Ec council.test inside.312 50v11.free.draindumps.2021 aug 02.by.moore PDF

Preview

Summary

CEH...

Description

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

312-50v11 Dumps Certified Ethical Hacker Exam (CEH https://www.certleader.com/312-50v11-dumps

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

NEW QUESTION 1 Why containers are less secure that virtual machines? A. Host OS on containers has a larger surface attack. B. Containers may full fill disk space of the host. C. A compromise container may cause a CPU starvation of the host. D. Containers are attached to the same virtual network. Answer: A

NEW QUESTION 2 A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to th the contents of the tarball and ran the script using a function provided by the FTP server's software. The “ps” command process, and the netstat command shows the “nc” process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible? A. File system permissions B. Privilege escalation C. Directory traversal D. Brute force login Answer: A

NEW QUESTION 3 Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise A. SOA B. biometrics C. single sign on D. PKI Answer: D

NEW QUESTION 4 What two conditions must a digital signature meet? A. Has to be the same number of characters as a physical signature and must be unique. B. Has to be unforgeable, and has to be authentic. C. Must be unique and have special characters. D. Has to be legible and neat. Answer: B

NEW QUESTION 5 John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the com and procedures while handling responses as they are very stressful to perform. Which of the following actions should Jo least administrative effort? A. Create an incident checklist. B. Select someone else to check the procedures. C. Increase his technical skills. D. Read the incident manual every time it occurs.

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

A. You attempt every single possibility until you exhaust all possible combinations or discover the password B. You threaten to use the rubber hose on someone unless they reveal their password C. You load a dictionary of words into your cracking program D. You create hashes of a large number of words and compare it with the encrypted passwords E. You wait until the password expires Answer: A

NEW QUESTION 8 Scenario1: * 1. Victim opens the attacker's web site. * 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'. * 3. Victim clicks to the interesting and attractive content URL. * 4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by th What is the name of the attack which is mentioned in the scenario? A. Session Fixation B. HTML Injection C. HTTP Parameter Pollution D. Clickjacking Attack Answer: D

NEW QUESTION 9 Which of the following describes the characteristics of a Boot Sector Virus? A. Modifies directory table entries so that directory entries point to the virus code instead of the actual program. B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR. C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR. D. Overwrites the original MBR and only executes the new virus code. Answer: C

NEW QUESTION 10 Which of the following is the BEST way to defend against network sniffing? A. Using encryption protocols to secure network communications B. Register all machines MAC Address in a Centralized Database C. Use Static IP Address D. Restrict Physical Access to Server Rooms hosting Critical Servers Answer: A

NEW QUESTION 10 DNS cache snooping is a process of determining if the specified resource address is present in the DNS cache records. the network to determine what software update resources are used, thus discovering what software is installed. What command is used to determine if the entry is present in DNS cache? A. nslookup -fullrecursive update.antivirus.com B. dnsnooping –rt update.antivirus.com C. nslookup -norecursive update.antivirus.com D. dns --snoop update.antivirus.com Answer: C

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

NEW QUESTION 24 Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his c of a suspicious connection from the email server to an unknown IP Address. What is the first thing that Nedved needs to do before contacting the incident response team? A. Leave it as it Is and contact the incident response te3m right away B. Block the connection to the suspicious IP Address from the firewall C. Disconnect the email server from the network D. Migrate the connection to the backup email server Answer: C

NEW QUESTION 28 When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is es three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN How would an attacker exploit this design by launching TCP SYN attack? A. Attacker generates TCP SYN packets with random destination addresses towards a victim host B. Attacker floods TCP SYN packets with random source addresses towards a victim host C. Attacker generates TCP ACK packets with random source addresses towards a victim host D. Attacker generates TCP RST packets with random source addresses towards a victim host Answer: B

NEW QUESTION 30 What is the proper response for a NULL scan if the port is open? A. SYN B. ACK C. FIN D. PSH E. RST F. No response Answer: F

NEW QUESTION 34 In Trojan terminology, what is a covert channel?

A. A channel that transfers information within a computer system or network in a way that violates the security policy B. A legitimate communication path within a computer system or network for transfer of data C. It is a kernel operation that hides boot processes and services to mask detection D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections Answer: A

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

NEW QUESTION 41 What tool can crack Windows SMB passwords simply by listening to network traffic? A. This is not possible B. Netbus C. NTFSDOS D. L0phtcrack Answer: D

NEW QUESTION 42 Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS w success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Nea not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements? A. Gateway-based IDS B. Network-based IDS C. Host-based IDS D. Open source-based Answer: C

NEW QUESTION 46 What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from mu analyzing files locally it's made on the premiers environment A. VCloud based B. Honypot based C. Behaviour based D. Heuristics based Answer: A

NEW QUESTION 49 Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email encrypted. What is the name of the command used by SMTP to transmit email over TLS? A. OPPORTUNISTICTLS B. UPGRADETLS C. FORCETLS D. STARTTLS Answer: D

NEW QUESTION 52 When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Whic meant by processing? A. The amount of time and resources that are necessary to maintain a biometric system B. How long it takes to setup individual user accounts C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and auth D. The amount of time it takes to convert biometric data into a template on a smart card Answer: C

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat 1234 -pw password D. Use cryptcat instead of netcat Answer: D

NEW QUESTION 66 In the field of cryptanalysis, what is meant by a “rubber-hose" attack? A. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text. B. Extraction of cryptographic secrets through coercion or torture. C. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC. D. A backdoor placed into a cryptographic algorithm by its creator. Answer: B

NEW QUESTION 71 Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the vulnerabilities on a Windows-based computer? A. Use the built-in Windows Update tool B. Use a scan tool like Nessus C. Check MITRE.org for the latest list of CVE findings D. Create a disk image of a clean Windows installation Answer: B

NEW QUESTION 73 While performing online banking using a Web browser, a user receives an email that contains a link to an interesting W another Web browser session starts and displays a video of cats playing a piano. The next business day, the user recei indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and that took place. What Web browser-based security vulnerability was exploited to compromise the user? A. Clickjacking B. Cross-Site Scripting C. Cross-Site Request Forgery D. Web form input validation Answer: C

NEW QUESTION 77 A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confu (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT ST open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:0 A. The host is likely a Linux machine. B. The host is likely a printer. C. The host is likely a router. D. The host is likely a Windows machine. Answer: B

NEW QUESTION 79 Which type of sniffing technique is generally referred as MiTM attack?

