EC-Council 312-50v9 Braindumps 2021

NEW QUESTION 1
Which of the following statements is TRUE?

• A. Sniffers operation on Layer 3 of the OSI model
• B. Sniffers operation on Layer 2 of the OSI model
• C. Sniffers operation on the Layer 1 of the OSI model
• D. Sniffers operation on both Layer 2 & Layer 3 of the OSImodel

Answer: D

NEW QUESTION 2
Session splicing is an IDS evasiontechnique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures.
Which tool can used to perform session splicing attacks?

• A. Hydra
• B. Burp
• C. Whisker
• D. Tcpsplice

Answer: C

NEW QUESTION 3
Using Windows CMD, how would an attacker list all the shares to which the current user context hasaccess?

• A. NET CONFIG
• B. NET USE
• C. NET FILE
• D. NET VIEW

Answer: D

NEW QUESTION 4
Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.
II – There are no distinctions between uppercase and lowercase.
III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

• A. I
• B. I and II
• C. II
• D. I, II and III

Answer: D

NEW QUESTION 5
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?

• A. The port will ignore the packets.
• B. The port will send an RST.
• C. The port will send an ACK.
• D. The port will send a SYN.

Answer: A

NEW QUESTION 6
You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account.
What should you do?

• A. Do not transfer the money but steal the bitcoins.
• B. Report immediately to the administrator.
• C. Transfer money from the administrator’s account to another account.
• D. Do not report it and continue the penetration test.

Answer: B

NEW QUESTION 7
What is the process of logging, recording, and resolving events that take place in an organization?

• A. Metrics
• B. Security Policy
• C. Internal Procedure
• D. Incident Management Process

Answer: D

NEW QUESTION 8
As a Certified Ethical hacker, you were contracted by aprivate firm to conduct an external security assessment through penetration testing.
What document describes the specified of the testing, the associated violations, and essentially protects both the organization’s interest and your li abilities as a tester?

• A. Term of Engagement
• B. Non-Disclosure Agreement
• C. Project Scope
• D. Service Level Agreement

Answer: B

NEW QUESTION 9
The purpose of a is to deny network access to local area networks and other information assets by unauthorized wireless devices.

• A. Wireless Access Point
• B. Wireless Analyzer
• C. Wireless Access Control list
• D. Wireless Intrusion Prevention System

Answer: D

NEW QUESTION 10
Which regulationdefines security and privacy controls for Federal information systems and organizations?

• A. HIPAA
• B. EU Safe Harbor
• C. PCI-DSS
• D. NIST-800-53

Answer: D

NEW QUESTION 11
The “Black box testing” methodology enforces which kind of restriction?

• A. Only the external operation of a systemis accessible to the tester
• B. The internal operation of a system is completely known to the tester.
• C. Only the internal operation of a system is known to the tester.
• D. The internal operation of a system is only partly accessible to the tester.

Answer: A

NEW QUESTION 12
When you return to your desk after a lunch break, you notice a strange email in your inbox. The senders is someone you did business with recently but the subject line has strange characters in it.
What should you do?

• A. Forward the message to your company’s security response team and permanently delete the message from your computer.
• B. Delete the email and pretend nothing happened.
• C. Forward the message to your supervisor andask for her opinion on how to handle the situation.
• D. Reply to the sender and ask them for more information about the message contents.

Answer: A

NEW QUESTION 13
PGP, SSL, and IKE are all examples of which type of cryptography?

• A. Hash Algorithm
• B. Secret Key
• C. Public Key
• D. Digest

Answer: C

NEW QUESTION 14
You’ve gained physical access to a Windows 2008 R2 server which has as accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD.Which Linux tool has the ability to change any user’s password or to activate disabled Windows Accounts?

• A. John the Ripper
• B. CHNTPW
• C. Cain & Abel
• D. SET

Answer: A

NEW QUESTION 15
Perspective clients wantto see sample reports from previous penetration tests. What should you do next?

• A. Share full reports, not redacted.
• B. Share full reports, with redacted.
• C. Decline but, provide references.
• D. Share reports, after NDA is signed.

Answer: B

NEW QUESTION 16
Which of the following security operations is used for determining the attack surface of an organization?

• A. Reviewing the need for a security clearance for each employee
• B. Running a network scan to detect network services in the corporate DMZ
• C. Training employees on the security policy regarding social engineering
• D. Using configuration management to determine when and where to apply security patches

Answer: B

NEW QUESTION 17
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark,and EtherPeek?

• A. Nessus
• B. Tcptraceroute
• C. Tcptrace
• D. OpenVAS

Answer: C