Your success in EC-Council 312-50v9 is our sole target and we develop all our 312-50v9 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50v9 study material the best you can find, it is also the most detailed and the most updated. 312-50v9 Practice Exams for EC-Council CEH 312-50v9 are written to the highest standards of technical accuracy.
If you would certainly such as to recognize more concerning 312-50v9 exam, call us or merely visit us at our internet 2PASSEASY.COM site.
Q1. Perspective clients wantto see sample reports from previous penetration tests. What should you do next?
A. Share full reports, not redacted.
B. Share full reports, with redacted.
C. Decline but, provide references.
D. Share reports, after NDA is signed.
Q2. Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
A. Jack the ripper
Q3. It isan entity or event with the potential to adversely impact a system through unauthorized access destruction disclosures denial of service or modification of data.
Which of the following terms best matches this definition?
Q4. A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing inconcluding the Operating System (OS) version installed. Considering the NMAP result below, which of the follow is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report
for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80 /tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tec open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8
A. The host is likely a printer.
B. The host is likely a router.
C. The host is likely a Linux machine.
D. The host is likely a Windows machine.
Q5. An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker’s database.
<frame src=http://www/vulnweb.com/updataif.php Style=”display:none”></iframe> What is this type of attack (that can use either HTTP GET or HRRP POST) called?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. SQL Injection
D. Browser Hacking
Q6. This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attach along with some optimizations like Korek attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Which of the following tools is being described?
Q7. You are usingNMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?
A. >host –t ns hackeddomain.com
B. >host –t AXFR hackeddomain.com
C. >host –t soa hackeddomain.com
D. >host –t a hackeddomain.com
Q8. The purpose of a is to deny network access to local area networks and other information assets by unauthorized wireless devices.
A. Wireless Access Point
B. Wireless Analyzer
C. Wireless Access Control list
D. Wireless Intrusion Prevention System
Q9. The configuration allows a wired or wireless network interface controller to pass all trafice it receives to thecentral processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?
B. Multi-cast mode
C. Promiscuous mode
D. Port forwarding
Q10. When you return to your desk after a lunch break, you notice a strange email in your inbox. The senders is someone you did business with recently but the subject line has strange characters in it.
What should you do?
A. Forward the message to your company’s security response team and permanently delete the message from your computer.
B. Delete the email and pretend nothing happened.
C. Forward the message to your supervisor andask for her opinion on how to handle the situation.
D. Reply to the sender and ask them for more information about the message contents.
Q11. A hacker has successfully infected an internet-facing server, which he will then use to send junk mail, take part incoordinated attacks, or host junk email content.
Which sort of trojan infects this server?
A. Botnet Trojan
B. Banking Trojans
C. Ransomware Trojans
D. Turtle Trojans
Q12. It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up windows, webpage,or email warning from what looks like an officialauthority. It explains your computer has been locked because of possible illegal activities and demands payment before you can access your files and programs again.
Which term best matches this definition?
Q13. An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?
A. Insufficient security management
B. Insufficient database hardening
C. Insufficient exception handling
D. Insufficient input validation
Q14. You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping but you didn’t get any response back.
What is happening?
A. TCP/IP doesn’t support ICMP.
B. ICMP could be disabled on the target server.
C. The ARP is disabled on the target server.
D. You need to run the ping command with root privileges.
Q15. Which of the following is component of a risk assessment?
A. Logical interface
C. Administrative safeguards
D. Physical security
Q16. While performing online banking using a web browser, a user receives an email that contains alink to an interesting Web site. When the user clicks on the link, another web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What web browser-based security vulnerability was exploited to compromise the user?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. Web form input validation
Q17. Which of the following is a design pattern based on distinct pieces ofsoftware providing application functionality as services to other applications?
A. Lean Coding
B. Service Oriented Architecture
C. Object Oriented Architecture
D. Agile Process
Q18. As a Certified Ethical hacker, you were contracted by aprivate firm to conduct an external security assessment through penetration testing.
What document describes the specified of the testing, the associated violations, and essentially protects both the organization’s interest and your li abilities as a tester?
A. Term of Engagement
B. Non-Disclosure Agreement
C. Project Scope
D. Service Level Agreement
Q19. You have successfully gained access to your client’s internal network and successfully comprised a linux server which is part of the internal IP network. You want to know which
Microsoft Windows workstation have the sharing enabled.
Which port would you see listeningon these Windows machines in the network?
Q20. During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?
A. Terminate the audit.
B. Identify and evaluate existing practices.
C. Create a procedures document
D. Conduct compliance testing
Q21. An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, digital Subscriber Line (DSL), wireless data services, and virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?
A. D. TACACS+