312-50v11 by EC-COUNCIL Actual Free Exam Questions And Answers

Question 1

Consider the following Nmap output:

what command-line parameter could you use to determine the type and version number of the web server?

A. -Pn

B. -V

C. -ss

D. -sv

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network.
Which of these tools would do the SNMP enumeration he is looking for? Select the best answers.

A. NMap

B. SNMPUtil

C. SNMPScan

D. SNScan

E. Solarwinds IP Network Browser

Discussion 0

Correct Answer: B,D,E Vote an answer

Question 3

Which of the following statements is FALSE with respect to Intrusion Detection Systems?

A. Intrusion Detection Systems can be configured to distinguish specific content in network packets

B. Intrusion Detection Systems can examine the contents of the data n context of the network protocol

C. Intrusion Detection Systems can easily distinguish a malicious payload in an encrypted traffic

D. Intrusion Detection Systems require constant update of the signature library

Discussion 0

Correct Answer: C Vote an answer

Question 4

What tool can crack Windows SMB passwords simply by listening to network traffic?

A. Netbus

B. NTFSDOS

C. This is not possible

D. L0phtcrack

Discussion 0

Correct Answer: D Vote an answer

Question 5

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C. Symmetric encryption allows the server to security transmit the session keys out-of-band.

D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Discussion 0

Correct Answer: A Vote an answer

Question 6

Which type of sniffing technique is generally referred as MiTM attack?

A. Password Sniffing

B. ARP Poisoning

C. Mac Flooding

D. DHCP Sniffing

Discussion 0

Correct Answer: B Vote an answer

Question 7

PGP, SSL, and IKE are all examples of which type of cryptography?

A. Hash Algorithm

B. Public Key

C. Secret Key

D. Digest

Discussion 0

Correct Answer: B Vote an answer

Question 8

A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely.
Which web-page file type, if it exists on the web server, is a strong indication that the server is vulnerable to this kind of attack?

A. .cms

B. .html

C. .rss

D. .stm

Discussion 0

Correct Answer: D Vote an answer

Question 9

Which command can be used to show the current TCP/IP connections?

A. Netsh

B. Net use connection

C. Netstat

D. Net use

Discussion 0

Correct Answer: A Vote an answer

Question 10

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

A. Whois footprinting

B. Email footprinting

C. VoIP footprinting

D. VPN footprinting

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 11

What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?

A. Flooding the web server with requests to perform a DoS attack

B. Using wget to perform banner grabbing on the webserver

C. Downloading all the contents of the web page locally for further examination

D. Performing content enumeration on the web server to discover hidden folders

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 12

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?

A. Modifying and replaying captured network traffic

B. Collecting unencrypted information about usernames and passwords

C. Identifying operating systems, services, protocols and devices

D. Capturing a network traffic for further analysis

Discussion 0

Correct Answer: A Vote an answer

Question 13

This kind of password cracking method uses word lists in combination with numbers and special characters:

A. Symmetric

B. Linear

C. Brute Force

D. Hybrid

Discussion 0

Correct Answer: D Vote an answer

Question 14

What tool can crack Windows SMB passwords simply by listening to network traffic?

A. Netbus

B. NTFSDOS

C. This is not possible

D. L0phtcrack

Discussion 0

Correct Answer: D Vote an answer

EC-COUNCIL Certified Ethical Hacker Exam (CEH v11) - 312-50v11 Exam Practice Test

Contact Us

Useful Links

Latest Updated