

A.

TEA

B.

CAST-128

C.

RC5

D.

serpent

Buy Now
Questions 36

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

Date: Mon, 16 Jan 2011 01:41:33 GMT

Content-Type: text/html

Accept-Ranges: bytes

Last Modified: Wed, 28 Dec 2010 15:32:21 GMT

ETag:“b0aac0542e25c31:89d”

Content-Length: 7369

Which of the following is an example of what the engineer performed?

Options:

A.

Banner grabbing

B.

SQL injection

C.

Whois database query

D.

Cross-site scripting

Buy Now
Questions 37

Based on the below log, which of the following sentences are true?

Mar 1, 2016, 7:33:28 AM 10.240.250.23 - 54373 10.249.253.15 - 22 tcp_ip

Options:

A.

Application is FTP and 10.240.250.23 is the client and 10.249.253.15 is the server.

B.

Application is SSH and 10.240.250.23 is the server and 10.249.253.15 is the client.

C.

SSH communications are encrypted; it’s impossible to know who is the client or the server.

D.

Application is SSH and 10.240.250.23 is the client and 10.249.253.15 is the server.

Buy Now
Questions 38

To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?

Options:

A.

Exclamation mark (!)

B.

Underscore (_)

C.

Tilde H

D.

Period (.)

Buy Now
Questions 39

James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help of an open-source framework for performing automated reconnaissance activities. This framework helped James in gathering information using free tools and resources. What is the framework used by James to conduct footprinting and reconnaissance activities?

Options:

A.

WebSploit Framework

B.

Browser Exploitation Framework

C.

OSINT framework

D.

SpeedPhish Framework

Buy Now
Questions 40

A large corporate network is being subjected to repeated sniffing attacks. To increase security, the company’s IT department decides to implement a combination of several security measures. They permanently add theMAC address of the gateway to the ARP cache, switch to using IPv6 instead of IPv4, implement the use of encrypted sessions such as SSH instead of Telnet, and use Secure File Transfer Protocol instead of FTP.

However, they are still faced with the threat of sniffing. Considering the countermeasures, what should be their next step to enhance network security?

Options:

A.

Use HTTP instead of HTTPS for protecting usernames and passwords

B.

Implement network scanning and monitoring tools

C.

Enable network identification broadcasts

D.

Retrieve MAC addresses from the OS

Buy Now
Questions 41

Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target

system, he finds a list of hashed passwords.

Which of the following tools would not be useful for cracking the hashed passwords?

Options:

A.

John the Ripper

B.

Hashcat

C.

netcat

D.

THC-Hydra

Buy Now
Questions 42

An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the three-way handshake with an ACK packet, they send an RST packet. What kind of scan is the ethical hacker likely performing and what is their goal?

Options:

A.

They are performing an SYN scan to stealthily identify open ports without fully establishing a connection

B.

They are performing a TCP connect scan to identify open ports on the target machine

C.

They are performing a vulnerability scan to identify any weaknesses in the target system

D.

They are performing a network scan to identify live hosts and their IP addresses

Buy Now
Questions 43

As part of a college project, you have set up a web server for hosting your team's application. Given your interest in cybersecurity, you have taken the lead in securing the server. You are aware that hackers often attempt to exploit server misconfigurations. Which of the following actions would best protect your web server from potential misconfiguration-based attacks?

Options:

A.

Performing regular server configuration audits

B.

Enabling multi-factor authentication for users

C.

Implementing a firewall to filter traffic

D.

Regularly backing up server data

Buy Now
Questions 44

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?

Options:

A.

XML injection

B.

WS-Address spoofing

C.

SOAPAction spoofing

D.

Web services parsing attacks

Buy Now
Questions 45

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

Options:

A.

NetPass.exe

B.

Outlook scraper

C.

WebBrowserPassView

D.

Credential enumerator

Buy Now
Questions 46

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

Options:

A.

The nmap syntax is wrong.

B.

This is a common behavior for a corrupted nmap application.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D.

