2024 Valid 312-50v12 Real Exam Questions (Updated) 100% Dumps & Practice Exam
[UPDATED 2024] ECCouncil 312-50v12 Questions Prepare with Free Demo of PDF
The CEH certification is highly valued in the IT industry and is recognized globally as a benchmark in the field of cybersecurity. Certified Ethical Hacker Exam certification is ideal for IT professionals who want to advance their careers in the field of cybersecurity and demonstrate their expertise in ethical hacking and network security. Certified Ethical Hacker Exam certification is also highly valued by employers who are looking to protect their organizations from cyber threats.
NEW QUESTION # 69
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing dat a. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?
- A. SOAP API
- B. JSON-RPC
- C. REST API
- D. RESTful API
Answer: D
Explanation:
*REST is not a specification, tool, or framework, but instead is an architectural style for web services that serves as a communication medium between various systems on the web. *RESTful APIs, which are also known as RESTful services, are designed using REST principles and HTTP communication protocols RESTful is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE RESTful API: RESTful API is a RESTful service that is designed using REST principles and HTTP communication protocols. RESTful is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE. RESTful API is also designed to make applications independent to improve the overall performance, visibility, scalability, reliability, and portability of an application. APIs with the following features can be referred to as to RESTful APIs: o Stateless: The client end stores the state of the session; the server is restricted to save data during the request processing o Cacheable: The client should save responses (representations) in the cache. This feature can enhance API performance pg. 1920 CEHv11 manual.
https://cloud.google.com/files/apigee/apigee-web-api-design-the-missing-link-ebook.pdf The HTTP methods GET, POST, PUT or PATCH, and DELETE can be used with these templates to read, create, update, and delete description resources for dogs and their owners. This API style has become popular for many reasons. It is straightforward and intuitive, and learning this pattern is similar to learning a programming language API. APIs like this one are commonly called RESTful APIs, although they do not display all of the characteristics that define REST (more on REST later).
NEW QUESTION # 70
When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?
- A. Capturing a network traffic for further analysis
- B. Modifying and replaying captured network traffic
- C. Collecting unencrypted information about usernames and passwords
- D. Identifying operating systems, services, protocols and devices
Answer: B
NEW QUESTION # 71
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?
- A. Mutating
- B. Fuzzing
- C. Randomizing
- D. Bounding
Answer: B
NEW QUESTION # 72
In a large organization, a network security analyst discovered a series of packet captures that seem unusual.
The network operates on a switched Ethernet environment. The security team suspects that an attacker might be using a sniffer tool. Which technique could the attacker be using to successfully carry out this attack, considering the switched nature of the network?
- A. The attacker might be compromising physical security to plug into the network directly
- B. The attacker might be implementing MAC flooding to overwhelm the switch's memory
- C. The attacker might be using passive sniffing, as it provides significant stealth advantages
- D. The attacker is probably using a Trojan horse with in-built sniffing capability
Answer: B
Explanation:
A sniffer tool is a software or hardware device that can capture and analyze network traffic. In a switched Ethernet environment, where each port on a switch is connected to a single device, a sniffer tool can only see the traffic that is destined for or originated from the device it is attached to. However, an attacker can use various techniques to overcome this limitation and sniff the traffic of other devices on the same network. One of these techniques is MAC flooding, which exploits the finite memory of the switch's MAC address table.
The attacker sends a large number of frames with different source MAC addresses to the switch, which fills up the MAC address table and causes the switch to enter a fail-open mode, where it broadcasts all incoming frames to all ports, regardless of the destination MAC address. This way, the attacker can see all the traffic on the network and capture it with a sniffer tool.
The other options are less likely or less effective techniques for sniffing a switched Ethernet network.
Compromising physical security to plug into the network directly may allow the attacker to sniff the traffic of the device they are connected to, but not the traffic of other devices on the network. Using a Trojan horse with in-built sniffing capability may allow the attacker to sniff the traffic of the infected device, but not the traffic of other devices on the network, unless the Trojan horse also performs MAC flooding or other techniques to bypass the switch. Using passive sniffing, which involves listening to the network traffic without sending any packets, may provide significant stealth advantages, but it does not help the attacker to see the traffic of other devices on the network, unless the switch is already in fail-open mode or the attacker uses other techniques to induce it. References:
* Sniffing: A Beginners Guide In 4 Important Points
* How can I run a packet sniffer on a Router or Switch
* Detection of Sniffers in an Ethernet Network
NEW QUESTION # 73
Which is the first step followed by Vulnerability Scanners for scanning a network?
- A. TCP/UDP Port scanning
- B. OS Detection
- C. Firewall detection
- D. Checking if the remote host is alive
Answer: D
Explanation:
Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:
1. Locating nodes: The first step in vulnerability scanning is to locate live hosts in the target network using various scanning techniques.
2. Performing service and OS discovery on them: After detecting the live hosts in the target network, the next step is to enumerate the open ports and services and the operating system on the target systems.
3. Testing those services and OS for known vulnerabilities: Finally, after identifying the open services and the operating system running on the target nodes, they are tested for known vulnerabilities.
