Eccouncil 312-50v11 practice test

Certified Ethical Hacker V11 Exam

Last exam update: May 13 ,2024
Page 1 out of 35. Viewing questions 1-15 out of 528

Question 1

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as
much information as possible. Using this technique, he gathers domain information such as the
target domain name, contact details of its owner, expiry date, and creation date. With this
information, he creates a map of the organization's network and misleads domain owners with social
engineering to obtain internal details of its network. What type of footprinting technique is
employed by Richard?

  • A. VPN footprinting
  • B. Email footprinting
  • C. VoIP footprinting
  • D. Whois footprinting
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
Mayuri
2 months, 4 weeks ago

Whois footprinting


Question 2

George, an employee of an organization, is attempting to access restricted websites from an official
computer. For this purpose, he used an anonymizer that masked his real IP address and ensured
complete and continuous anonymity for all his online activities. Which of the following anonymizers
helps George hide his activities?
A.
https://www.baidu.com
B.
https://www.guardster.com
C.
https://www.wolframalpha.com
D.
https://karmadecay.com

Answer:

B

User Votes:

Discussions
vote your answer:
0 / 1000

Question 3

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital
firm. He used an information-gathering tool to collect information about the loT devices connected
to a network, open ports and services, and the attack surface are
a. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool
helped Lewis continually monitor every reachable server and device on the Internet, further allowing
him to exploit these devices in the network. Which of the following tools was employed by Lewis in
the above scenario?

  • A. Censys
  • B. Wapiti
  • C. NeuVector
  • D. Lacework
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Censys scans help the scientific community accurately study the Internet. The data is sometimes
used to detect security problems and to inform operators of vulnerable systems so that they can
fixed

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Your organization has signed an agreement with a web hosting provider that requires you to take full
responsibility of the maintenance of the cloud-based resources. Which of the following models
covers this?

  • A. Platform as a service
  • B. Software as a service
  • C. Functions as a
  • D. service Infrastructure as a service
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following types of SQL injection attacks extends the results returned by the original
query, enabling attackers to run two or more statements if they have the same structure as the
original one?

  • A. Error-based injection
  • B. Boolean-based blind SQL injection
  • C. Blind SQL injection
  • D. Union SQL injection
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What is the following command used for?
sqlmap.py-u ,,
http://10.10.1.20/?p=1&forumaction=search
" -dbs

  • A. Creating backdoors using SQL injection
  • B. A Enumerating the databases in the DBMS for the URL
  • C. Retrieving SQL statements being executed on the database
  • D. Searching database statements at the IP address given
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which type of attack attempts to overflow the content-addressable memory (CAM) table in an
Ethernet switch?

  • A. Evil twin attack
  • B. DNS cache flooding
  • C. MAC flooding
  • D. DDoS attack
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

CyberTech Inc. recently experienced SQL injection attacks on its official website. The company
appointed Bob, a security professional, to build and incorporate defensive strategies against such
attacks. Bob adopted a practice whereby only a list of entities such as the data type, range, size, and
value, which have been approved for secured access, is accepted. What is the defensive technique
employed by Bob in the above scenario?

  • A. Output encoding
  • B. Enforce least privileges
  • C. Whitelist validation
  • D. Blacklist validation
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the
underlying infrastructure and stimulating communication via well-defined channels. For this
purpose, he used an open-source technology that helped him in developing, packaging, and running
applications; further, the technology provides PaaS through OS-level visualization, delivers
containerized software packages, and promotes fast software delivery. What is the cloud technology
employed by Alex in the above scenario?

  • A. Virtual machine
  • B. Serverless computing
  • C. Docker
  • D. Zero trust network
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with
their service and wanted to move to another CSP.
What part of the contract might prevent him from doing so?

  • A. Virtualization
  • B. Lock-in
  • C. Lock-down
  • D. Lock-up
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's
network infrastructure to identify security loopholes. In this process, he started to circumvent the
network protection tools and firewalls used in the company. He employed a technique that can
create forged TCP sessions by carrying out multiple SYN, ACK, and RST or FIN packets. Further, this
process allowed Jude to execute DDoS attacks that can exhaust the network resources. What is the
attack technique used by Jude for finding loopholes in the above scenario?

  • A. UDP flood attack
  • B. Ping-of-death attack
  • C. Spoofed session flood attack
  • D. Peer-to-peer attack
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which among the following is the best example of the hacking concept called "clearing tracks"?

  • A. After a system is breached, a hacker creates a backdoor to allow re-entry into a system.
  • B. During a cyberattack, a hacker injects a rootkit into a server.
  • C. An attacker gains access to a server through an exploitable vulnerability.
  • D. During a cyberattack, a hacker corrupts the event logs on all machines.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a
web application to secure email messages. Sam used an encryption software, which is a free
implementation of the OpenPGP standard that uses both symmetric-key cryptography and
asymmetric-key cryptography for improved speed and secure key exchange. What is the encryption
software employed by Sam for securing the email messages?

  • A. PGP
  • B. S/MIME
  • C. SMTP
  • D. GPG
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker,
gathers a list of employee and client email addresses and other related information by using various
search engines, social networking sites, and web spidering tools. In this process, she also uses an
automated tool to gather a list of words from the target website to further perform a brute-force
attack on the previously gathered email addresses.
What is the tool used by Hailey for gathering a list of words from the target website?

  • A. Shadowsocks
  • B. CeWL
  • C. Psiphon
  • D. Orbot
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's
systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails
embedded with malicious links that seem to be legitimate. When a victim employee clicks on the
link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit.
What is the technique used byjack to launch the fileless malware on the target systems?

  • A. In-memory exploits
  • B. Phishing
  • C. Legitimate applications
  • D. Script-based injection
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2