OS Scan requires root privileges.

Buy Now
Questions 47

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Options:

A.

Presentation tier

B.

Application Layer

C.

Logic tier

D.

Data tier

Buy Now
Questions 48

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

Options:

A.

VoIP footprinting

B.

VPN footprinting

C.

Whois footprinting

D.

Email footprinting

Buy Now
Questions 49

Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key does Bob use to encrypt the checksum for accomplishing this goal?

Options:

A.

Alice's private key

B.

Alice's public key

C.

His own private key

D.

His own public key

Buy Now
Questions 50

While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability.

The application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?

Options:

A.

UNION SQL Injection

B.

Blind/inferential SQL Injection

C.

In-band SQL Injection

D.

Error-based SOL Injection

Buy Now
Questions 51

In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web spiders were ineffective due to a specific file in its root directory. However, they managed to uncover all the files and web pages on the target site, monitoring the resulting incoming and outgoing traffic while browsing the website manually. What technique did the hacker likely employ to achieve this?

Options:

A.

Using Photon to retrieve archived URLs of the target website from archive.org

B.

Using the Netcraft tool to gather website information

C.

Examining HTML source code and cookies

D.

User-directed spidering with tools like Burp Suite and WebScarab

Buy Now
Questions 52

You have been hired as an intern at a start-up company. Your first task is to help set up a basic web server for the company’s new website. The team leader has asked you to make sure the server is secure from common - threats. Based on your knowledge from studying for the CEH exam, which of the following actions should be

your priority to secure the web server?

Options:

A.

Installing a web application firewall

B.

limiting the number of concurrent connections to the server

C.

Encrypting the company’s website with SSL/TLS

D.

Regularly updating and patching the server software

Buy Now
Questions 53

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric

types used by CVSS to measure these vulnerabilities?

Options:

A.

Temporal metric represents the inherent qualities of a vulnerability

B.

Base metric represents the inherent qualities of a vulnerability

C.

Environmental metric involves the features that change during the lifetime of the vulnerability

D.

Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation

Buy Now
Questions 54

An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?

Options:

A.

Try to disable the CSP to bypass script restrictions

B.

Inject a benign script inline to the form to see if it executes

C.

Utilize a script hosted on the application's domain to test the form

D.

Load a script from an external domain to test the vulnerability

Buy Now
Questions 55

During an Xmas scan what indicates a port is closed?

Options:

A.

No return response

B.

RST

C.

ACK

D.

SYN

Buy Now
Questions 56

E-mail scams and mail fraud are regulated by which of the following?

Options:

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Buy Now
Questions 57

During the process of encryption and decryption, what keys are shared?

Options:

A.

Private keys

B.

User passwords

C.

Public keys

D.

Public and private keys

Buy Now
Questions 58

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

Options:

A.

website defacement

B.

Server-side request forgery (SSRF) attack

C.

Web server misconfiguration

D.

web cache poisoning attack

Buy Now
Questions 59

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

Options:

A.

Attacker generates TCP SYN packets with random destination addresses towards a victim host

B.

Attacker floods TCP SYN packets with random source addresses towards a victim host

C.

Attacker generates TCP ACK packets with random source addresses towards a victim host

D.

Attacker generates TCP RST packets with random source addresses towards a victim host

Buy Now
Questions 60

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?

Options:

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

Buy Now
Questions 61

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

Options:

A.

verification

B.

Risk assessment

C.

Vulnerability scan

D.

Remediation

Buy Now
Questions 62

This kind of password cracking method uses word lists in combination with numbers and special characters:

Options:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Buy Now
Questions 63

Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence. Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

Options:

A.

Side-channel attack

B.

Replay attack

C.

CrypTanalysis attack

D.

Reconnaissance attack

Buy Now
Questions 64

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane's company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

Options:

A.

Dumpster diving

B.

Eavesdropping

C.

Shoulder surfing

D.

impersonation

Buy Now
Questions 65

Which of the following are well known password-cracking programs?

