Download Certified Ethical Hacker v10 Exam.312-50v10.Prep4Sure.2018-10-16.85q.vcex

Vendor: ECCouncil
Exam Code: 312-50v10
Exam Name: Certified Ethical Hacker v10 Exam
Date: Oct 16, 2018
File Size: 288 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol? 
  1. Based on XML
  2. Only compatible with the application protocol HTTP
  3. Exchanges data between web services
  4. Provides a structured model for messaging
Correct answer: B
Question 2
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
  1. John the Ripper
  2. SET
  3. CHNTPW
  4. Cain & Abel
Correct answer: C
Explanation:
Question 3
What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?
  1. Cross-site request forgery
  2. Cross-site scripting
  3. Session hijacking
  4. Server side request forgery
Correct answer: A
Question 4
From the following table, identify the wrong answer in terms of Range (ft). 
  
  1. 802.11b
  2. 802.11g
  3. 802.16(WiMax)
  4. 802.11a
Correct answer: D
Explanation:
Question 5
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which tool could the tester use to get a response from a host using TCP?
  1. Traceroute
  2. Hping
  3. TCP ping
  4. Broadcast ping
Correct answer: B
Question 6
Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?
  1. Bootrom Exploit
  2. iBoot Exploit
  3. Sandbox Exploit
  4. Userland Exploit
Correct answer: D
Question 7
What is not a PCI compliance recommendation?
  1. Use a firewall between the public network and the payment card data.
  2. Use encryption to protect all transmission of card holder data over any public network.
  3. Rotate employees handling credit card transactions on a yearly basis to different departments.
  4. Limit access to card holder data to as few individuals as possible. 
Correct answer: C
Question 8
The "white box testing" methodology enforces what kind of restriction?
  1. Only the internal operation of a system is known to the tester.
  2. The internal operation of a system is completely known to the tester.
  3. The internal operation of a system is only partly accessible to the tester.
  4. Only the external operation of a system is accessible to the tester.
Correct answer: B
Question 9
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
  1. SQL injection attack
  2. Cross-Site Scripting (XSS)
  3. LDAP Injection attack
  4. Cross-Site Request Forgery (CSRF)
Correct answer: B
Explanation:
Question 10
The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110:
  
What type of activity has been logged? 
  1. Teardrop attack targeting 192.168.0.110
  2. Denial of service attack targeting 192.168.0.105
  3. Port scan targeting 192.168.0.110
  4. Port scan targeting 192.168.0.105
Correct answer: C
Question 11
Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol? 
  1. Based on XML
  2. Only compatible with the application protocol HTTP
  3. Exchanges data between web services
  4. Provides a structured model for messaging
Correct answer: B
Question 12
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your toolkit, you have an Ubuntu 9.10 Linux LiveCD. Which Linux-based tool can change any user’s password or activate disabled Windows accounts?
  1. John the Ripper
  2. SET
  3. CHNTPW
  4. Cain & Abel
Correct answer: C
Explanation:
Question 13
What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?
  1. Cross-site request forgery
  2. Cross-site scripting
  3. Session hijacking
  4. Server side request forgery
Correct answer: A
Question 14
From the following table, identify the wrong answer in terms of Range (ft). 
  
  1. 802.11b
  2. 802.11g
  3. 802.16(WiMax)
  4. 802.11a
Correct answer: D
Explanation:
Question 15
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which tool could the tester use to get a response from a host using TCP?
  1. Traceroute
  2. Hping
  3. TCP ping
  4. Broadcast ping
Correct answer: B
Question 16
Which of the following types of jailbreaking allows user-level access but does not allow iboot-level access?
  1. Bootrom Exploit
  2. iBoot Exploit
  3. Sandbox Exploit
  4. Userland Exploit
Correct answer: D
Question 17
What is not a PCI compliance recommendation?
  1. Use a firewall between the public network and the payment card data.
  2. Use encryption to protect all transmission of card holder data over any public network.
  3. Rotate employees handling credit card transactions on a yearly basis to different departments.
  4. Limit access to card holder data to as few individuals as possible. 
Correct answer: C
Question 18
The "white box testing" methodology enforces what kind of restriction?
  1. Only the internal operation of a system is known to the tester.
  2. The internal operation of a system is completely known to the tester.
  3. The internal operation of a system is only partly accessible to the tester.
  4. Only the external operation of a system is accessible to the tester.
Correct answer: B
Question 19
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
  1. SQL injection attack
  2. Cross-Site Scripting (XSS)
  3. LDAP Injection attack
  4. Cross-Site Request Forgery (CSRF)
Correct answer: B
Explanation:
Question 20
The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110:
  
What type of activity has been logged? 
  1. Teardrop attack targeting 192.168.0.110
  2. Denial of service attack targeting 192.168.0.105
  3. Port scan targeting 192.168.0.110
  4. Port scan targeting 192.168.0.105
Correct answer: C
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!