NEW QUESTION # 74
During a red team engagement, an ethical hacker is tasked with testing the security measures of an organization's wireless network. The hacker needs to select an appropriate tool to carry out a session hijacking attack. Which of the following tools should the hacker use to effectively perform session hijacking and subsequent security analysis, given that the target wireless network has the Wi-Fi Protected Access-preshared key (WPA-PSK) security protocol in place?
- A. bettercap
- B. Hetty
- C. FaceNiff
- D. Droidsheep
Answer: A
Explanation:
bettercap is a tool that can perform session hijacking attacks on wireless networks, among other network security and penetration testing tasks. bettercap can capture and manipulate network traffic, perform man-in-the-middle attacks, spoof and sniff protocols, inject custom payloads, and more1.
bettercap can perform session hijacking attacks on wireless networks that use the WPA-PSK security protocol by exploiting the four-way handshake process that occurs when a client connects to a wireless access point.
The four-way handshake is used to establish a shared encryption key between the client and the access point, based on the pre-shared key (PSK) that is configured on both devices. However, the four-way handshake also exposes some information that can be used to crack the PSK offline, such as the nonce values, the MAC addresses, and the message integrity code (MIC) of the packets2.
bettercap can capture the four-way handshake packets using its Wi-Fi module and save them in a file. The file can then be fed to a tool like Hashcat or Aircrack-ng to crack the PSK using brute force or dictionary attacks. Once the PSK is obtained, bettercap can use it to decrypt the wireless traffic and perform session hijacking attacks on the clients connected to the access point3.
Therefore, bettercap is an appropriate tool to carry out a session hijacking attack on a wireless network that uses the WPA-PSK security protocol.
References:
* bettercap: the Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks
* How the WPA2 Enterprise Wireless Security Protocol Works
* Cracking WPA/WPA2 Passwords with Bettercap and Hashcat
NEW QUESTION # 75
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
What seems to be wrong?
- A. OS Scan requires root privileges.
- B. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
- C. This is a common behavior for a corrupted nmap application.
- D. The nmap syntax is wrong.
Answer: A
NEW QUESTION # 76
John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which of the following actions should John take to overcome this problem with the least administrative effort?
- A. Increase his technical skills.
- B. Select someone else to check the procedures.
- C. Create an incident checklist.
- D. Read the incident manual every time it occurs.
Answer: A
NEW QUESTION # 77
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have time to find the passwords that correspond to these hashes. Which type of attack can she implement in order to continue?
- A. Pass the ticket
- B. LLMNR/NBT-NS poisoning
- C. Internal monologue attack
- D. Pass the hash
Answer: D
NEW QUESTION # 78
Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to a vulnerability in the developed web application as this feature accepts remote user inputs and uses them on the page. Hackers can exploit this feature and pass malicious SSI directives as input values to perform malicious activities such as modifying and erasing server files. What is the type of injection attack Calvin's web application is susceptible to?
- A. Server-side JS injection
- B. CRLF injection
- C. Server-side template injection
- D. Server-side includes injection
Answer: D
NEW QUESTION # 79
SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?
- A. Out-of-band SQLI
- B. Time-based blind SQLI
- C. Union-based SQLI
- D. ln-band SQLI
Answer: A
Explanation:
Out-of-band SQL injection occurs when an attacker is unable to use an equivalent channel to launch the attack and gather results. ... Out-of-band SQLi techniques would believe the database server's ability to form DNS or HTTP requests to deliver data to an attacker. Out-of-band SQL injection is not very common, mostly because it depends on features being enabled on the database server being used by the web application.
Out-of-band SQL injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.
Out-of-band techniques, offer an attacker an alternative to inferential time-based techniques, especially if the server responses are not very stable (making an inferential time-based attack unreliable).
Out-of-band SQLi techniques would rely on the database server's ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server's xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database's UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.
NEW QUESTION # 80
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?
TCP port 21 no response
TCP port 22 no response
TCP port 23 Time-to-live exceeded
- A. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall
- B. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
- C. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
- D. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host
Answer: A
NEW QUESTION # 81
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP.
What part of the contract might prevent him from doing so?
- A. Lock-in
- B. Virtualization
- C. Lock-up
- D. Lock-down
Answer: A
NEW QUESTION # 82
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?
- A. Information Security Policy (ISP)
- B. Company Compliance Policy (CCP)
- C. Information Audit Policy (IAP)
- D. Penetration Testing Policy (PTP)
Answer: A
NEW QUESTION # 83
How can rainbow tables be defeated?
- A. All uppercase character passwords
- B. Lockout accounts under brute force password cracking attempts
- C. Password salting
- D. Use of non-dictionary words
Answer: C
Explanation:
https://en.wikipedia.org/wiki/Salt_(cryptography)
A salt is random data that is used as an additional input to a one-way function that hashes data, a password, or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards were developed to protect a user's password against being read from the system. A salt is one of those methods.
A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the output hash value (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised.
Salts defend against a pre-computed hash attack, e.g. rainbow tables. Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.
NEW QUESTION # 84
In Trojan terminology, what is a covert channel?
