01 March, 2022

Pinpoint EC-Council 312-50v10 Testing Bible Online

Act now and download your EC-Council 312-50v10 test today! Do not waste time for the worthless EC-Council 312-50v10 tutorials. Download Up to the minute EC-Council Certified Ethical Hacker v10 exam with real questions and answers and begin to learn EC-Council 312-50v10 with a classic professional.

Online 312-50v10 free questions and answers of New Version:

Page: 1 / 61

Total 736 questions Full Exam Access

Question 1

- (Exam Topic 3)
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

To get messaging programs to function with this algorithm requires complex configurations.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Question 2

- (Exam Topic 3)
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Question 3

- (Exam Topic 5)
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

User Access Control (UAC)

Data Execution Prevention (DEP)

Address Space Layout Randomization (ASLR)

Windows firewall

Question 4

- (Exam Topic 7)
When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.
How would an attacker exploit this design by launching TCP SYN attack?

Attacker generates TCP SYN packets with random destination addresses towards a victim host

Attacker floods TCP SYN packets with random source addresses towards a victim host

Attacker generates TCP ACK packets with random source addresses towards a victim host

Attacker generates TCP RST packets with random source addresses towards a victim host

Question 5

- (Exam Topic 1)
What does the -oX flag do in an Nmap scan?

Perform an express scan

Output the results in truncated format to the screen

Perform an Xmas scan

Output the results in XML format to a file

Question 6

- (Exam Topic 3)
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

Key registry

Recovery agent

Directory

Key escrow

Question 7

- (Exam Topic 5)
You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

False Negative

False Positive

True Negative

True Positive

Question 8

- (Exam Topic 6)
Which service in a PKI will vouch for the identity of an individual or company?

KDC

CBC

Question 9

- (Exam Topic 4)
You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.
What is one of the first things you should do when given the job?

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptablelevels.

Interview all employees in the company to rule out possible insider threats.

Establish attribution to suspected attackers.

Start the wireshark application to start sniffing network traffic.

Question 10

- (Exam Topic 5)
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

Fuzzing

Randomizing

Mutating

Bounding

Question 11

- (Exam Topic 7)
Within the context of Computer Security, which of the following statements describes Social Engineering best?

Social Engineering is the act of publicly disclosing information

Social Engineering is the means put in place by human resource to perform time accounting

Social Engineering is the act of getting needed information from a person rather than breaking into a system

Social Engineering is a training program within sociology studies

Question 12

- (Exam Topic 2)
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Detective

Passive

Intuitive

Reactive

Question 13

- (Exam Topic 4)
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?

nmap -T4 -F 10.10.0.0/24

nmap -T4 -r 10.10.1.0/24

nmap -T4 -O 10.10.0.0/24

nmap -T4 -q 10.10.0.0/24

Question 14

- (Exam Topic 3)
Which of the following descriptions is true about a static NAT?

A static NAT uses a many-to-many mapping.

A static NAT uses a one-to-many mapping.

A static NAT uses a many-to-one mapping.

A static NAT uses a one-to-one mapping.

Question 15

- (Exam Topic 1)
Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?

External script contents could be maliciously modified without the security team knowledge

External scripts have direct access to the company servers and can steal the data from there

There is no risk at all as the marketing services are trustworthy

External scripts increase the outbound company data traffic which leads greater financial losses

Question 16

- (Exam Topic 7)
Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

Install DNS logger and track vulnerable packets

Disable DNS timeouts

Install DNS Anti-spoofing

Disable DNS Zone Transfer

Question 17

- (Exam Topic 4)
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

Service Oriented Architecture

Object Oriented Architecture

Lean Coding

Agile Process

Question 18

- (Exam Topic 7)
If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Birthday

Brute force

Man-in-the-middle

Smurf

Question 19

- (Exam Topic 2)
Least privilege is a security concept that requires that a user is

limited to those functions required to do the job.

given root or administrative privileges.

trusted to keep all data and access to that data under their sole control.

given privileges equal to everyone else in the department.

Question 20

- (Exam Topic 6)
The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

$62.5

$250

$125

$65.2

Question 21

- (Exam Topic 3)
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Hping

Traceroute

TCP ping

Broadcast ping

Question 22

- (Exam Topic 7)
What is the proper response for a NULL scan if the port is open?

SYN

ACK

FIN

PSH

RST

No response

Question 23

- (Exam Topic 5)
An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

Insufficient input validation

Insufficient exception handling

Insufficient database hardening

Insufficient security management

Question 24

- (Exam Topic 5)
What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Connection Establishment: FIN, ACK-FIN, ACKConnection Termination: SYN, SYN-ACK, ACK

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: ACK, ACK-SYN, SYN

Connection Establishment: ACK, ACK-SYN, SYNConnection Termination: FIN, ACK-FIN, ACK

Connection Establishment: SYN, SYN-ACK, ACKConnection Termination: FIN, ACK-FIN, ACK

Question 25

- (Exam Topic 2)
Which of the following is a detective control?

Smart card authentication

Security policy

Audit trail

Continuity of operations plan

Page: 1 / 61

Total 736 questions Full Exam Access