What Top Quality 312-50v11 Exam Dumps Is

Act now and download your EC-Council 312-50v11 test today! Do not waste time for the worthless EC-Council 312-50v11 tutorials. Download Replace EC-Council Certified Ethical Hacker Exam (CEH v11) exam with real questions and answers and begin to learn EC-Council 312-50v11 with a classic professional.

Free 312-50v11 Demo Online For EC-Council Certifitcation:

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

  • A. Block port 25 at the firewall.
  • B. Shut off the SMTP service on the server.
  • C. Force all connections to use a username and password.
  • D. Switch from Windows Exchange to UNIX Sendmail.
  • E. None of the above.

Answer: E

Which of the following are well known password-cracking programs?

  • A. L0phtcrack
  • B. NetCat
  • C. Jack the Ripper
  • D. Netbus
  • E. John the Ripper

Answer: AE

Which of the following is an extremely common IDS evasion technique in the web world?

  • A. Spyware
  • B. Subnetting
  • C. Unicode Characters
  • D. Port Knocking

Answer: C

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

  • A. SFTP
  • B. Ipsec
  • C. SSL
  • D. FTPS

Answer: B

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

  • A. Install DNS logger and track vulnerable packets
  • B. Disable DNS timeouts
  • C. Install DNS Anti-spoofing
  • D. Disable DNS Zone Transfer

Answer: C

Which of the following steps for risk assessment methodology refers to vulnerability identification?

  • A. Determines if any flaws exist in systems, policies, or procedures
  • B. Assigns values to risk probabilities; Impact values.
  • C. Determines risk probability that vulnerability will be exploited (Hig
  • D. Medium, Low)
  • E. Identifies sources of harm to an IT syste
  • F. (Natural, Huma
  • G. Environmental)

Answer: C

A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

  • A. Attempts by attackers to access the user and password information stored in the company’s SQL database.
  • B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
  • C. Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.
  • D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Answer: B

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

  • A. list server= type=all
  • B. is-d abccorp.local
  • C. Iserver all
  • D. List domain=Abccorp.local type=zone

Answer: B

Which service in a PKI will vouch for the identity of an individual or company?

  • A. KDC
  • B. CR
  • C. CBC
  • D. CA

Answer: D

What is the following command used for? net use \targetipc$ "" /u:""

  • A. Grabbing the etc/passwd file
  • B. Grabbing the SAM
  • C. Connecting to a Linux computer through Samba.
  • D. This command is used to connect as a null session
  • E. Enumeration of Cisco routers

Answer: D

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

  • A. Behavioral based
  • B. Heuristics based
  • C. Honeypot based
  • D. Cloud based

Answer: D

What is a NULL scan?

  • A. A scan in which all flags are turned off
  • B. A scan in which certain flags are off
  • C. A scan in which all flags are on
  • D. A scan in which the packet size is set to zero
  • E. A scan with an illegal packet size

Answer: A

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

  • A.
  • B.
  • C. 10..1.5.200
  • D.

Answer: C

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

  • A. Full Blown
  • B. Thorough
  • C. Hybrid
  • D. BruteDics

Answer: C

Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?

  • A. Scanning
  • B. Footprinting
  • C. Enumeration
  • D. System Hacking

Answer: B

MX record priority increases as the number increases. (True/False.)

  • A. True
  • B. False

Answer: B

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?

  • A. Confront the client in a respectful manner and ask her about the data.
  • B. Copy the data to removable media and keep it in case you need it.
  • C. Ignore the data and continue the assessment until completed as agreed.
  • D. Immediately stop work and contact the proper legal authorities.

Answer: D

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.
What kind of attack is Susan carrying on?

  • A. A sniffing attack
  • B. A spoofing attack
  • C. A man in the middle attack
  • D. A denial of service attack

Answer: C

Jim’s company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. Instead, Jim’s company keeps the backup tapes in a safe in the office. Jim’s company is audited each year, and the results from this year’s audit show a risk because backup tapes are not stored off-site. The Manager of Information Technology has a plan to take the backup tapes home with him and wants to know what two things he can do to secure the backup tapes while in transit?

  • A. Encrypt the backup tapes and transport them in a lock box.
  • B. Degauss the backup tapes and transport them in a lock box.
  • C. Hash the backup tapes and transport them in a lock box.
  • D. Encrypt the backup tapes and use a courier to transport them.

Answer: A

PGP, SSL, and IKE are all examples of which type of cryptography?

  • A. Digest
  • B. Secret Key
  • C. Public Key
  • D. Hash Algorithm

Answer: C

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?

  • A. Information Audit Policy (IAP)
  • B. Information Security Policy (ISP)
  • C. Penetration Testing Policy (PTP)
  • D. Company Compliance Policy (CCP)

Answer: B

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

  • A. Service Level Agreement
  • B. Project Scope
  • C. Rules of Engagement
  • D. Non-Disclosure Agreement

Answer: C

Fingerprinting an Operating System helps a cracker because:

  • A. It defines exactly what software you have installed
  • B. It opens a security-delayed window based on the port being scanned
  • C. It doesn't depend on the patches that have been applied to fix existing security holes
  • D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer: D

Within the context of Computer Security, which of the following statements describes Social Engineering best?

  • A. Social Engineering is the act of publicly disclosing information
  • B. Social Engineering is the means put in place by human resource to perform time accounting
  • C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
  • D. Social Engineering is a training program within sociology studies

Answer: C


100% Valid and Newest Version 312-50v11 Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/312-50v11/ (New 254 Q&As)