- A. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections
- B. A channel that transfers information within a computer system or network in a way that violates the security policy
- C. A legitimate communication path within a computer system or network for transfer of data
- D. It is a kernel operation that hides boot processes and services to mask detection
Answer: B
NEW QUESTION # 85
If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?
- A. Common
- B. Civil
- C. Criminal
- D. International
Answer: B
NEW QUESTION # 86
An Internet Service Provider (ISP) has a need to authenticate users connecting via analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network.
Which AAA protocol is the most likely able to handle this requirement?
- A. RADIUS
- B. TACACS+
- C. DIAMETER
- D. Kerberos
Answer: A
Explanation:
https://en.wikipedia.org/wiki/RADIUS
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service.
RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP. Network access servers, which control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. RADIUS is often the back-end of choice for 802.1X authentication.
A RADIUS server is usually a background process running on UNIX or Microsoft Windows.
Authentication and authorization
The user or machine sends a request to a Network Access Server (NAS) to gain access to a particular network resource using access credentials. The credentials are passed to the NAS device via the link-layer protocol-for example, Point-to-Point Protocol (PPP) in the case of many dialup or DSL providers or posted in an HTTPS secure web form.
In turn, the NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization to grant access via the RADIUS protocol.
This request includes access credentials, typically in the form of username and password or security certificate provided by the user. Additionally, the request may contain other information which the NAS knows about the user, such as its network address or phone number, and information regarding the user's physical point of attachment to the NAS.
The RADIUS server checks that the information is correct using authentication schemes such as PAP, CHAP or EAP. The user's proof of identification is verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status, and specific network service access privileges. Historically, RADIUS servers checked the user's information against a locally stored flat-file database. Modern RADIUS servers can do this or can refer to external sources-commonly SQL, Kerberos, LDAP, or Active Directory servers-to verify the user's credentials.
Shape Description automatically generated with medium confidence
The RADIUS server then returns one of three responses to the NAS:
1) Access-Reject,
2) Access-Challenge,
3) Access-Accept.
Access-Reject
The user is unconditionally denied access to all requested network resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account.
Access-Challenge
Requests additional information from the user such as a secondary password, PIN, token, or card.
Access-Challenge is also used in more complex authentication dialogs where a secure tunnel is established between the user machine and the Radius Server in a way that the access credentials are hidden from the NAS.
Access-Accept
The user is granted access. Once the user is authenticated, the RADIUS server will often check that the user is authorized to use the network service requested. A given user may be allowed to use a company's wireless network, but not its VPN service, for example. Again, this information may be stored locally on the RADIUS server or may be looked up in an external source such as LDAP or Active Directory.
NEW QUESTION # 87
Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by johnson in the above scenario?
- A. Host-based assessment
- B. Wireless network assessment
- C. Distributed assessment
- D. Application assessment
Answer: B
Explanation:
Wireless network assessment determines the vulnerabilities in an organization's wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use weak and outdated security mechanisms and are open to attack.
Wireless network assessments try to attack wireless authentication mechanisms and gain unauthorized access.
This type of assessment tests wireless networks and identifies rogue networks that may exist within an organization's perimeter. These assessments audit client-specified sites with a wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access if they gain access to the wireless network.
NEW QUESTION # 88
Consider the following Nmap output:
what command-line parameter could you use to determine the type and version number of the web server?
- A. -sv
- B. -ss
- C. -Pn
- D. -V
Answer: A
NEW QUESTION # 89
Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to implant malicious backdoors in its firmware. He also identified that an installed backdoor can persist even if the server is reallocated to new clients or businesses that use it as an laaS.
What is the type of cloud attack that can be performed by exploiting the vulnerability discussed in the above scenario?
- A. Metadata spoofing attack
- B. Man-in-the-cloud (MITC) attack
- C. Cloudborne attack
- D. Cloud cryptojacking
Answer: C
NEW QUESTION # 90
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections. Which of the following attack techniques is used by Stella to compromise the web services?
- A. WS-Address spoofing
- B. XML injection
- C. SOAPAction spoofing
- D. Web services parsing attacks
Answer: A
Explanation:
WS-Address provides additional routing information in the SOAP header to support asynchronous communication. This technique allows the transmission of web service requests and response messages using different TCP connections
https://www.google.com/search?client=firefox-b-d&q=WS-Address+spoofing
CEH V11 Module 14 Page 1896
NEW QUESTION # 91
Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered. John decided to perform a TCP SYN ping scan on the target network. Which of the following Nmap commands must John use to perform the TCP SYN ping scan?
- A. nmap -sn -PO < target IP address >
- B. nmap -sn -PA < target IP address >
- C. nmap -sn -PS < target IP address >
- D. nmap -sn -pp < target ip address >
Answer: C
Explanation:
https://hub.packtpub.com/discovering-network-hosts-with-tcp-syn-and-tcp-ack-ping-scans-in-nmaptutorial/
NEW QUESTION # 92
......
312-50v12 Deluxe Study Guide with Online Test Engine: https://www.itexamsimulator.com/312-50v12-brain-dumps.html
NEW 2024 Certification Sample Questions 312-50v12 Dumps & Practice Exam: https://drive.google.com/open?id=17vxQjB7E9uxPdjIeUis6O0317FDOrCOh

