Exambible offers free demo for 312-50v11 exam. "Certified Ethical Hacker Exam (CEH v11)", also known as 312-50v11 exam, is a EC-Council Certification. This set of posts, Passing the EC-Council 312-50v11 exam, will help you answer those questions. The 312-50v11 Questions & Answers covers all the knowledge points of the real exam. 100% real EC-Council 312-50v11 exams and revised by experts!

Also have 312-50v11 free dumps questions for you:

NEW QUESTION 1
One of your team members has asked you to analyze the following SOA record. What is the version? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

  • A. 200303028
  • B. 3600
  • C. 604800
  • D. 2400
  • E. 60
  • F. 4800

Answer: A

NEW QUESTION 2
Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

  • A. Overloading Port Address Translation
  • B. Dynamic Port Address Translation
  • C. Dynamic Network Address Translation
  • D. Static Network Address Translation

Answer: D

NEW QUESTION 3
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
A camera captures people walking and identifies the individuals using Steve’s approach.
After that, people must approximate their RFID badges. Both the identifications are required to open the door. In this case, we can say:

  • A. Although the approach has two phases, it actually implements just one authentication factor
  • B. The solution implements the two authentication factors: physical object and physical characteristic
  • C. The solution will have a high level of false positives
  • D. Biological motion cannot be used to identify people

Answer: B

NEW QUESTION 4
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

  • A. LDAP Injection attack
  • B. Cross-Site Scripting (XSS)
  • C. SQL injection attack
  • D. Cross-Site Request Forgery (CSRF)

Answer: B

NEW QUESTION 5
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

  • A. Public
  • B. Private
  • C. Shared
  • D. Root

Answer: B

NEW QUESTION 6
What is GINA?

  • A. Gateway Interface Network Application
  • B. GUI Installed Network Application CLASS
  • C. Global Internet National Authority (G-USA)
  • D. Graphical Identification and Authentication DLL

Answer: D

NEW QUESTION 7
You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

  • A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
  • B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
  • C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
  • D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Answer: C

NEW QUESTION 8
What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it’s made on the provider’s environment?

  • A. Behavioral based
  • B. Heuristics based
  • C. Honeypot based
  • D. Cloud based

Answer: D

NEW QUESTION 9
What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?

  • A. Man-in-the-middle attack
  • B. Meet-in-the-middle attack
  • C. Replay attack
  • D. Traffic analysis attack

Answer: B

NEW QUESTION 10
Which of the following is a component of a risk assessment?

  • A. Administrative safeguards
  • B. Physical security
  • C. DMZ
  • D. Logical interface

Answer: A

NEW QUESTION 11
A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

  • A. Attempts by attackers to access the user and password information stored in the company’s SQL database.
  • B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
  • C. Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.
  • D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.

Answer: B

NEW QUESTION 12
Windows LAN Manager (LM) hashes are known to be weak.
Which of the following are known weaknesses of LM? (Choose three.)

  • A. Converts passwords to uppercase.
  • B. Hashes are sent in clear text over the network.
  • C. Makes use of only 32-bit encryption.
  • D. Effective length is 7 characters.

Answer: ABD

NEW QUESTION 13
What is the main security service a cryptographic hash provides?

  • A. Integrity and ease of computation
  • B. Message authentication and collision resistance
  • C. Integrity and collision resistance
  • D. Integrity and computational in-feasibility

Answer: D

NEW QUESTION 14
In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

  • A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
  • B. A backdoor placed into a cryptographic algorithm by its creator.
  • C. Extraction of cryptographic secrets through coercion or torture.
  • D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Answer: C

NEW QUESTION 15
Why containers are less secure that virtual machines?

  • A. Host OS on containers has a larger surface attack.
  • B. Containers may full fill disk space of the host.
  • C. A compromise container may cause a CPU starvation of the host.
  • D. Containers are attached to the same virtual network.

Answer: A

NEW QUESTION 16
In the context of Windows Security, what is a 'null' user?

  • A. A user that has no skills
  • B. An account that has been suspended by the admin
  • C. A pseudo account that has no username and password
  • D. A pseudo account that was created for security administration purpose

Answer: C

NEW QUESTION 17
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?

  • A. OPPORTUNISTICTLS
  • B. UPGRADETLS
  • C. FORCETLS
  • D. STARTTLS

Answer: D

NEW QUESTION 18
What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it's made on the premiers environment

  • A. VCloud based
  • B. Honypot based
  • C. Behaviour based
  • D. Heuristics based

Answer: A

NEW QUESTION 19
Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp's requirements?

  • A. Gateway-based IDS
  • B. Network-based IDS
  • C. Host-based IDS
  • D. Open source-based

Answer: C

NEW QUESTION 20
Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

  • A. symmetric algorithms
  • B. asymmetric algorithms
  • C. hashing algorithms
  • D. integrity algorithms

Answer: C

NEW QUESTION 21
......

P.S. 2passeasy now are offering 100% pass ensure 312-50v11 dumps! All 312-50v11 exam questions have been updated with correct answers: https://www.2passeasy.com/dumps/312-50v11/ (254 New Questions)