Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-50 - Certified Ethical Hacker Exam

ECCouncil 312-50 Premium Access     Download Demo    
Page: 3 / 13
Total 614 questions

A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?

A.

Mutating

B.

Randomizing

C.

Fuzzing

D.

Bounding

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

A.

AH Tunnel mode

B.

AH promiscuous

C.

ESP transport mode

D.

ESP confidential

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

A.

Cross-site scripting

B.

SQL injection

C.

VPath injection

D.

XML denial of service issues

Which of the following descriptions is true about a static NAT?

A.

A static NAT uses a many-to-many mapping.

B.

A static NAT uses a one-to-many mapping.

C.

A static NAT uses a many-to-one mapping.

D.

A static NAT uses a one-to-one mapping.

Which element of Public Key Infrastructure (PKI) verifies the applicant?

A.

Certificate authority

B.

Validation authority

C.

Registration authority

D.

Verification authority

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

A.

Multiple keys for non-repudiation of bulk data

B.

Different keys on both ends of the transport medium

C.

Bulk encryption for data transmission over fiber

D.

The same key on each end of the transmission medium

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Which statement best describes a server type under an N-tier architecture?

A.

A group of servers at a specific layer

B.

A single server with a specific role

C.

A group of servers with a unique role

D.

A single server at a specific layer