EC-Council 312-50v10 Certified Ethical Hacker Exam (C|EH v10) Online Training
EC-Council 312-50v10 Online Training
The questions for 312-50v10 were last updated at Dec 25,2024.
- Exam Code: 312-50v10
- Exam Name: Certified Ethical Hacker Exam (C|EH v10)
- Certification Provider: EC-Council
- Latest update: Dec 25,2024
How can rainbow tables be defeated?
- A . Password salting
- B . Use of non-dictionary words
- C . All uppercase character passwords
- D . Lockout accounts under brute force password cracking attempts
What is correct about digital signatures?
- A . A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party
- B . Digital signatures maybe used in different documents of the same type.
- C . A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
- D . Digital signatures are issued once for each user and can be used everywhere until they expire.
While scanning with Nmap, Patin found several hosts which have the IP ID of incremental sequences.
He then decided to conduct: nmap-Pn-p-sl kiosk.adobe.com www.riaa.com kiosk.adobe.com is the host with increment all PID sequence.
What is the purpose of using-sl with Nmap?
- A . Conduct stealth scan
- B . Conduct ICMP scan
- C . Conduct IDLE scan
- D . Conduct silent scan
What type of OS fingerprinting techniques ends specially crafted packets to the remote OS and analyzes the received response?
- A . Passive
- B . Active
- C . Reflective
- D . Distributive
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best i lust rates an attempt to exploit an insecure direct object reference vulnerability?
- A . “GET/restricted/goldtransfer?to=Rob&from=1or1=1’HTTP/1.1Hostwestbank.com"
- B . “GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”
- C . “GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”
- D . “GET/restricted/r
%00account%00Ned%00accessHTTP/1.1Host: westbank.com"
What is the correct process for the TCP three-way handshake connection establishment and connection termination?
- A . Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK
- B . Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK
- C . Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK
- D . Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email.
At what layer of the OSI layer does the encryption and decryption of the message take place?
- A . Application
- B . Transport
- C . Session
- D . Presentation
Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer’s activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?
- A . External script contents could be maliciously modified without the security team knowledge
- B . External scripts have direct access to the company servers and can steal the data from there
- C . There is no risk at all as the marketing services are trustworthy
- D . External scripts increase the outbound company data traffic which leads greater financial losses
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122.192.168.1.123 and 192.168.1.124.
An attacker is trying to find those servers but he can not see them in his scanning. The command he is using is: nmap192.168.1.64/28
Why he cannot see the servers?
- A . He needs to change the address to 192.168.1.0 with the same mask
- B . He needs to add the command “ip address" just before the IP address.
- C . He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask/ 28 and the servers are not in that range.
- D . The network must be down and then map command and IP address are ok
What is the purpose of a demilitarized zone on a network?
- A . To scan all traffic coming through the DMZ to the internal network
- B . To only provide direct access to the nodes within the DMZ and protect the network behind it
- C . To provide a place to put the honeypot
- D . To contain the network devices you wish to protect