Certified Ethical Hacker Exam 312-50v9 Tutorials

Examcollection offers free demo for 312-50v9 exam. \"Certified Ethical Hacker Exam\", also known as 312-50v9 exam, is a EC-Council Certification. This set of posts, Passing the EC-Council 312-50v9 exam, will help you answer those questions. The 312-50v9 Questions & Answers covers all the knowledge points of the real exam. 100% real EC-Council 312-50v9 exams and revised by experts!

Page: 1 / 10
Total 125 questions Full Exam Access
Question 1
To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such as audit?
My answer: -
Reference answer: C
Reference analysis:

None

Question 2
The Open Web Application Security Project (OWASP) isthe worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP’s Top Ten Project most Critical Web application Security Rules?
My answer: -
Reference answer: A
Reference analysis:

None

Question 3
You just set up a security system in your network. In what kind of system would you find thefollowing string of characters used as a rule within its configuration?
alert tcp any any ->192.168.100.0/24 21 (msg: "FTP on the network!";)
My answer: -
Reference answer: C
Reference analysis:

None

Question 4
While using your bank’s online servicing you notice the following stringin the URL bar: “http://www.MyPersonalBank/Account?
Id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
What type of vulnerability is present on this site?
My answer: -
Reference answer: C
Reference analysis:

None

Question 5
When you are testing a web application, it is very useful to employ a prosy tool to save every request and response.Nyou can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
My answer: -
Reference answer: A
Reference analysis:

None

Question 6
During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?
My answer: -
Reference answer: B
Reference analysis:

None

Question 7
Which of the following security operations is used for determining the attack surface of an organization?
My answer: -
Reference answer: B
Reference analysis:

None

Question 8
A company’s security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
My answer: -
Reference answer: C
Reference analysis:

None

Question 9
An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, digital Subscriber Line (DSL), wireless data services, and virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?
My answer: -
Reference answer: D
Reference analysis:

None

Question 10
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark,and EtherPeek?
My answer: -
Reference answer: C
Reference analysis:

None

Question 11
What isa “Collision attach” in cryptography?
My answer: -
Reference answer: C
Reference analysis:

None

Question 12
It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up windows, webpage,or email warning from what looks like an officialauthority. It explains your computer has been locked because of possible illegal activities and demands payment before you can access your files and programs again.
Which term best matches this definition?
My answer: -
Reference answer: C
Reference analysis:

None

Question 13
Which of the following is considered the best way to prevent Personally Identifiable Information (PII) from web application vulnerabilities?
My answer: -
Reference answer: A
Reference analysis:

None

Question 14
While performing online banking using a web browser, a user receives an email that contains alink to an interesting Web site. When the user clicks on the link, another web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What web browser-based security vulnerability was exploited to compromise the user?
My answer: -
Reference answer: A
Reference analysis:

None

Question 15
You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account.
What should you do?
My answer: -
Reference answer: B
Reference analysis:

None

Question 16
You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?
My answer: -
Reference answer: D
Reference analysis:

None

Question 17
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
My answer: -
Reference answer: B
Reference analysis:

None

Question 18
An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?
My answer: -
Reference answer: D
Reference analysis:

None

Question 19
You have compromised a server on a network and successfully open a shell. You aimed to identify all operating systems running on the network. However, as you attemptto fingerprint all machines in the machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server:~$nmap –T4 –O 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxxx. QUITTING!
What seems to be wrong?
My answer: -
Reference answer: D
Reference analysis:

None

Question 20
In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known wardriving.
Which algorithm is this referring to?
My answer: -
Reference answer: A
Reference analysis:

None

Question 21
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?
My answer: -
Reference answer: A
Reference analysis:

None

Page: 1 / 10
Total 125 questions Full Exam Access