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Buy Now
Questions 66

The Payment Card Industry Data Security Standard (PCI DSS) contains six different categories of control objectives. Each objective contains one or more requirements, which must be followed in order to achieve compliance. Which of the following requirements would best fit under the objective, "Implement strong access control measures"?

Options:

A.

Regularly test security systems and processes.

B.

Encrypt transmission of cardholder data across open, public networks.

C.

Assign a unique ID to each person with computer access.

D.

Use and regularly update anti-virus software on all systems commonly affected by malware.

Buy Now
Questions 67

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Options:

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Buy Now
Questions 68

What hacking attack is challenge/response authentication used to prevent?

Options:

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Buy Now
Questions 69

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

Options:

A.

Tier-1: Developer machines

B.

Tier-4: Orchestrators

C.

Tier-3: Registries

D.

Tier-2: Testing and accreditation systems

Buy Now
Questions 70

Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

Options:

A.

Fed RAMP

B.

PCIDSS

C.

SOX

D.

HIPAA

Buy Now
Questions 71

Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

Options:

A.

BA810DBA98995F1817306D272A9441BB

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

0182BD0BD4444BF836077A718CCDF409

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

B757BF5C0D87772FAAD3B435B51404EE

F.

E52CAC67419A9A224A3B108F3FA6CB6D

Buy Now
Questions 72

In Trojan terminology, what is a covert channel?

312-50v12 Question 72

Options:

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Buy Now
Questions 73

Fingerprinting an Operating System helps a cracker because:

Options:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Buy Now
Questions 74

Which of the following commands checks for valid users on an SMTP server?

Options:

A.

RCPT

B.

CHK

C.

VRFY

D.

EXPN

Buy Now
Questions 75

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

Options:

A.

Intrusion Detection Systems can be configured to distinguish specific content in network packets

B.

Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

C.

Intrusion Detection Systems require constant update of the signature library

D.

Intrusion Detection Systems can examine the contents of the data n context of the network protocol

Buy Now
Questions 76

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Buy Now
Questions 77

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 78

what is the correct way of using MSFvenom to generate a reverse TCP shellcode for windows?

Options:

A.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f c

B.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f c

C.

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

D.

msfvenom -p windows/meterpreter/reverse_tcp RHOST=10.10.10.30 LPORT=4444 -f exe > shell.exe

Buy Now
Questions 79

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Buy Now
Questions 80

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

Options:

A.

The attacker queries a nameserver using the DNS resolver.

B.

The attacker makes a request to the DNS resolver.

C.

The attacker forges a reply from the DNS resolver.

D.

The attacker uses TCP to poison the ONS resofver.

Buy Now
Questions 81

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you.

He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.

What is Peter Smith talking about?

Options:

A.

Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

B.

"zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

C.

"Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

D.

Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Buy Now
Questions 82

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

Options:

A.

wireshark --fetch ''192.168.8*''

B.

wireshark --capture --local masked 192.168.8.0 ---range 24

C.

tshark -net 192.255.255.255 mask 192.168.8.0

D.

sudo tshark -f''net 192 .68.8.0/24''

Buy Now
Questions 83

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

312-50v12 Question 83

What is the hexadecimal value of NOP instruction?

Options:

A.

0x60

B.

0x80

C.

0x70

D.

0x90

Buy Now
Questions 84

which type of virus can change its own code and then cipher itself multiple times as it replicates?

Options:

A.

Stealth virus

B.

Tunneling virus

C.

Cavity virus

D.

Encryption virus

Buy Now
Questions 85

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

Options:

A.

True

B.

False

Buy Now
Questions 86

what is the port to block first in case you are suspicious that an loT device has been compromised?

Options:

A.

22

B.

443

C.

48101

D.

80

Buy Now
Questions 87

When discussing passwords, what is considered a brute force attack?

