Exam Code: 312-50v8 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Certified Ethical Hacker v8
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50v8 Exam.
2021 Feb 312-50v8 exam cost:
Q511. A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?
A. Issue the pivot exploit and set the meterpreter.
B. Reconfigure the network settings in the meterpreter.
C. Set the payload to propagate through the meterpreter.
D. Create a route statement in the meterpreter.
Answer: D
Q512. Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program. However, he is aware that not all inbound ports on the firewall are in the open state.
From the list given below, identify the port that is most likely to be open and allowed to reach the server that Carl has just compromised.
A. 53
B. 110
C. 25
D. 69
Answer: A
Q513. Global deployment of RFC 2827 would help mitigate what classification of attack?
A. Sniffing attack
B. Denial of service attack
C. Spoofing attack
D. Reconnaissance attack
E. Prot Scan attack
Answer: C
Q514. How can rainbow tables be defeated?
A. Password salting
B. Use of.non-dictionary words
C. All uppercase character passwords
D. Lockout accounts under brute force password cracking attempts
Answer: A
Q515. Which of the following is the best way an attacker can passively learn about technologies used in an organization?
A. By sending web bugs to key personnel
B. By webcrawling the organization web site
C. By searching regional newspapers and job databases for skill sets technology hires need to possess in the organization
D. By performing a port scan on the organization's web site
Answer: C
Leading 312-50v8 questions:
Q516. Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?
A. Port 1890 (Net-Devil Trojan)
B. Port 1786 (Net-Devil Trojan)
C. Port 1909 (Net-Devil Trojan)
D. Port 6667 (Net-Devil Trojan)
Answer: D
Q517. Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:
SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'
What will the SQL statement accomplish?
A. If the page is susceptible to SQL injection,it will look in the Users table for usernames of admin
B. This statement will look for users with the name of admin,blank passwords,and email addresses that end in @testers.com
C. This Select SQL statement will log James in if there are any users with NULL passwords
D. James will be able to see if there are any default user accounts in the SQL database
Answer: B
Q518. When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
A. At least once a year and after any significant upgrade or modification
B. At least once every three years or after any significant upgrade or modification
C. At least.twice a year or after any significant upgrade or modification
D. At least once.every.two.years and after any significant upgrade or modification
Answer: A
Q519. Which is the right sequence of packets sent during the initial TCP three way handshake?
A. FIN,FIN-ACK,ACK
B. SYN,URG,ACK
C. SYN,ACK,SYN-ACK
D. SYN,SYN-ACK,ACK
Answer: D
Q520. One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?
Select the best answers.
A. John the Ripper can be used to crack a variety of passwords,but one limitation is that the output doesn't show if the password is upper or lower case.
B. BY using NTLMV1,you have implemented an effective countermeasure to password cracking.
C. SYSKEY is an effective countermeasure.
D. If a Windows LM password is 7 characters or less,the hash will be passed with the following characters,in HEX- 00112233445566778899.
E. Enforcing Windows complex passwords is an effective countermeasure.
Answer: ACE
see more 312-50v8 dumps
