EC-Council 312-50v12 Certified Ethical Hacker Exam (CEHv12) Online Training
EC-Council 312-50v12 Online Training
The questions for 312-50v12 were last updated at Jan 07,2025.
- Exam Code: 312-50v12
- Exam Name: Certified Ethical Hacker Exam (CEHv12)
- Certification Provider: EC-Council
- Latest update: Jan 07,2025
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
- A . Residual risk
- B . Impact risk
- C . Deferred risk
- D . Inherent risk
Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the
Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]”.
Which
statement below is true?
- A . This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
- B . This is a scam because Bob does not know Scott.
- C . Bob should write to [email protected] to verify the identity of Scott.
- D . This is probably a legitimate message as it comes from a respectable organization.
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?
- A . symmetric algorithms
- B . asymmetric algorithms
- C . hashing algorithms
- D . integrity algorithms
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist’s email, and you send her an email changing the source email to her boss’s email (boss@company). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected. You now have access to the company network.
What testing method did you use?
- A . Social engineering
- B . Piggybacking
- C . Tailgating
- D . Eavesdropping
What two conditions must a digital signature meet?
- A . Has to be the same number of characters as a physical signature and must be unique.
- B . Has to be unforgeable, and has to be authentic.
- C . Must be unique and have special characters.
- D . Has to be legible and neat.
The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it.
Which of the following options can be useful to ensure the integrity of the data?
- A . The CFO can use a hash algorithm in the document once he approved the financial statements
- B . The CFO can use an excel file with a password
- C . The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
- D . The document can be sent to the accountant using an exclusive USB for that document
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.
What is the recommended architecture in terms of server placement?
- A . All three servers need to be placed internally
- B . A web server facing the Internet, an application server on the internal network, a database server on the internal network
- C . A web server and the database server facing the Internet, an application server on the internal network
- D . All three servers need to face the Internet so that they can communicate between themselves
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
From: [email protected]
To: [email protected] Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?
- A . Email Masquerading
- B . Email Harvesting
- C . Email Phishing
- D . Email Spoofing
env x=’(){ :;};echo exploit’ bash Cc ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
- A . Removes the passwd file
- B . Changes all passwords in passwd
- C . Add new user to the passwd file
- D . Display passwd content to prompt
Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%.
Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?
- A . Accept the risk
- B . Introduce more controls to bring risk to 0%
- C . Mitigate the risk
- D . Avoid the risk