Cause all that matters here is passing the EC-Council 312-50v9 exam. Cause all that you need is a high score of 312-50v9 EC-Council Certified Ethical Hacker v9 exam. The only one thing you need to do is downloading Actualtests 312-50v9 exam study guides now. We will not let you down with our money-back guarantee.
Q1. What does a firewall check to prevent particularports and applications from getting packets into an organizations?
A. Transport layer port numbers and application layer headers
B. Network layer headers and the session layer port numbers
C. Application layer port numbers and the transport layer headers
D. Presentation layer headers and the session layer port numbers
Answer: A
Q2. To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?
A. Bounding
B. Mutating
C. Puzzing
D. Randomizing
Answer: C
Q3. Which of the following is not a Bluetooth attack?
A. Bluejacking
B. Bluedriving
C. Bluesnarfing
D. Bluesmaking
Answer: B
Q4. The NMAP command above performs which of the following?
A. A ping scan
B. A trace sweep
C. An operating system detect
D. A port scan
Answer: A
Q5. It isan entity or event with the potential to adversely impact a system through unauthorized access destruction disclosures denial of service or modification of data.
Which of the following terms best matches this definition?
A. Threat
B. Attack
C. Risk
D. Vulnerability
Answer: A
Q6. While performing online banking using a web browser, a user receives an email that contains alink to an interesting Web site. When the user clicks on the link, another web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What web browser-based security vulnerability was exploited to compromise the user?
A. Cross-Site Request Forgery
B. Cross-Site Scripting
C. Web form input validation
D. Clickjacking
Answer: A
Q7. PGP, SSL, and IKE are all examples of which type of cryptography?
A. Hash Algorithm
B. Secret Key
C. Public Key
D. Digest
Answer:: C
Q8. The purpose of a is to deny network access to local area networks and other information assets by unauthorized wireless devices.
A. Wireless Access Point
B. Wireless Analyzer
C. Wireless Access Control list
D. Wireless Intrusion Prevention System
Answer: D
Q9. The configuration allows a wired or wireless network interface controller to pass all trafice it receives to thecentral processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?
A. WEM
B. Multi-cast mode
C. Promiscuous mode
D. Port forwarding
Answer: B
Q10. It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up windows, webpage,or email warning from what looks like an officialauthority. It explains your computer has been locked because of possible illegal activities and demands payment before you can access your files and programs again.
Which term best matches this definition?
A. Spyware
B. Adware
C. Ransomware
D. Riskware
Answer: C
Q11. Perspective clients wantto see sample reports from previous penetration tests. What should you do next?
A. Share full reports, not redacted.
B. Share full reports, with redacted.
C. Decline but, provide references.
D. Share reports, after NDA is signed.
Answer: B
Q12. When you return to your desk after a lunch break, you notice a strange email in your inbox. The senders is someone you did business with recently but the subject line has strange characters in it.
What should you do?
A. Forward the message to your company’s security response team and permanently delete the message from your computer.
B. Delete the email and pretend nothing happened.
C. Forward the message to your supervisor andask for her opinion on how to handle the situation.
D. Reply to the sender and ask them for more information about the message contents.
Answer: A
Q13. Which of the following is the BEST way to defend against network sniffing?
A. Using encryption protocols to secure network communications
B. Restrict Physical Access to Server Rooms hosting Critical Servers
C. Use Static IP Address
D. Register all machines MAC Address in a centralized Database
Answer: A
Q14. You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?
A. c:\services.msc
B. c:\ncpa.cp
C. c:\compmgmt.msc
D. c:\gpedit
Answer: C
Q15. An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, digital Subscriber Line (DSL), wireless data services, and virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is most likely able to handle this requirement?
A. DIAMETER
B. Kerberos
C. RADIUS
A. D. TACACS+
Answer: D
Q16. An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?
A. Insufficient security management
B. Insufficient database hardening
C. Insufficient exception handling
D. Insufficient input validation
Answer: D
Q17. You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System.
What is the best approach?
A. Install and use Telnet to encrypt all outgoing traffic from this server.
B. Install Cryptcat and encrypt outgoing packets from this server
C. Use Alternate Data Streams to hide the outgoing packets from this server.
D. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
Answer: A
Q18. Which of the following isthe greatest threat posed by backups?
A. An un-encrypted backup can be misplaced or stolen
B. A back is incomplete because no verification was performed.
C. A backup is the source of Malware or illicit information.
D. A backup is unavailable duringdisaster recovery.
Answer: A
Q19. The “Gray box testing” methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. Only the internal operation of a system is known to the tester.
C. The internal operation of a system is completely known to the tester.
D. The internal operation of a system is only partly accessible to the tester.
Answer: D
Q20. Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.
II – There are no distinctions between uppercase and lowercase.
III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.
A. I
B. I and II
C. II
D. I, II and III
Answer: D
Q21. You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System (NIDS).
Which is the best way to evade the NIDS?
A. Out of band signaling
B. Encryption
C. Alternate Data Streams
D. Protocol Isolation
Answer: B