Exact2pass ECCouncil-312-50v10

Transcription

Exact2pass ECCouncil-312-50v10
ECCouncil
312-50v10
Certified Ethical Hacker Exam (C|EH v10)
Web: www.exact2pass.com
Version: Demo
Email: [email protected]
[ Total Questions: 10]
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at [email protected]
Support
If you have any questions about our product, please provide the following items:
exam code
screenshot of the question
login id/email
please contact us at [email protected] and our technical experts will provide support within 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Exact Questions
ECCouncil - 312-50v10
Exam Topic Breakdown
Exam Topic
Number of Questions
Topic 6 : Exam Pool F
2
Topic 1 : Exam Pool A
2
Topic 5 : Exam Pool E
2
Topic 7 : Exam Pool G
2
Topic 2 : Exam Pool B
2
Topic 3 : Exam Pool C
0
Topic 4 : Exam Pool D
0
TOTAL
10
Only exact questions will Pass You in Exam
1 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 6, Exam Pool F
Question #:1 - (Exam Topic 6)
Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being
exploited due to vulnerabilities of varying web applications?
A. Use cryptographic storage to store all PII
B. Use full disk encryption on all hard drives to protect PII
C. Use encrypted communications protocols to transmit PII
D. Use a security token to log into all Web applications that use PII
Answer: C
Question #:2 - (Exam Topic 6)
It is a widely used standard for message logging. It permits separation of the software that generates messages,
the system that stores them, and the software that reports and analyzes them. This protocol is specifically
designed for transporting event messages. Which of the following is being described?
A. SNMP
B. ICMP
C. SYSLOG
D. SMS
Answer: C
Only exact questions will Pass You in Exam
2 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 1, Exam Pool A
Question #:3 - (Exam Topic 1)
You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein
the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for.
Which of the below scanning technique will you use?
A. ACK flag scanning
B. TCP Scanning
C. IP Fragment Scanning
D. Inverse TCP flag scanning
Answer: C
Question #:4 - (Exam Topic 1)
What is the minimum number of network connections in a multi homed firewall?
A. 3
B. 5
C. 4
D. 2
Answer: A
Only exact questions will Pass You in Exam
3 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 5, Exam Pool E
Question #:5 - (Exam Topic 5)
Seth is starting a penetration test from inside the network. He hasn't been given any information about the
network. What type of test is he conducting?
A. Internal Whitebox
B. External, Whitebox
C. Internal, Blackbox
D. External, Blackbox
Answer: C
Question #:6 - (Exam Topic 5)
Emil uses nmap to scan two hosts using this command.
nmap -sS -T4 -O 192.168.99.1 192.168.99.7
He receives this output:
Only exact questions will Pass You in Exam
4 of 9
Exact Questions
ECCouncil - 312-50v10
What is his conclusion?
A. Host 192.168.99.7 is an iPad.
B. He performed a SYN scan and OS scan on hosts 192.168.99.1 and 192.168.99.7.
C. Host 192.168.99.1 is the host that he launched the scan from.
D. Host 192.168.99.7 is down.
Answer: B
Only exact questions will Pass You in Exam
5 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 7, Exam Pool G
Question #:7 - (Exam Topic 7)
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full
of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against
user accounts located by the application. The larger the word and word fragment selection, the more effective
the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every
possible letter and number combination in its automated exploration. If you would use both brute force and
dictionary methods combined together to have variation of words, what would you call such an attack?
A. Full Blown
B. Thorough
C. Hybrid
D. BruteDics
Answer: C
Question #:8 - (Exam Topic 7)
Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A
and B are working together in developing a product that will generate a major competitive advantage for them.
Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a
spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company
B. How do you prevent DNS spoofing?
A. Install DNS logger and track vulnerable packets
B. Disable DNS timeouts
C. Install DNS Anti-spoofing
D. Disable DNS Zone Transfer
Answer: C
Only exact questions will Pass You in Exam
6 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 2, Exam Pool B
Question #:9 - (Exam Topic 2)
Which of the following is a preventive control?
A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan
Answer: A
Question #:10 - (Exam Topic 2)
What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?
A. Injecting parameters into a connection string using semicolons as a separator
B. Inserting malicious Javascript code into input parameters
C. Setting a user's session identifier (SID) to an explicit known value
D. Adding multiple parameters with the same name in HTTP requests
Answer: A
Only exact questions will Pass You in Exam
7 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 3, Exam Pool C
Only exact questions will Pass You in Exam
8 of 9
Exact Questions
ECCouncil - 312-50v10
Topic 4, Exam Pool D
Only exact questions will Pass You in Exam
9 of 9
About exact2pass.com
exact2pass.com was founded in 2007. We provide latest & high quality IT / Business Certification Training Exam
Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.
Sales: [email protected]
Feedback: [email protected]
Support: [email protected]
Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.