Options:

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Buy Now
Questions 88

You are a penetration tester tasked with testing the wireless network of your client Brakeme SA. You are attempting to break into the wireless network with the SSID "Brakeme-lnternal." You realize that this network uses WPA3 encryption, which of the following vulnerabilities is the promising to exploit?

Options:

A.

Dragonblood

B.

Cross-site request forgery

C.

Key reinstallation attack

D.

AP Myconfiguration

Buy Now
Questions 89

What is the purpose of DNS AAAA record?

Options:

A.

Authorization, Authentication and Auditing record

B.

Address prefix record

C.

Address database record

D.

IPv6 address resolution record

Buy Now
Questions 90

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

Options:

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Buy Now
Questions 91

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 92

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.

Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?

Options:

A.

Union-based SQLI

B.

Out-of-band SQLI

C.

ln-band SQLI

D.

Time-based blind SQLI

Buy Now
Questions 93

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

Options:

A.

httpd.conf

B.

administration.config

C.

idq.dll

D.

php.ini

Buy Now
Questions 94

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

Options:

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Buy Now
Questions 95

An attacker runs netcat tool to transfer a secret file between two hosts.

312-50v12 Question 95

He is worried about information being sniffed on the network.

How would the attacker use netcat to encrypt the information before transmitting onto the wire?

Options:

A.

Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat 1234

B.

Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat 1234

C.

Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password

D.

Use cryptcat instead of netcat

Buy Now
Questions 96

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Buy Now
Questions 97

Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario?

Options:

A.

WebSite Watcher

B.

web-Stat

C.

Webroot

D.

WAFW00F

Buy Now
Questions 98

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

Options:

A.

list server=192.168.10.2 type=all

B.

is-d abccorp.local

C.

Iserver 192.168.10.2-t all

D.

List domain=Abccorp.local type=zone

Buy Now
Questions 99

Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven’s iPhone through the infected computer and is able to monitor and read all of Steven’s activity on the iPhone, even after the device is out of the communication zone.

Which of the following attacks is performed by Clark in above scenario?

Options:

A.

IOS trustjacking

B.

lOS Jailbreaking

C.

Exploiting SS7 vulnerability

D.

Man-in-the-disk attack

Buy Now
Questions 100

What piece of hardware on a computer's motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

Options:

A.

CPU

B.

GPU

C.

UEFI

D.

TPM

Buy Now
Questions 101

Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this. James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks. What is the tool employed by James in the above scenario?

Options:

A.

ophcrack

B.

Hootsuite

C.

VisualRoute

D.

HULK

Buy Now
Questions 102

Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcasting forged DHCP requests and leased all the DHCP addresses available in the DHCP scope until the server could not issue any more IP addresses. This led to a Dos attack, and as a result, legitimate employees were unable to access the clients network. Which of the following attacks did Abel perform in the above scenario?

Options:

A.

VLAN hopping

B.

DHCP starvation

C.

Rogue DHCP server attack

D.

STP attack

Buy Now
Questions 103

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

Options:

A.

Docker client

B.

Docker objects

C.

Docker daemon

D.

Docker registries

Buy Now
Questions 104

Henry Is a cyber security specialist hired by BlackEye - Cyber security solutions. He was tasked with discovering the operating system (OS) of a host. He used the Unkornscan tool to discover the OS of the target system. As a result, he obtained a TTL value, which Indicates that the target system is running a Windows OS. Identify the TTL value Henry obtained, which indicates that the target OS is Windows.

Options:

A.

64

B.

128

C.

255

D.

138

Buy Now
Questions 105

A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

Options:

A.

Credentialed assessment

B.

Database assessment

C.

Host-based assessment

D.

Distributed assessment

Buy Now
Questions 106

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

Options:

A.

Cross-site scripting

B.

Denial of service

C.

SQL injection

D.

Directory traversal

Buy Now
Questions 107

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

Options:

A.

Time Keeper

B.

NTP

C.

PPP

D.

OSPP

Buy Now
Questions 108

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP tailback or push APIs that are raised based on trigger events: when invoked, this feature supplies data to other applications so that users can instantly receive real-time Information.

