Download Certified Ethical Hacker (312-50v9).312-50.Train4Sure.2018-10-29.271q.vcex

Vendor: ECCouncil
Exam Code: 312-50
Exam Name: Certified Ethical Hacker (312-50v9)
Date: Oct 29, 2018
File Size: 1 MB
Downloads: 1

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?
  1. The consultant will ask for money on the bid because of great work.
  2. The consultant may expose vulnerabilities of other companies.
  3. The company accepting bids will want the same type of format of testing.
  4. The company accepting bids will hire the consultant because of the great work performed.
Correct answer: B
Question 2
Which type of scan is used on the eye to measure the layer of blood vessels?
  1. Facial recognition scan
  2. Retinal scan
  3. Iris scan
  4. Signature kinetics scan
Correct answer: B
Question 3
What is the main reason the use of a stored biometric is vulnerable to an attack?
  1. The digital representation of the biometric might not be unique, even if the physical characteristic is unique.
  2. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
  3. A stored biometric is no longer "something you are" and instead becomes "something you have".
  4. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.
Correct answer: D
Question 4
During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?
  1. The tester must capture the WPA2 authentication handshake and then crack it.
  2. The tester must use the tool inSSIDer to crack it using the ESSID of the network.
  3. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.
  4. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.
Correct answer: A
Question 5
Which type of antenna is used in wireless communication?
  1. Omnidirectional
  2. Parabolic
  3. Uni-directional
  4. Bi-directional
Correct answer: A
Question 6
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?
  1. Blue Book
  2. ISO 26029
  3. Common Criteria
  4. The Wassenaar Agreement
Correct answer: C
Question 7
One way to defeat a multi-level security solution is to leak data via
  1. a bypass regulator.
  2. steganography.
  3. a covert channel.
  4. asymmetric routing.
Correct answer: C
Question 8
Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?
  1. The victim user must open the malicious link with an Internet Explorer prior to version 8.
  2. The session cookies generated by the application do not have the HttpOnly flag set.
  3. The victim user must open the malicious link with a Firefox prior to version 3.
  4. The web application should not use random tokens.
Correct answer: D
Question 9
What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?
  1. The request to the web server is not visible to the administrator of the vulnerable application.
  2. The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.
  3. The successful attack does not show an error message to the administrator of the affected application.
  4. The vulnerable application does not display errors with information about the injection results to the attacker.
Correct answer: D
Question 10
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. 
The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?
  1. Using the Metasploit psexec module setting the SA / Admin credential
  2. Invoking the stored procedure xp_shell to spawn a Windows command shell
  3. Invoking the stored procedure cmd_shell to spawn a Windows command shell
  4. Invoking the stored procedure xp_cmdshell to spawn a Windows command shell
Correct answer: D

Use VCE Exam Simulator to open VCE files


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!