• Home
  • Articles
  • Enhance your career with 312-50v11 PDF Dumps - True EC-COUNCIL Exam Questions [Q210-Q234]

Enhance your career with 312-50v11 PDF Dumps - True EC-COUNCIL Exam Questions [Q210-Q234]

Share

Enhance your career with 312-50v11 PDF Dumps - True EC-COUNCIL Exam Questions

New (2024) Download free 312-50v11 PDF for EC-COUNCIL Practice Tests


The CEH v11 certification exam is designed to test the knowledge and skills of an individual in various areas, including ethical hacking techniques, network scanning, enumeration, system hacking, Trojans and backdoors, viruses and worms, and social engineering. 312-50v11 exam also covers topics such as cryptography, web application security, wireless network security, and cloud security. The CEH certification is an essential certification for professionals who are involved in information security, risk management, and compliance.


Succeeding with Affiliated Certification

Victory in the EC-Council 312-50v11 exam leads to obtaining the Certified Ethical Hacker (CEH) certification from the vendor. This designation is the stepping stone of an extraordinary career as, without asking stringent prerequisites, it gives quicker access to industry-specific and in-demand hacking skills. When explored in full swing, this certificate serves as a means of achieving significance in the related industry while obtaining verified cognizance about methodologies required for self-regulating hacking. Not only is it an absolute launching-pad for industry beginners, but it also takes the career of in-service specialists at zeniths as it unblocks the path for the high-end EC-Council certifications like the CPENT or LPT.


Who Is 312-50v11 Exam Intended For?

This test is intended for specialists who have experience in the hacking and security field. Usually, security specialists, site administrators, and auditors apply for this certification exam. Anyone concerned with network infrastructure and who wants to excel in their career in information security should take such validation. You need at least 2 years of experience to be eligible for the official exam.

 

NEW QUESTION # 210
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is the most likely able to handle this requirement?

  • A. TACACS+
  • B. Kerberos
  • C. RADIUS
  • D. DIAMETER

Answer: C


NEW QUESTION # 211
Cross-site request forgery involves:

  • A. A browser making a request to a server without the user's knowledge
  • B. A request sent by a malicious user from a browser to a server
  • C. A server making a request to another server without the user's knowledge
  • D. Modification of a request by a proxy between client and server

Answer: A


NEW QUESTION # 212
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the
192.168.1.0/24. Which of the following has occurred?

  • A. The gateway and the computer are not on the same network.
  • B. The computer is using an invalid IP address.
  • C. The computer is not using a private IP address.
  • D. The gateway is not routing to a public IP address.

Answer: D


NEW QUESTION # 213
DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

  • A. Layer 2 Attack Prevention Protocol (LAPP)
  • B. Spanning tree
  • C. Dynamic ARP Inspection (DAI)
  • D. Port security

Answer: C


NEW QUESTION # 214
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m.
What is the short-range wireless communication technology George employed in the above scenario?

  • A. NB-IoT
  • B. Zigbee
  • C. LPWAN
  • D. MQTT

Answer: B


NEW QUESTION # 215
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

  • A. Error-based injection
  • B. Boolean-based blind SQL injection
  • C. Blind SQL injection
  • D. Allnion SQL injection

Answer: D


NEW QUESTION # 216
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.
What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

  • A. Denial-of-service attack
  • B. HMI-based attack
  • C. Buffer overflow attack
  • D. Side-channel attack

Answer: B


NEW QUESTION # 217
While testing a web application in development, you notice that the web server does not properly ignore the
"dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server.
What kind of attack is possible in this scenario?

  • A. Denial of service
  • B. Directory traversal
  • C. SQL injection
  • D. Cross-site scripting

