01 September, 2020

Abreast Of The Times 312-50v10 Study Guides For Certified Ethical Hacker V10 Certification

Act now and download your EC-Council 312-50v10 test today! Do not waste time for the worthless EC-Council 312-50v10 tutorials. Download Latest EC-Council Certified Ethical Hacker v10 exam with real questions and answers and begin to learn EC-Council 312-50v10 with a classic professional.

Check 312-50v10 free dumps before getting the full version:

Page: 1 / 61

Total 736 questions Full Exam Access

Question 1

- (Exam Topic 7)
MX record priority increases as the number increases. (True/False.)

True

False

Question 2

- (Exam Topic 3)
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

To get messaging programs to function with this algorithm requires complex configurations.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Question 3

- (Exam Topic 4)
Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?

Immediately stop work and contact the proper legal authorities.

Copy the data to removable media and keep it in case you need it.

Confront the client in a respectful manner and ask her about the data.

Ignore the data and continue the assessment until completed as agreed.

Question 4

- (Exam Topic 1)
You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?

Double quotation

Backslash

Semicolon

Single quotation

Question 5

- (Exam Topic 4)
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

ESP transport mode

AH permiscuous

ESP confidential

AH Tunnel mode

Question 6

- (Exam Topic 2)
The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and

non-repudiation.

operability.

security.

usability.

Question 7

- (Exam Topic 4)
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

Create User Account

Disable Key Services

Disable IPTables

Download and Install Netcat

Question 8

- (Exam Topic 2)
A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

IP Security (IPSEC)

Multipurpose Internet Mail Extensions (MIME)

Pretty Good Privacy (PGP)

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Question 9

- (Exam Topic 3)
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

Poly key exchange

Cross certification

Poly key reference

Cross-site exchange

Question 10

- (Exam Topic 4)
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site.
Which file does the attacker need to modify?

Hosts

Sudoers

Boot.ini

Networks

Question 11

- (Exam Topic 7)
What is a NULL scan?

A scan in which all flags are turned off

A scan in which certain flags are off

A scan in which all flags are on

A scan in which the packet size is set to zero

A scan with an illegal packet size

Question 12

- (Exam Topic 4)
It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data.
Which of the following terms best matches the definition?

Threat

Attack

Vulnerability

Risk

Question 13

- (Exam Topic 1)
Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?

Heuristic Analysis

Code Emulation

Integrity checking

Scanning

Question 14

- (Exam Topic 6)
Which type of cryptography does SSL, IKE and PGP belongs to?

Secret Key

Hash Algorithm

Digest

Public Key

Question 15

- (Exam Topic 5)
Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?

Scalability

Speed

Key distribution

Security

Question 16

- (Exam Topic 3)
Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

CSIRT provides a computer security surveillance service to supply a government with importantintelligence information on individuals travelling abroad.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual\'s property or company\'s asset.

Question 17

- (Exam Topic 4)
Which of the following is the greatest threat posed by backups?

A backup is the source of Malware or illicit information.

A backup is unavailable during disaster recovery.

A backup is incomplete because no verification was performed.

An un-encrypted backup can be misplaced or stolen.

Question 18

- (Exam Topic 2)
A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

Reject all invalid email received via SMTP.

Allow full DNS zone transfers.

Remove A records for internal hosts.

Enable null session pipes.

Question 19

- (Exam Topic 5)
A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user\'s authentication credentials.

Attempts by attackers to access the user and password information stored in the company\'s SQL database.

Attempts by attackers to access passwords stored on the user\'s computer without the user\'s knowledge.

Attempts by attackers to determine the user\'s Web browser usage patterns, including when sites were visited and for how long.

Question 20

- (Exam Topic 4)
When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it.
What should you do?

Forward the message to your company’s security response team and permanently delete the message from your computer.

Reply to the sender and ask them for more information about the message contents.

Delete the email and pretend nothing happened

Forward the message to your supervisor and ask for her opinion on how to handle the situation

Question 21

- (Exam Topic 6)
Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information systems and organizations?

NIST SP 800-53

PCI-DSS

EU Safe Harbor

HIPAA

Question 22

- (Exam Topic 6)
Which of the following is a vulnerability in GNU’s bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

Shellshock

Rootshell

Rootshock

Shellbash

Question 23

- (Exam Topic 7)
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in. What do you think is the most likely reason behind this?

There is a NIDS present on that segment.

Kerberos is preventing it.

Windows logons cannot be sniffed.

L0phtcrack only sniffs logons to web servers.

Question 24

- (Exam Topic 1)
Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

Omnidirectional antenna

Dipole antenna

Yagi antenna

Parabolic grid antenna

Question 25

- (Exam Topic 6)
What are two things that are possible when scanning UDP ports? (Choose two.)

A reset will be returned

An ICMP message will be returned

The four-way handshake will not be completed

An RFC 1294 message will be returned

Nothing

Question 26

- (Exam Topic 6)
What does a type 3 code 13 represent? (Choose two.)

Echo request

Destination unreachable

Network unreachable

Administratively prohibited

Port unreachable

Time exceeded

Question 27

- (Exam Topic 5)
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

The amount of time it takes to convert biometric data into a template on a smart card.

The amount of time and resources that are necessary to maintain a biometric system.

The amount of time it takes to be either accepted or rejected form when an individual provides Identification and authentication information.

How long it takes to setup individual user accounts.

Question 28

- (Exam Topic 2)
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Information reporting

Vulnerability assessment

Active information gathering

Passive information gathering

Question 29

- (Exam Topic 2)
Which of the following is an application that requires a host application for replication?

Micro

Worm

Trojan

Virus

Question 30

- (Exam Topic 5)
The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

The document can be sent to the accountant using an exclusive USB for that document.

The CFO can use a hash algorithm in the document once he approved the financial statements.

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.

The CFO can use an excel file with a password.

Page: 1 / 61

Total 736 questions Full Exam Access