Which of the following techniques is employed by Susan?

Options:

A.

web shells

B.

Webhooks

C.

REST API

D.

SOAP API

Buy Now
Questions 109

You are a penetration tester working to test the user awareness of the employees of the client xyz. You harvested two employees' emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

Options:

A.

Reconnaissance

B.

Command and control

C.

Weaponization

D.

Exploitation

Buy Now
Questions 110

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

what tests would you perform to determine whether his computer Is Infected?

Options:

A.

Use ExifTool and check for malicious content.

B.

You do not check; rather, you immediately restore a previous snapshot of the operating system.

C.

Upload the file to VirusTotal.

D.

Use netstat and check for outgoing connections to strange IP addresses or domains.

Buy Now
Questions 111

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.

What is this document called?

Options:

A.

Information Audit Policy (IAP)

B.

Information Security Policy (ISP)

C.

Penetration Testing Policy (PTP)

D.

Company Compliance Policy (CCP)

Buy Now
Questions 112

Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following results:

TTL: 64 Window Size: 5840

What is the OS running on the target machine?

Options:

A.

Solaris OS

B.

Windows OS

C.

Mac OS

D.

Linux OS

Buy Now
Questions 113

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Options:

A.

-T5

B.

-O

C.

-T0

D.

-A

Buy Now
Questions 114

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host

10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he

applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access

the Internet. According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

Options:

A.

The ACL 104 needs to be first because is UDP

B.

The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C.

The ACL for FTP must be before the ACL 110

D.

The ACL 110 needs to be changed to port 80

Buy Now
Questions 115

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Buy Now
Questions 116

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

Options:

A.

Circuit

B.

Stateful

C.

Application

D.

Packet Filtering

Buy Now
Questions 117

What is the proper response for a NULL scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Buy Now
Questions 118

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.

What is the best Nmap command you will use?

Options:

A.

nmap -T4 -q 10.10.0.0/24

B.

nmap -T4 -F 10.10.0.0/24

C.

nmap -T4 -r 10.10.1.0/24

D.

nmap -T4 -O 10.10.0.0/24

Buy Now
Questions 119

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

Options:

A.

The CFO can use a hash algorithm in the document once he approved the financial statements

B.

The CFO can use an excel file with a password

C.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

D.

The document can be sent to the accountant using an exclusive USB for that document

Buy Now
Questions 120

What is correct about digital signatures?

Options:

A.

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

B.

Digital signatures may be used in different documents of the same type.

C.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

D.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Buy Now
Questions 121

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

Options:

A.

A firewall IPTable

B.

FTP Server rule

C.

A Router IPTable

D.

An Intrusion Detection System

Buy Now
Questions 122

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network. What testing method did you use?

Options:

A.

Social engineering

B.

Piggybacking

C.

Tailgating

D.

Eavesdropping

Buy Now
Questions 123

Your company was hired by a small healthcare provider to perform a technical assessment on the network.

What is the best approach for discovering vulnerabilities on a Windows-based computer?

Options:

A.

Use the built-in Windows Update tool

B.

Use a scan tool like Nessus

C.

Check MITRE.org for the latest list of CVE findings

D.

Create a disk image of a clean Windows installation

Buy Now
Questions 124

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

Options:

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Buy Now
Questions 125

Which of the following program infects the system boot sector and the executable files at the same time?

Options:

A.

Polymorphic virus

B.

Stealth virus

C.

Multipartite Virus

D.

Macro virus

Buy Now
Questions 126

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

Options:

A.

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B.

Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C.

Symmetric encryption allows the server to security transmit the session keys out-of-band.

D.

Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Buy Now
Questions 127

Study the snort rule given below:

312-50v12 Question 127

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Buy Now
Questions 128

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

Options:

A.

Traffic is Blocked on UDP Port 53

B.

Traffic is Blocked on TCP Port 80

C.

Traffic is Blocked on TCP Port 54

D.

