312-50v10 | Avant-garde 312-50v10 Cram 2019
It is impossible to pass EC-Council 312-50v10 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed EC-Council 312-50v10 practice questions. You will get a surprising result by our Improved Certified Ethical Hacker v10 practice guides.
NEW QUESTION 1
What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?
- A. 110
- B. 135
- C. 139
- D. 161
- E. 445
- F. 1024
NEW QUESTION 2
While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activities. What should you do?
- A. Immediately stop work and contact the proper legal authorities
- B. Ignore the data and continue the assessment until completed as agreed
- C. Confront the client in a respectful manner and ask her about the data
- D. Copy the data to removable media and keep it in case you need it
NEW QUESTION 3
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
- A. -sO
- B. -sP
- C. -sS
- D. -sU
NEW QUESTION 4
Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?
- A. http-git
- B. http-headers
- C. http enum
- D. http-methods
NEW QUESTION 5
In order to have an anonymous Internet surf, which of the following is best choice?
- A. Use SSL sites when entering personal information
- B. Use Tor network with multi-node
- C. Use shared WiFi
- D. Use public VPN
NEW QUESTION 6
Which set of access control solutions implements two-factor authentication?
- A. USB token and PIN
- B. Fingerprint scanner and retina scanner
- C. Password and PIN
- D. Account and password
NEW QUESTION 7
Which of the following cryptography attack methods is usually performed without the use of a computer?
- A. Ciphertext-only attack
- B. Chosen key attack
- C. Rubber hose attack
- D. Rainbow table attack
NEW QUESTION 8
While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?
- A. The port will send an ACK
- B. The port will send a SYN
- C. The port will ignore the packets
- D. The port will send an RST
NEW QUESTION 9
You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?
- A. Network-based IDS
- B. Firewall
- C. Proxy
- D. Host-based IDS
A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to protect a system from network-based threats.
A NIDS reads all inbound packets and searches for any suspicious patterns. When threats are discovered, based on its severity, the system can take action such as notifying administrators, or barring the source IP address from accessing the network.
NEW QUESTION 10
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?
- A. Penetration testing
- B. Social engineering
- C. Vulnerability scanning
- D. Access control list reviews
NEW QUESTION 11
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?
- A. False positive
- B. False negative
- C. True positve
- D. True negative
NEW QUESTION 12
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?
- A. promiscuous mode
- B. port forwarding
- C. multi-cast mode
- D. WEM
Promiscuous mode refers to the special mode of Ethernet hardware, in particular network interface cards (NICs), that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC. By default, a NIC ignores all traffic that is not addressed to it, which is done by comparing the destination address of the Ethernet packet with the hardware address (a.k.a. MAC) of the device. While this makes perfect sense for networking, non-promiscuous mode makes it difficult to use network monitoring and analysis software for diagnosing connectivity issues or traffic accounting.
NEW QUESTION 13
Which of the following is a detective control?
- A. Smart card authentication
- B. Security policy
- C. Audit trail
- D. Continuity of operations plan
NEW QUESTION 14
Code injection is a form of attack in which a malicious user:
- A. Inserts text into a data field that gets interpreted as code
- B. Gets the server to execute arbitrary code using a buffer overflow
- D. Gains access to the codebase on the server and inserts new code
NEW QUESTION 15
In order to show improvement of security over time, what must be developed?
- A. Reports
- B. Testing tools
- C. Metrics
- D. Taxonomy of vulnerabilities
Today, management demands metrics to get a clearer view of security.
Metrics that measure participation, effectiveness, and window of exposure, however, offer information the organization can use to make plans and improve programs.
NEW QUESTION 16
Which of the following is the best countermeasure to encrypting ransomwares?
- A. Use multiple antivirus softwares
- B. Keep some generation of off-line backup
- C. Analyze the ransomware to get decryption key of encrypted data
- D. Pay a ransom
NEW QUESTION 17
Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?
- A. Switch then acts as hub by broadcasting packets to all machines on the network
- B. The CAM overflow table will cause the switch to crash causing Denial of Service
- C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
- D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port
NEW QUESTION 18
Which of the following is a component of a risk assessment?
- A. Administrative safeguards
- B. Physical security
- C. DMZ
- D. Logical interface
Risk assessment include:
NEW QUESTION 19
Which of the following tools are used for enumeration? (Choose three.)
- A. SolarWinds
- B. USER2SID
- C. Cheops
- D. SID2USER
- E. DumpSec
NEW QUESTION 20
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?
- A. Firewalking
- B. Session hijacking
- C. Network sniffing
- D. Man-in-the-middle attack
NEW QUESTION 21
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?
- A. Start by foot printing the network and mapping out a plan of attack.
- B. Ask the employer for authorization to perform the work outside the company.
- C. Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
- D. Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.
NEW QUESTION 22
A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites.
77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?
- A. The packets were sent by a worm spoofing the IP addresses of 47 infected sites
- B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system
- C. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number
- D. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0
NEW QUESTION 23
If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?
- A. Civil
- B. International
- C. Criminal
- D. Common
NEW QUESTION 24
When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?
- A. A bottom-up approach
- B. A top-down approach
- C. A senior creation approach
- D. An IT assurance approach
NEW QUESTION 25
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?
- A. Use the same machines for DNS and other applications
- B. Harden DNS servers
- C. Use split-horizon operation for DNS servers
- D. Restrict Zone transfers
- E. Have subnet diversity between DNS servers
NEW QUESTION 26
100% Valid and Newest Version 312-50v10 Questions & Answers shared by prep-labs.com, Get Full Dumps HERE: https://www.prep-labs.com/dumps/312-50v10/ (New 736 Q&As)