Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-50 - Certified Ethical Hacker Exam

ECCouncil 312-50 Premium Access     Download Demo    
Page: 1 / 13
Total 614 questions

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim’s profile to a text file and then submit the data to the attacker’s database.

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

A.

Cross-Site Request Forgery

B.

Cross-Site Scripting

C.

SQL Injection

D.

Browser Hacking

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

A.

Application Layer

B.

Data tier

C.

Presentation tier

D.

Logic tier

By using a smart card and pin, you are using a two-factor authentication that satisfies

A.

Something you know and something you are

B.

Something you have and something you know

C.

Something you have and something you are

D.

Something you are and something you remember

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

A.

Do not reply to email messages or popup ads asking for personal or financial information

B.

Do not trust telephone numbers in e-mails or popup ads

C.

Review credit card and bank account statements regularly

D.

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

E.

Do not send credit card numbers, and personal or financial information via e-mail

What are two things that are possible when scanning UDP ports? (Choose two.)

A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

What is the most common method to exploit the “Bash Bug” or “ShellShock" vulnerability?

A.

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

B.

Manipulate format strings in text fields

C.

SSH

D.

SYN Flood

What did the following commands determine?

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?

A.

Running a network scan to detect network services in the corporate DMZ

B.

Reviewing the need for a security clearance for each employee

C.

Using configuration management to determine when and where to apply security patches

D.

Training employees on the security policy regarding social engineering

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.

What should you do?

A.

Report immediately to the administrator

B.

Do not report it and continue the penetration test.

C.

Transfer money from the administrator's account to another account.

D.

Do not transfer the money but steal the bitcoins.

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A.

Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

B.

Attempts by attackers to access the user and password information stored in the company's SQL database.

C.

Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D.

Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.