Answer: B

Explanation:
Explanation
Appropriately controlling admittance to web content is significant for running a safe web worker. Index crossing or Path Traversal is a HTTP assault which permits aggressors to get to limited catalogs and execute orders outside of the web worker's root registry.
Web workers give two primary degrees of security instruments
* Access Control Lists (ACLs)
* Root index
An Access Control List is utilized in the approval cycle. It is a rundown which the web worker's manager uses to show which clients or gatherings can get to, change or execute specific records on the worker, just as other access rights.
The root registry is a particular index on the worker record framework in which the clients are kept. Clients can't get to anything over this root.
For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with this arrangement, a client doesn't approach C:\Windows yet approaches C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog (given that the client is confirmed by means of the ACLs).
The root index keeps clients from getting to any documents on the worker, for example, C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on Linux/UNIX stages.
This weakness can exist either in the web worker programming itself or in the web application code.
To play out a registry crossing assault, all an assailant requires is an internet browser and some information on where to aimlessly discover any default documents and registries on the framework.
What an assailant can do if your site is defenselessWith a framework defenseless against index crossing, an aggressor can utilize this weakness to venture out of the root catalog and access different pieces of the record framework. This may enable the assailant to see confined documents, which could give the aggressor more data needed to additional trade off the framework.
Contingent upon how the site access is set up, the aggressor will execute orders by mimicking himself as the client which is related with "the site". Along these lines everything relies upon what the site client has been offered admittance to in the framework.
Illustration of a Directory Traversal assault by means of web application codeIn web applications with dynamic pages, input is generally gotten from programs through GET or POST solicitation techniques. Here is an illustration of a HTTP GET demand URL GET
http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1
Host: test.webarticles.com
With this URL, the browser requests the dynamic page show.asp from the server and with it also sends the parameter view with the value of oldarchive.html. When this request is executed on the web server, show.asp retrieves the file oldarchive.html from the server's file system, renders it and then sends it back to the browser which displays it to the user. The attacker would assume that show.asp can retrieve files from the file system and sends the following custom URL.
GET
http://test.webarticles.com
/show.asp?view=../../../../../Windows/system.ini HTTP/1.1
Host: test.webarticles.com
This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user.
The expression ../ instructs the system to go one directory up which is commonly used as an operating system directive. The attacker has to guess how many directories he has to go up to find the Windows folder on the system, but this is easily done by trial and error.
Example of a Directory Traversal attack via web serverApart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks. The problem can either be incorporated into the web server software or inside some sample script files left available on the server.
The vulnerability has been fixed in the latest versions of web server software, but there are web servers online which are still using older versions of IIS and Apache which might be open to directory traversal attacks. Even though you might be using a web server software version that has fixed this vulnerability, you might still have some sensitive default script directories exposed which are well known to hackers.
For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be GET
http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1 Host: server.com The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe command shell file and run the command dir c:\ in the shell. The %5c expression that is in the URL request is a web server escape code which is used to represent normal characters. In this case %5c represents the character \.
Newer versions of modern web server software check for these escape codes and do not let them through.
Some older versions however, do not filter out these codes in the root directory enforcer and will let the attackers execute such commands.


NEW QUESTION # 218
An attacker scans a host with the below command. Which three flags are set?
# nmap -sX host.domain.com

  • A. This is SYN scan. SYN flag is set.
  • B. This is Xmas scan. SYN and ACK flags are set.
  • C. This is Xmas scan. URG, PUSH and FIN are set.
  • D. This is ACK scan. ACK flag is set.

Answer: C


NEW QUESTION # 219
Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discovered a service that is accessible to external sources. This service runs directly on port 21. What is the service enumerated byjames in the above scenario?

  • A. Border Gateway Protocol (BGP)
  • B. Network File System (NFS)
  • C. Remote procedure call (RPC)
  • D. File Transfer Protocol (FTP)

Answer: D


NEW QUESTION # 220
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered.
John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SVN ping scan?

  • A. Anmap -sn -PS < target IP address >
  • B. nmap -sn -pp < target ip address >
  • C. nmap -sn -PO < target IP address >
  • D. nmap -sn -PA < target IP address >

Answer: A


NEW QUESTION # 221
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary In the above scenario.

  • A. Use of DNS tunneling
  • B. Unspecified proxy activities
  • C. Data staging
  • D. use of command-line interface

Answer: B

Explanation:
A proxy server acts as a gateway between you and therefore the internet. It's an intermediary server separating end users from the websites they browse. Proxy servers provide varying levels of functionality, security, and privacy counting on your use case, needs, or company policy. If you're employing a proxy server, internet traffic flows through the proxy server on its thanks to the address you requested. A proxy server is essentially a computer on the web with its own IP address that your computer knows. once you send an internet request, your request goes to the proxy server first. The proxy server then makes your web request on your behalf, collects the response from the online server, and forwards you the online page data so you'll see the page in your browser.


NEW QUESTION # 222
Emily, an extrovert obsessed with social media, posts a large amount of private information, photographs, and location tags of recently visited places. Realizing this, James, a professional hacker, targets Emily and her acquaintances, conducts a location search to detect their geolocation by using an automated tool, and gathers information to perform other sophisticated attacks.
What is the tool employed by James in the above scenario?

  • A. VisualRoute
  • B. Hootsuite
  • C. HULK
  • D. ophcrack

Answer: B


NEW QUESTION # 223
Steven connected his iPhone to a public computer that had been infected by Clark, an attacker. After establishing the connection with the public computer, Steven enabled iTunes WI-FI sync on the computer so that the device could continue communication with that computer even after being physically disconnected. Now, Clark gains access to Steven's iPhone through the infected computer and is able to monitor and read all of Steven's activity on the iPhone, even after the device is out of the communication zone.
Which of the following attacks is performed by Clark in above scenario?