Traffic is Blocked on UDP Port 80

Buy Now
Questions 129

What is the minimum number of network connections in a multihomed firewall?

Options:

A.

3

B.

5

C.

4

D.

2

Buy Now
Questions 130

Why should the security analyst disable/remove unnecessary ISAPI filters?

Options:

A.

To defend against social engineering attacks

B.

To defend against webserver attacks

C.

To defend against jailbreaking

D.

To defend against wireless attacks

Buy Now
Questions 131

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com ", the user is directed to a phishing site.

Which file does the attacker need to modify?

Options:

A.

Boot.ini

B.

Sudoers

C.

Networks

D.

Hosts

Buy Now
Questions 132

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the Prometric Online Testing – Reports https://ibt1.prometric.com/users/custom/report_queue/rq_str... corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

Blooover

D.

BBCrack

Buy Now
Questions 133

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.

You also notice "/bin/sh" in the ASCII part of the output.

As an analyst what would you conclude about the attack?

312-50v12 Question 133

Options:

A.

The buffer overflow attack has been neutralized by the IDS

B.

The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

Buy Now
Questions 134

What is the purpose of a demilitarized zone on a network?

Options:

A.

To scan all traffic coming through the DMZ to the internal network

B.

To only provide direct access to the nodes within the DMZ and protect the network behind it

C.

To provide a place to put the honeypot

D.

To contain the network devices you wish to protect

Buy Now
Questions 135

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Options:

A.

Spanning tree

B.

Dynamic ARP Inspection (DAI)

C.

Port security

D.

Layer 2 Attack Prevention Protocol (LAPP)

Buy Now
Questions 136

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Options:

A.

ESP transport mode

B.

ESP confidential

C.

AH permiscuous

D.

AH Tunnel mode

Buy Now
Questions 137

You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?

collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

Options:

A.

One day

B.

One hour

C.

One week

D.

One month

Buy Now
Questions 138

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Macro virus

B.

Stealth/Tunneling virus

C.

Cavity virus

D.

Polymorphic virus

Buy Now
Questions 139

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Buy Now
Questions 140

Which method of password cracking takes the most time and effort?

Options:

A.

Dictionary attack

B.

Shoulder surfing

C.

Rainbow tables

D.

Brute force

Buy Now
Questions 141

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

Options:

A.

Application

B.

Transport

C.

Session

D.

Presentation

Buy Now
Questions 142

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Options:

A.

tcpsplice

B.

Burp

C.

Hydra

D.

Whisker

Buy Now
Questions 143

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

Options:

A.

John the Ripper

B.

SET

C.

CHNTPW

D.

Cain & Abel

Buy Now
Questions 144

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Traceroute

B.

Hping

C.

TCP ping

D.

Broadcast ping

Buy Now
Questions 145

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

John the Ripper

C.

Dsniff

D.

Snort

Buy Now
Questions 146

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

Options:

A.

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B.

A backdoor placed into a cryptographic algorithm by its creator.

C.

Extraction of cryptographic secrets through coercion or torture.

D.

Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Buy Now
Questions 147

Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

Options:

A.

Kismet

B.

Abel

C.

Netstumbler

D.

Nessus

Buy Now
Questions 148

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D.

Overwrites the original MBR and only executes the new virus code.

Buy Now
Questions 149

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.

What is the most likely cause?

Options:

A.

The network devices are not all synchronized.

B.

Proper chain of custody was not observed while collecting the logs.

C.

The attacker altered or erased events from the logs.

D.

The security breach was a false positive.

Buy Now
Questions 150

Which of the following is a component of a risk assessment?

Options:

A.

Administrative safeguards

B.

Physical security

C.

DMZ

D.

Logical interface

Buy Now
Questions 151

What tool can crack Windows SMB passwords simply by listening to network traffic?

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Buy Now
Questions 152

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Buy Now
Questions 153

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Options:

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Buy Now
Questions 154

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command shows that the “nc” file is running as process, and the netstat command shows the “nc” process is listening on a network port.