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

A. Password Sniffing B. ARP Poisoning C. Mac Flooding D. DHCP Sniffing Answer: B

NEW QUESTION 81 Within the context of Computer Security, which of the following statements describes Social Engineering best? A. Social Engineering is the act of publicly disclosing information B. Social Engineering is the means put in place by human resource to perform time accounting C. Social Engineering is the act of getting needed information from a person rather than breaking into a system D. Social Engineering is a training program within sociology studies Answer: C

NEW QUESTION 84 Which system consists of a publicly available set of databases that contain domain name registration contact informatio A. WHOIS B. CAPTCHA C. IANA D. IETF Answer: A

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

NEW QUESTION 90 The network team has well-established procedures to follow for creating new rules on the firewall. This includes having implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cann would be a good step to have in the procedures for a situation like this? A. Have the network team document the reason why the rule was implemented without prior manager approval. B. Monitor all traffic using the firewall rule until a manager can approve it. C. Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as p D. Immediately roll back the firewall rule until a manager can approve it Answer: D

NEW QUESTION 91 Which of the following is not a Bluetooth attack? A. Bluedriving B. Bluesmacking C. Bluejacking D. Bluesnarfing Answer: A

NEW QUESTION 94 PGP, SSL, and IKE are all examples of which type of cryptography? A. Digest B. Secret Key C. Public Key D. Hash Algorithm Answer: C

NEW QUESTION 96 As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through What document describes the specifics of the testing, the associated violations, and essentially protects both the organ tester? A. Service Level Agreement B. Project Scope C. Rules of Engagement D. Non-Disclosure Agreement Answer: C

NEW QUESTION 100 Which of the following incident handling process phases is responsible for defining rules, collaborating human workforc plans for an organization? A. Preparation phase B. Containment phase C. Identification phase D. Recovery phase Answer: A

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

NEW QUESTION 109 Which type of security feature stops vehicles from crashing through the doors of a building? A. Bollards B. Receptionist C. Mantrap D. Turnstile Answer: A

NEW QUESTION 114 Identify the correct terminology that defines the above statement.

A. Vulnerability Scanning B. Penetration Testing C. Security Policy Implementation D. Designing Network Security Answer: B

NEW QUESTION 116 The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Expos affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy A. Public B. Private C. Shared D. Root Answer: B

NEW QUESTION 119 CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Y From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message. This proves that CompanyXYZ’s email gateway doesn’t prevent what? A. Email Masquerading B. Email Harvesting C. Email Phishing D. Email Spoofing Answer: D

NEW QUESTION 120 Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the con A. SFTP B. Ipsec C SSL

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

B. Regular security tests and audits should be performed. C. As long as the physical access to the network elements is restricted, there is no need for additional measures. D. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist. E. The operator knows that attacks and down time are inevitable and should have a backup site. Answer: A

NEW QUESTION 129 You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and t kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert m wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter wil machine to kiwi syslog machine? A. tcp.srcport= = 514 && ip.src= = 192.168.0.99 B. tcp.srcport= = 514 && ip.src= = 192.168.150 C. tcp.dstport= = 514 && ip.dst= = 192.168.0.99 D. tcp.dstport= = 514 && ip.dst= = 192.168.0.150 Answer: D

NEW QUESTION 134 What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS? A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail. B. Asymmetric cryptography is computationally expensive in compariso C. However, it is well-suited to securely negotiate keys for use with symmetric cryptography. D. Symmetric encryption allows the server to securely transmit the session keys out-of-band. E. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryptio Answer: D

NEW QUESTION 136 Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump A. tcptrace B. Nessus C. OpenVAS D. tcptraceroute Answer: A

NEW QUESTION 138 Which of the following tools are used for enumeration? (Choose three.) A. SolarWinds B. USER2SID C. Cheops D. SID2USER E. DumpSec Answer: BDE

NEW QUESTION 141 Why should the security analyst disable/remove unnecessary ISAPI filters?

100% Valid and Newest Version 312-50v11 Questions & Answers shared by C https://www.certleader.com/312-50v11-dumps.html (254 Q&As)

A. Session hijacking B. Firewalking C. Man-in-the middle attack D. Network sniffing Answer: B

NEW QUESTION 150 Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session wit this? A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. B. He can send an IP packet with the SYN bit and the source address of his computer. C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine. Answer: D

NEW QUESTION 153 An attacker with access to the inside network of a small company launches a successful STP manipulation attack. Wha A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer. B. He will activate OSPF on the spoofed root bridge. C. He will repeat this action so that it escalates to a DoS attack. D. He will repeat the same attack against all L2 switches of the network. Answer: A

NEW QUESTION 158 When a security analyst prepares for the formal security assessment - what of the following should be done in order to d assets database and verify that system is compliant to the minimum security baseline? A. Data items and vulnerability scanning B. Interviewing employees and network engineers C. Reviewing the firewalls configuration D. Source code review Answer: A

NEW QUESTION 161 Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in Code: #include int main(){char...