20 April, 2021

Top Tips Of Up To The Minute 312-50v11 Simulations

Our pass rate is high to 98.9% and the similarity percentage between our 312-50v11 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the EC-Council 312-50v11 exam in just one try? I am currently studying for the EC-Council 312-50v11 exam. Latest EC-Council 312-50v11 Test exam practice questions and answers, Try EC-Council 312-50v11 Brain Dumps First.

Online EC-Council 312-50v11 free dumps demo Below:

Page: 1 / 21

Total 254 questions Full Exam Access

Question 1

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

All are hacking tools developed by the legion of doom

All are tools that can be used not only by hackers, but also security personnel

All are DDOS tools

All are tools that are only effective against Windows

All are tools that are only effective against Linux

Question 2

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place. What Web browser-based security vulnerability was exploited to compromise the user?

Clickjacking

Cross-Site Scripting

Cross-Site Request Forgery

Web form input validation

Question 3

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

Block port 25 at the firewall.

Shut off the SMTP service on the server.

Force all connections to use a username and password.

Switch from Windows Exchange to UNIX Sendmail.

None of the above.

Question 4

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Residual risk

Impact risk

Deferred risk

Inherent risk

Question 5

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

The CFO can use a hash algorithm in the document once he approved the financial statements

The CFO can use an excel file with a password

The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document

The document can be sent to the accountant using an exclusive USB for that document

Question 6

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

SFTP

Ipsec

SSL

FTPS

Question 7

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Hardware, Software, and Sniffing.

Hardware and Software Keyloggers.

Passwords are always best obtained using Hardware key loggers.

Software only, they are the most effective.

Question 8

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

To determine who is the holder of the root account

To perform a DoS

To create needless SPAM

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

To test for virus protection

Question 9

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:
You are hired to conduct security testing on their network.
You successfully brute-force the SNMP community string using a SNMP crack tool.
The access-list configured at the router prevents you from establishing a successful connection. You want to retrieve the Cisco configuration from the router. How would you proceed?

Use the Cisco's TFTP default password to connect and download the configuration file

Run a network sniffer and capture the returned traffic with the configuration file from the router

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Question 10

What is the minimum number of network connections in a multi homed firewall?

Question 11

Which of the following is the BEST way to defend against network sniffing?

Using encryption protocols to secure network communications

Use Static IP Address

Restrict Physical Access to Server Rooms hosting Critical Servers

Question 12

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
312-50v11 dumps exhibit

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

Switch then acts as hub by broadcasting packets to all machines on the network

The CAM overflow table will cause the switch to crash causing Denial of Service

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Question 13

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

Linux

Unix

OS X

Windows

Question 14

Study the following log extract and identify the attack.
312-50v11 dumps exhibit

Hexcode Attack

Cross Site Scripting

Multiple Domain Traversal Attack

Unicode Directory Traversal Attack

Question 15

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Iris patterns

Voice

Height and Weight

Fingerprints

Question 16

Which DNS resource record can indicate how long any "DNS poisoning" could last?

SOA

TIMEOUT

Question 17

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

Authentication

Confidentiality

Integrity

Non-Repudiation

Question 18

What did the following commands determine?
312-50v11 dumps exhibit

That the Joe account has a SID of 500

These commands demonstrate that the guest account has NOT been disabled

These commands demonstrate that the guest account has been disabled

That the true administrator is Joe

Issued alone, these commands prove nothing

Question 19

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

symmetric algorithms

asymmetric algorithms

hashing algorithms

integrity algorithms

Question 20

What is correct about digital signatures?

A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

Digital signatures may be used in different documents of the same type.

A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

Digital signatures are issued once for each user and can be used everywhere until they expire.

Question 21

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

list server=192.168.10.2 type=all

is-d abccorp.local

Iserver 192.168.10.2-t all

List domain=Abccorp.local type=zone

Question 22

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.
However, he is unable to capture any logons though he knows that other users are logging in. What do you think is the most likely reason behind this?

There is a NIDS present on that segment.

Kerberos is preventing it.

Windows logons cannot be sniffed.

L0phtcrack only sniffs logons to web servers.

Question 23

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

tcptrace

Nessus

OpenVAS

tcptraceroute

Question 24

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Traceroute

Hping

TCP ping

Broadcast ping

Page: 1 / 21

Total 254 questions Full Exam Access