11 April, 2021

A Review Of 100% Correct 312-50v11 Exam Question

Cause all that matters here is passing the EC-Council 312-50v11 exam. Cause all that you need is a high score of 312-50v11 Certified Ethical Hacker Exam (CEH v11) exam. The only one thing you need to do is downloading Passleader 312-50v11 exam study guides now. We will not let you down with our money-back guarantee.

Free 312-50v11 Demo Online For EC-Council Certifitcation:

Page: 1 / 21

Total 254 questions Full Exam Access

Question 1

Which of the following tools can be used to perform a zone transfer?

NSLookup

Finger

Dig

Sam Spade

Host

Netcat

Neotrace

Question 2

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

har.txt

SAM file

wwwroot

Repair file

Question 3

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Perform a vulnerability scan of the system.

Determine the impact of enabling the audit feature.

Perform a cost/benefit analysis of the audit feature.

Allocate funds for staffing of audit log review.

Question 4

Which system consists of a publicly available set of databases that contain domain name registration contact information?

WHOIS

CAPTCHA

IANA

IETF

Question 5

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

Gateway-based IDS

Network-based IDS

Host-based IDS

Open source-based

Question 6

The collection of potentially actionable, overt, and publicly available information is known as

Open-source intelligence

Real intelligence

Social intelligence

Human intelligence

Question 7

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

The amount of time and resources that are necessary to maintain a biometric system

How long it takes to setup individual user accounts

The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information

The amount of time it takes to convert biometric data into a template on a smart card

Question 8

Which type of sniffing technique is generally referred as MiTM attack?
312-50v11 dumps exhibit

Password Sniffing

ARP Poisoning

Mac Flooding

DHCP Sniffing

Question 9

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

The network devices are not all synchronized.

Proper chain of custody was not observed while collecting the logs.

The attacker altered or erased events from the logs.

The security breach was a false positive.

Question 10

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?

Network elements must be hardened with user ids and strong password

Regular security tests and audits should be performed.

As long as the physical access to the network elements is restricted, there is no need for additional measures.

There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.

The operator knows that attacks and down time are inevitable and should have a backup site.

Question 11

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?
312-50v11 dumps exhibit

The buffer overflow attack has been neutralized by the IDS

The attacker is creating a directory on the compromised machine

The attacker is attempting a buffer overflow attack and has succeeded

The attacker is attempting an exploit that launches a command-line shell

Question 12

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

MD4

DES

SHA

SSL

Question 13

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?

110

135

139

161

445

1024

Question 14

This TCP flag instructs the sending system to transmit all buffered data immediately.

SYN

RST

PSH

URG

FIN

Question 15

Which of the following tools are used for enumeration? (Choose three.)

SolarWinds

USER2SID

Cheops

SID2USER

DumpSec

Question 16

Which results will be returned with the following Google search query? site:target.com – site:Marketing.target.com accounting

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.

Results matching all words in the query.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

Question 17

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ““FTP on the network!””;)

A firewall IPTable

FTP Server rule

A Router IPTable

An Intrusion Detection System

Question 18

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

Honeypots

Firewalls

Network-based intrusion detection system (NIDS)

Host-based intrusion detection system (HIDS)

Question 19

What is the role of test automation in security testing?

It is an option but it tends to be very expensive.

It should be used exclusivel

Manual testing is outdated because of low speed and possible test setup inconsistencies.

Test automation is not usable in security due to the complexity of the tests.

It can accelerate benchmark tests and repeat them with a consistent test setu

But it cannot replace manual testing completely.

Question 20

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE). PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine. What Nmap script will help you with this task?

http-methods

http enum

http-headers

http-git

Question 21

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?

Botnet Attack

Spear Phishing Attack

Advanced Persistent Threats

Rootkit Attack

Question 22

You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

One day

One hour

One week

One month

Question 23

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

Make sure that legitimate network routers are configured to run routing protocols with authentication.

Disable all routing protocols and only use static routes

Only using OSPFv3 will mitigate this risk.

Redirection of the traffic cannot happen unless the admin allows it explicitly.

Question 24

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

Use the built-in Windows Update tool

Use a scan tool like Nessus

Check MITRE.org for the latest list of CVE findings

Create a disk image of a clean Windows installation

Page: 1 / 21

Total 254 questions Full Exam Access