A Review Of Printable 312-50v11 Real Exam

Proper study guides for Most up-to-date EC-Council Certified Ethical Hacker Exam (CEH v11) certified begins with EC-Council 312-50v11 preparation products which designed to deliver the Download 312-50v11 questions by making you pass the 312-50v11 test at your first time. Try the free 312-50v11 demo right now.

Check 312-50v11 free dumps before getting the full version:

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

  • A. Attempts by attackers to access the user and password information stored in the company’s SQL database.
  • B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
  • C. Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.
  • D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Answer: B

The “Gray-box testing” methodology enforces what kind of restriction?

  • A. Only the external operation of a system is accessible to the tester.
  • B. The internal operation of a system in only partly accessible to the tester.
  • C. Only the internal operation of a system is known to the tester.
  • D. The internal operation of a system is completely known to the tester.

Answer: B

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

  • A. Protocol analyzer
  • B. Network sniffer
  • C. Intrusion Prevention System (IPS)
  • D. Vulnerability scanner

Answer: A

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

  • A. Gateway-based IDS
  • B. Network-based IDS
  • C. Host-based IDS
  • D. Open source-based

Answer: C

Which of the following is the BEST way to defend against network sniffing?

  • A. Using encryption protocols to secure network communications
  • B. Register all machines MAC Address in a Centralized Database
  • C. Use Static IP Address
  • D. Restrict Physical Access to Server Rooms hosting Critical Servers

Answer: A

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

  • A. tcptrace
  • B. Nessus
  • C. OpenVAS
  • D. tcptraceroute

Answer: A

One of your team members has asked you to analyze the following SOA record. What is the version? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

  • A. 200303028
  • B. 3600
  • C. 604800
  • D. 2400
  • E. 60
  • F. 4800

Answer: A

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
312-50v11 dumps exhibit
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

  • A. Switch then acts as hub by broadcasting packets to all machines on the network
  • B. The CAM overflow table will cause the switch to crash causing Denial of Service
  • C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
  • D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port

Answer: A

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?
#include <string.h> int main(){char buffer[8];
strcpy(buffer, ““11111111111111111111111111111””);} Output: Segmentation fault

  • A. C#
  • B. Python
  • C. Java
  • D. C++

Answer: D

In the context of Windows Security, what is a 'null' user?

  • A. A user that has no skills
  • B. An account that has been suspended by the admin
  • C. A pseudo account that has no username and password
  • D. A pseudo account that was created for security administration purpose

Answer: C

What does the following command in netcat do? nc -l -u -p55555 < /etc/passwd

  • A. logs the incoming connections to /etc/passwd file
  • B. loads the /etc/passwd file to the UDP port 55555
  • C. grabs the /etc/passwd file when connected to UDP port 55555
  • D. deletes the /etc/passwd file when connected to the UDP port 55555

Answer: C

Which type of sniffing technique is generally referred as MiTM attack?
312-50v11 dumps exhibit

  • A. Password Sniffing
  • B. ARP Poisoning
  • C. Mac Flooding
  • D. DHCP Sniffing

Answer: B

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

  • A. Privilege Escalation
  • B. Shoulder-Surfing
  • C. Hacking Active Directory
  • D. Port Scanning

Answer: A

PGP, SSL, and IKE are all examples of which type of cryptography?

  • A. Digest
  • B. Secret Key
  • C. Public Key
  • D. Hash Algorithm

Answer: C

Which command can be used to show the current TCP/IP connections?

  • A. Netsh
  • B. Netstat
  • C. Net use connection
  • D. Net use

Answer: A

You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?

  • A. John the Ripper
  • B. SET
  • D. Cain & Abel

Answer: C

Under what conditions does a secondary name server request a zone transfer from a primary name server?

  • A. When a primary SOA is higher that a secondary SOA
  • B. When a secondary SOA is higher that a primary SOA
  • C. When a primary name server has had its service restarted
  • D. When a secondary name server has had its service restarted
  • E. When the TTL falls to zero

Answer: A

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

  • A. Use the built-in Windows Update tool
  • B. Use a scan tool like Nessus
  • C. Check MITRE.org for the latest list of CVE findings
  • D. Create a disk image of a clean Windows installation

Answer: B

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

  • A. tcp.port != 21
  • B. tcp.port = 23
  • C. tcp.port ==21
  • D. tcp.port ==21 || tcp.port ==22

Answer: D

What is the following command used for? net use \targetipc$ "" /u:""

  • A. Grabbing the etc/passwd file
  • B. Grabbing the SAM
  • C. Connecting to a Linux computer through Samba.
  • D. This command is used to connect as a null session
  • E. Enumeration of Cisco routers

Answer: D

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?

  • A. Bob can be right since DMZ does not make sense when combined with stateless firewalls
  • B. Bob is partially righ
  • C. He does not need to separate networks if he can create rules by destination IPs, one by one
  • D. Bob is totally wron
  • E. DMZ is always relevant when the company has internet servers and workstations
  • F. Bob is partially righ
  • G. DMZ does not make sense when a stateless firewall is available

Answer: C

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

  • A. Use the same machines for DNS and other applications
  • B. Harden DNS servers
  • C. Use split-horizon operation for DNS servers
  • D. Restrict Zone transfers
  • E. Have subnet diversity between DNS servers

Answer: BCDE

During a black-box pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimpeded. What type of firewall is inspecting outbound traffic?

  • A. Circuit
  • B. Stateful
  • C. Application
  • D. Packet Filtering

Answer: B

Which of the following is the primary objective of a rootkit?

  • A. It opens a port to provide an unauthorized service
  • B. It creates a buffer overflow
  • C. It replaces legitimate programs
  • D. It provides an undocumented opening in a program

Answer: C

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

  • A. Man-in-the-middle attack
  • B. Meet-in-the-middle attack
  • C. Replay attack
  • D. Traffic analysis attack

Answer: B


Thanks for reading the newest 312-50v11 exam dumps! We recommend you to try the PREMIUM Certleader 312-50v11 dumps in VCE and PDF here: https://www.certleader.com/312-50v11-dumps.html (254 Q&As Dumps)