EC-Council 312-50v10 Certified Ethical Hacker Exam (C|EH v10) Online Training
EC-Council 312-50v10 Online Training
The questions for 312-50v10 were last updated at Nov 23,2024.
- Exam Code: 312-50v10
- Exam Name: Certified Ethical Hacker Exam (C|EH v10)
- Certification Provider: EC-Council
- Latest update: Nov 23,2024
A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the lT department had a dial-out modem installed.
Which security policy must the security analyst check to see if dial-out modems are allowed?
- A . Firewall-management policy
- B . Acceptable-use policy
- C . Remote-access policy
- D . Permissive policy
When you are getting information about a webserver, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two critical methods (PUT and DELETE) .PUT can upload a file to the server and DELETE can delete a file from the server. You can detect all these methods (GET, POST, HEAD, DELETE, PUT, TRACE) using NMAP script engine.
What Nmap script will help you with this task?
- A . http-methods
- B . http enum
- C . http-headers
- D . http-git
What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host?
env x='({:; }; echo exploit’ bash-c ’cat/etc/passwd’
- A . Removes the passwd file
- B . Changes all passwords in passwd
- C . Add new user to the passwd file
- D . Display passwd content to prompt
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball two are shell script files, and the third is a binary file is named "nc." The FTP server’s access logs show that the anonymous user account logged into the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server’s software. The “ps" command shows that the “nc" file is running as process, and the netstat command shows the “nc" process is listening on a network port.
What kind of vulnerability must be present to make this remote attack possible?
- A . Filesystem permissions
- B . Privilege escalation
- C . Directory traversal
- D . Brute force login
This asymmetry cipher is based on factoring the product of two large prime numbers.
What cipher is described above?
- A . SHA
- B . RSA
- C . MD5
- D . RC5
You want to do an ICMP scan on a remote computer using hping2.
What is the proper syntax?
- A . hping2-1 host.domain.com
- B . hping2-i host.domain.com
- C . hping2-set-lCMP host.domain.com
- D . hping2 host.domain.com
Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?
- A . ICMP Echo scanning
- B . SYN/FIN scanning using IP fragments
- C . ACK flag probe scanning
- D . IPID scanning
Which of the following statements is TRUE?
- A . Sniffers operate on Layer 2 of the OSI model
- B . Sniffers operate on Layer 3 of the OSI model
- C . Sniffers operate on both Layer 2 & Layer 3 of the OSI model.
- D . Sniffers operate on the Layer 1 of the OSI model.
To reach a bank website, the traffic from workstations must passthrough a firewall You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/ 24 can only reach the bank website 10.20.20.1 using https.
Which of the following firewall rules meets this requirement?
- A . If (source matches 10.10.10.0/ 24 and destination matches 10.20.20.1 and port matches 443) then permit
- B . If (source matches 10.10.10.0/ 24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
- C . If (source matches 10.20.20.1 and destination matches 10.10.10.0/ 24 and port matches 443) then permit
- D . If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit
Why is a penetration test considered to be more thorough than vulnerability scan?
- A . Vulnerability scans only do host discovery and port scanning by default.
- B . A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
- C . It is not-a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
- D . The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
Latest 312-50v10 Dumps Valid Version with 736 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
