最新的ECCouncil 312-50v12免費考試真題

問題1

Being a Certified Ethical Hacker (CEH), a company has brought you on board to evaluate the safety measures in place for their network system. The company uses a network time protocol server in the demilitarized zone.
During your enumeration, you decide to run a ntptrace command. Given the syntax: ntptrace [-n] [-m maxhosts] [servername/IP_address], which command usage would best serve your objective to find where the NTP server obtains the time from and to trace the list of NTP servers connected to the network?

A. ntptrace -n -m 5 192.168.1.1

B. ntptrace -n localhost

C. ntptrace -m 5 192.168.1.1

D. tptrace 192.1681.

正確答案: A

說明：（僅 Fast2test 成員可見）

問題2

An attacker scans a host with the below command. Which three flags are set?
# nmap -sX host.domain.com

A. This is Xmas scan. URG, PUSH and FIN are set.

B. This is Xmas scan. SYN and ACK flags are set.

C. This is ACK scan. ACK flag is set.

D. This is SYN scan. SYN flag is set.

正確答案: A

問題3

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A. IETF

B. IANA

C. WHOIS

D. CAPTCHA

正確答案: C

問題4

Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the following models covers this?

A. Software as a service

B. service Infrastructure as a service

C. Platform as a service

D. Functions as a

正確答案: D

問題5

What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability?

A. SYN Flood

B. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

C. Manipulate format strings in text fields

D. SSH

正確答案: B

問題6

Which regulation defines security and privacy controls for Federal information systems and organizations?

A. PCI-DSS

B. HIPAA

C. EU Safe Harbor

D. NIST-800-53

正確答案: D

說明：（僅 Fast2test 成員可見）

問題7

Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to a normal computer and the response of a honeypot to a manual SYN request. Which of the following techniques is employed by Dayn to detect honeypots?

A. Detecting the presence of Snort_inline honeypots

B. Detecting the presence of Sebek-based honeypots

C. Detecting the presence of Honeyd honeypots

D. Detecting honeypots running on VMware

正確答案: A

問題8

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - 192.168.8.0/24. What command you would use?

A. wireshark --fetch ''192.168.8*''

B. sudo tshark -f''net 192 .68.8.0/24''

C. wireshark --capture --local masked 192.168.8.0 ---range 24

D. tshark -net 192.255.255.255 mask 192.168.8.0

正確答案: B

問題9

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

A. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

B. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

C. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

D. Package the Sales.xls using Trojan wrappers and telnet them back your home computer

正確答案: A

問題10

Which Nmap switch helps evade IDS or firewalls?

A. -D

B. -T

C. -n/-R

D. -0N/-0X/-0G

正確答案: B

問題11

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place.
He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

A. Passwords are always best obtained using Hardware key loggers.

B. Hardware and Software Keyloggers.

C. Software only, they are the most effective.

D. Hardware, Software, and Sniffing.

正確答案: D

問題12

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

A. Gobbler

B. BetterCAP

C. KDerpNSpoof

D. Wireshark

正確答案: B

問題13

During the process of encryption and decryption, what keys are shared?

A. User passwords

B. Public keys

C. Public and private keys

D. Private keys

正確答案: B

說明：（僅 Fast2test 成員可見）

問題14

George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this process, he used a short-range communication protocol based on the IEEE 203.15.4 standard. This protocol is used in devices that transfer data infrequently at a low rate in a restricted area, within a range of 10-100 m. What is the short-range wireless communication technology George employed in the above scenario?

A. NB-IoT

B. Zigbee

C. MQTT

D. LPWAN

正確答案: B

說明：（僅 Fast2test 成員可見）

最新的ECCouncil Certified Ethical Hacker - 312-50v12免費考試真題

聯系我們

站內鏈接

最新更新