[Sep 30, 2021] Latest 312-50v10 Exam with Accurate Certified Ethical Hacker Exam (CEH v10) PDF Questions
Practice To 312-50v10 - Fast2test Remarkable Practice On your Certified Ethical Hacker Exam (CEH v10) Exam
NEW QUESTION 194
Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?
- A. RSA 1024 bit strength
- B. RSA 512 bit strength
- C. AES 512 bit strength
- D. AES 1024 bit strength
Answer: A
NEW QUESTION 195
Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a
technique of hiding a secret message within an ordinary message. The technique provides 'security
through obscurity'.
What technique is Ricardo using?
- A. Steganography
- B. Encryption
- C. RSA algorithm
- D. Public-key cryptography
Answer: A
NEW QUESTION 196
Which of these options is the most secure procedure for storing backup tapes?
- A. Inside the data center for faster retrieval in a fireproof safe
- B. On a different floor in the same building
- C. In a cool dry environment
- D. In a climate controlled facility offsite
Answer: D
Explanation:
Explanation
An effective disaster data recovery strategy should consist of producing backup tapes and housing them in an offsite storage facility. This way the data isn't compromised if a natural disaster affects the business' office. It is highly recommended that the backup tapes be handled properly and stored in a secure, climate controlled facility. This provides peace of mind, and gives the business almost immediate stability after a disaster.
References:
http://www.entrustrm.com/blog/1132/why-is-offsite-tape-storage-the-best-disaster-recovery-strategy
NEW QUESTION 197
While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you do?
- A. Ignore the data and continue the assessment until completed as agreed
- B. Immediately stop work and contact the proper legal authorities
- C. Confront the client in a respectful manner and ask her about the data
- D. Copy the data to removable media and keep it in case you need it
Answer: B
NEW QUESTION 198
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:
What is she trying to achieve?
- A. She is using ftp to transfer the file to another hacker named John.
- B. She is encrypting the file.
- C. She is using John the Ripper to crack the passwords in the secret.txt file.
- D. She is using John the Ripper to view the contents of the file.
Answer: C
NEW QUESTION 199
Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications an unpatched security flaws in a computer system?
- A. Metasploit
- B. Nessus
- C. Wireshark
- D. Maltego
Answer: A
NEW QUESTION 200
What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?
- A. A stealth scan, opening port 123 and 153
- B. A stealth scan, checking all open ports excluding ports 123 to 153
- C. A stealth scan, checking open ports 123 to 153
- D. A stealth scan, determine operating system, and scanning ports 123 to 153
Answer: D
NEW QUESTION 201
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
- A. biometrics
- B. single sign on
- C. PKI
- D. SOA
Answer: C
NEW QUESTION 202
Which of the following is designed to identify malicious attempts to penetrate systems?
- A. Router
- B. Firewall
- C. Proxy
- D. Intrusion Detection System
Answer: D
Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces electronic reports to a management station.
References: https://en.wikipedia.org/wiki/Intrusion_detection_system
NEW QUESTION 203
(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.). Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
What is odd about this attack? Choose the best answer.
- A. These packets were crafted by a tool, they were not created by a standard IP stack.
- B. The attacker wants to avoid creating a sub-carries connection that is not normally valid.
- C. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
- D. This is back orifice activity as the scan comes from port 31337.
Answer: D
NEW QUESTION 204
You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back.
What is happening?
- A. You need to run the ping command with root privileges.
- B. ICMP could be disabled on the target server.
- C. The ARP is disabled on the target server.
- D. TCP/IP doesn't support ICMP.
Answer: B
Explanation:
Explanation
The ping utility is implemented using the ICMP "Echo request" and "Echo reply" messages.
Note: The Internet Control Message Protocol (ICMP) is one of the main protocols of the internet protocol suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.
References: https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
NEW QUESTION 205
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
- A. Full disk encryption.
- B. Password protected files
- C. Hidden folders
- D. BIOS password
Answer: A
NEW QUESTION 206
While using your bank's online servicing you notice the following string in the URL bar:
"http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21" You observe that if you modify the Damount&Camount values and submit the request, that data on the web page reflects the changes.
Which type of vulnerability is present on this site?
- A. XSS Reflection
- B. SQL Injection
- C. Web Parameter Tampering
- D. Cookie Tampering
Answer: C
NEW QUESTION 207
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?
- A. Tailgating
- B. Man trap
- C. Social engineering
- D. Shoulder surfing
Answer: A
NEW QUESTION 208
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
- A. Network firewalls can prevent attacks because they can detect malicious HTTP traffic.
- B. Network firewalls can prevent attacks if they are properly configured.
- C. Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.
- D. Network firewalls cannot prevent attacks because they are too complex to configure.
Answer: C
Explanation:
Explanation
Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. To prevent Web Application attacks an Application layer firewall would be required.
References: https://en.wikipedia.org/wiki/Firewall_(computing)#Network_layer_or_packet_filters
NEW QUESTION 209
What are the three types of authentication?
- A. Something you: know, remember, prove
- B. Something you: show, prove, are
- C. Something you: show, have, prove
- D. Something you: have, know, are
Answer: D
NEW QUESTION 210
......
Exam Questions and Answers for 312-50v10 Study Guide Questions and Answers!: https://www.fast2test.com/312-50v10-premium-file.html