What kind of vulnerability must be present to make this remote attack possible?

Options:

A.

File system permissions

B.

Privilege escalation

C.

Directory traversal

D.

Brute force login

Buy Now
Questions 155

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Buy Now
Questions 156

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

Options:

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Buy Now
Questions 157

Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.

A camera captures people walking and identifies the individuals using Steve’s approach.

After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

Options:

A.

Although the approach has two phases, it actually implements just one authentication factor

B.

The solution implements the two authentication factors: physical object and physical characteristic

C.

The solution will have a high level of false positives

D.

Biological motion cannot be used to identify people

Buy Now
Questions 158

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Options:

A.

DNSSEC

B.

Resource records

C.

Resource transfer

D.

Zone transfer

Buy Now
Questions 159

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

Options:

A.

Transport layer port numbers and application layer headers

B.

Presentation layer headers and the session layer port numbers

C.

Network layer headers and the session layer port numbers

D.

Application layer port numbers and the transport layer headers

Buy Now
Questions 160

What is the following command used for?

net use \targetipc$ "" /u:""

Options:

A.

Grabbing the etc/passwd file

B.

Grabbing the SAM

C.

Connecting to a Linux computer through Samba.

D.

This command is used to connect as a null session

E.

Enumeration of Cisco routers

Buy Now
Questions 161

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

Options:

A.

Linux

B.

Unix

C.

OS X

D.

Windows

Buy Now
Questions 162

What is the role of test automation in security testing?

Options:

A.

It is an option but it tends to be very expensive.

B.

It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

C.

Test automation is not usable in security due to the complexity of the tests.

D.

It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Buy Now
Questions 163

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an organization?

Options:

A.

Preparation phase

B.

Containment phase

C.

Identification phase

D.

Recovery phase

Buy Now
Questions 164

The change of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk. It will require a further 4 hours to restore the database from the last backup to the new hard disk. The recovery person earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1(100%). What is the closest approximate cost of this replacement and recovery operation per year?

Options:

A.

$1320

B.

$440

C.

$100

D.

$146

Buy Now
Questions 165

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

Options:

A.

tcp.srcport= = 514 && ip.src= = 192.168.0.99

B.

tcp.srcport= = 514 && ip.src= = 192.168.150

C.

tcp.dstport= = 514 && ip.dst= = 192.168.0.99

D.

tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Buy Now
Questions 166

Which of the following Linux commands will resolve a domain name into IP address?

Options:

A.

>host-t a hackeddomain.com

B.

>host-t ns hackeddomain.com

C.

>host -t soa hackeddomain.com

D.

>host -t AXFR hackeddomain.com

Buy Now
Questions 167

Under what conditions does a secondary name server request a zone transfer from a primary name server?

Options:

A.

When a primary SOA is higher that a secondary SOA

B.

When a secondary SOA is higher that a primary SOA

C.

When a primary name server has had its service restarted

D.

When a secondary name server has had its service restarted

E.

When the TTL falls to zero

Buy Now
Questions 168

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

Options:

A.

Exploration

B.

Investigation

C.

Reconnaissance

D.

Enumeration

Buy Now
Questions 169

Which of the following tools are used for enumeration? (Choose three.)

Options:

A.

SolarWinds

B.

USER2SID

C.

Cheops

D.

SID2USER

E.

DumpSec

Buy Now
Questions 170

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.

When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

Options:

A.

Wireshark

B.

Ettercap

C.

Aircrack-ng

D.

Tcpdump

Buy Now
Questions 171

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

Options:

A.

SFTP

B.

Ipsec

C.

SSL

D.

FTPS

Buy Now
Exam Code: 312-50v12
Exam Name: Certified Ethical Hacker Exam (CEHv12)
Last Update: Nov 20, 2024
Questions: 572

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now 312-50v12 testing engine

PDF (Q&A)

$31.5  $104.99
buy now 312-50v12 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024