  • A. IOS trustjacking
  • B. Exploiting SS7 vulnerability
  • C. Man-in-the-disk attack
  • D. lOS Jailbreaking

Answer: A

Explanation:
An iPhone client's most noticeably terrible bad dream is to have somebody oversee his/her gadget, including the capacity to record and control all action without waiting be in a similar room. In this blog entry, we present another weakness called "Trustjacking", which permits an aggressor to do precisely that.
This weakness misuses an iOS highlight called iTunes Wi-Fi sync, which permits a client to deal with their iOS gadget without genuinely interfacing it to their PC. A solitary tap by the iOS gadget proprietor when the two are associated with a similar organization permits an assailant to oversee the gadget. Furthermore, we will stroll through past related weaknesses and show the progressions that iPhone has made to alleviate them, and why these are adequately not to forestall comparative assaults.
After interfacing an iOS gadget to another PC, the clients are being found out if they trust the associated PC or not. Deciding to believe the PC permits it to speak with the iOS gadget by means of the standard iTunes APIs.
This permits the PC to get to the photographs on the gadget, perform reinforcement, introduce applications and considerably more, without requiring another affirmation from the client and with no recognizable sign. Besides, this permits enacting the "iTunes Wi-Fi sync" highlight, which makes it conceivable to proceed with this sort of correspondence with the gadget even after it has been detached from the PC, as long as the PC and the iOS gadget are associated with a similar organization. It is intriguing to take note of that empowering "iTunes Wi-Fi sync" doesn't need the casualty's endorsement and can be directed simply from the PC side.
Getting a live stream of the gadget's screen should be possible effectively by consistently requesting screen captures and showing or recording them distantly.
It is imperative to take note of that other than the underlying single purpose of disappointment, approving the vindictive PC, there is no other component that forestalls this proceeded with access. Likewise, there isn't anything that informs the clients that by approving the PC they permit admittance to their gadget even in the wake of detaching the USB link.


NEW QUESTION # 224
Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientSec, and RestrictSendingNTLMTraffic. He then extracted all the non-network logon tokens from all the active processes to masquerade as a legitimate user to launch further attacks. What is the type of attack performed by Simon?

  • A. Combinator attack
  • B. Dictionary attack
  • C. Rainbow table attack
  • D. Internal monologue attack

Answer: D


NEW QUESTION # 225
In an attempt to increase the security of your network, you implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know it.
How do you accomplish this?

  • A. Delete the wireless network
  • B. Disable SSID broadcasting
  • C. Lock all users
  • D. Remove all passwords

Answer: B


NEW QUESTION # 226
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

  • A. c:\ncpa.cp
  • B. c:\gpedit
  • C. c:\services.msc
  • D. c:\compmgmt.msc

Answer: D

Explanation:
Explanation
To start the Computer Management Console from command line just type compmgmt.msc
/computer:computername in your run box or at the command line and it should automatically open the Computer Management console.
References:
http://www.waynezim.com/tag/compmgmtmsc/


NEW QUESTION # 227
Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

  • A. -O
  • B. -T0
  • C. -T5
  • D. -A

Answer: C


NEW QUESTION # 228
Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?

  • A. Trojan
  • B. Rootkit
  • C. Worm
  • D. Adware

Answer: C


NEW QUESTION # 229
What port number is used by LDAP protocol?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B


NEW QUESTION # 230
An LDAP directory can be used to store information similar to a SQL database. LDAP uses a _____ database structure instead of SQL's _____ structure. Because of this, LDAP has difficulty representing many-to-one relationships.

  • A. Hierarchical, Relational
  • B. Relational, Hierarchical
  • C. Simple, Complex
  • D. Strict, Abstract

Answer: A


NEW QUESTION # 231
What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment-

  • A. Behaviour based
  • B. Heuristics based
  • C. VCloud based
  • D. Honypot based

Answer: C


NEW QUESTION # 232
Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.
What is the type of vulnerability assessment that Jude performed on the organization?

  • A. Passive assessment
  • B. External assessment
  • C. Application assessment
  • D. Host-based assessment

Answer: B


NEW QUESTION # 233
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

  • A. 0x70
  • B. 0x80
  • C. 0x90
  • D. 0x60

Answer: C


NEW QUESTION # 234
......

100% Free 312-50v11 Files For passing the exam Quickly: https://www.actualpdf.com/312-50v11_exam-dumps.html

312-50v11 Dumps Questions Study Exam Guide : https://drive.google.com/open?id=11g0ShsPMemV-vo8brSW5mRKGZ-n9_KoS

Related Articles

more
EC-COUNCIL 312-50v11 Certification Practice Exam