Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-50v11 - Certified Ethical Hacker Exam (CEH v11)

ECCouncil 312-50v11 Premium Access     Download Demo    
Page: 2 / 11
Total 528 questions

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

A.

SOA

B.

biometrics

C.

single sign on

D.

PKI

What is the first step for a hacker conducting a DNS cache poisoning (DNS spoofing) attack against an organization?

A.

The attacker queries a nameserver using the DNS resolver.

B.

The attacker makes a request to the DNS resolver.

C.

The attacker forges a reply from the DNS resolver.

D.

The attacker uses TCP to poison the ONS resofver.

Why is a penetration test considered to be more thorough than vulnerability scan?

A.

Vulnerability scans only do host discovery and port scanning by default.

B.

A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.

C.

It is not – a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

D.

The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network lo identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

A.

internal assessment

B.

Passive assessment

C.

External assessment

D.

Credentialed assessment

This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or false response from the server. By observing the response, an attacker can extract sensitive information. What type of attack is this?

A.

Time-based SQL injection

B.

Union SQL injection

C.

Error-based SQL injection

D.

Blind SQL injection

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

A.

Public

B.

Private

C.

Shared

D.

Root

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.

What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

A.

Side-channel attack

B.

Denial-of-service attack

C.

HMI-based attack

D.

Buffer overflow attack

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

What seems to be wrong?

A.

The nmap syntax is wrong.

B.

This is a common behavior for a corrupted nmap application.

C.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

D.

OS Scan requires root privileges.

Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a search query and tracked the original source and details of the images, which included photographs, profile pictures, and memes. Which of the following footprinting techniques did Rachel use to finish her task?

A.

Reverse image search

B.

Meta search engines

C.

Advanced image search

D.

Google advanced search

John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the IDAP service for sensitive information such as usernames. addresses, departmental details, and server names to launch further attacks on the target organization.

What is the tool employed by John to gather information from the IDAP service?

A.

jxplorer

B.

Zabasearch

C.

EarthExplorer

D.

Ike-scan

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.

Which command would you use?

A.

c:\compmgmt.msc

B.

c:\services.msc

C.

c:\ncpa.cp

D.

c:\gpedit

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

A.

VPN footprinting

B.

Email footprinting

C.

VoIP footprinting

D.

Whois footprinting

Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that

permits users to authenticate once and gain access to multiple systems?

A.

Role Based Access Control (RBAC)

B.

Discretionary Access Control (DAC)

C.

Single sign-on

D.

Windows authentication

Kate dropped her phone and subsequently encountered an issue with the phone's internal speaker. Thus, she is using the phone's loudspeaker for phone calls and other activities. Bob, an attacker, takes advantage of this vulnerability and secretly exploits the hardware of Kate's phone so that he can monitor the loudspeaker's output from data sources such as voice assistants, multimedia messages, and audio files by using a malicious app to breach speech privacy. What is the type of attack Bob performed on Kate in the above scenario?

A.

Man-in-the-disk attack

B.

aLTEr attack

C.

SIM card attack

D.

Spearphone attack

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

A.

Bob can be right since DMZ does not make sense when combined with stateless firewalls

B.

Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C.

Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D.

Bob is partially right. DMZ does not make sense when a stateless firewall is available