Get Real Eccouncil 312-50v8 Dumps Questions and Answers | Realexandumps.com

312-50v8 Exam Sample Questions

Question No : 1

Passive reconnaissance involves collecting information through which of the following?

A. Social engineering
B. Network traffic sniffing
C. Man in the middle attacks
D. Publicly accessible sources

Answer: D

Question No : 2

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A. white box

B. grey box

C. red box

D. black box

Answer: D

Question No : 3

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

A. The request to the web server is not visible to the administrator of the vulnerable application.

B. The attack is called “Blind” because, although the application properly filters user input,it is still vulnerable to code injection.

C. The successful attack does not show an error message to the administrator of the affected application.

D. The vulnerable application does not display errors with information about the injection results to the attacker.

Answer: D

Get Real Eccouncil 312-50v8 Exam Dumps Q&A | 312-50v8 Question Answers Dumps Realexamdumps.com

Question No : 4

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

A. Injecting parameters into a connection string using semicolons as a separator

B. Inserting malicious Javascript code into input parameters

C. Setting a user's session identifier (SID) to an explicit known value

D. Adding multiple parameters with the same name in HTTP requests

Answer: A

Question No : 5

Which tool can be used to silently copy files from USB devices?

A. USB Grabber

B. USB Dumper

C. USB Sniffer

D. USB Snoopy

Answer: B

Question No : 6

What is the best defense against privilege escalation vulnerability?

A. Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B. Run administrator and applications on least privileges and use a content registry for tracking.

C. Run services with least privileged accounts and implement multi-factor authentication and authorization.

D. Review user roles and administrator privileges for maximum utilization of automation services.

Answer: C

Question No : 7

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

A. The gateway is not routing to a public IP address.

B. The computer is using an invalid IP address.

C. The gateway and the computer are not on the same network.

D. The computer is not using a private IP address.

Answer: A

Eccouncil 312-50v8 Dumps - 312-50v8 Dumps Questions and Answers - Realexamdumps.com

Question No : 8

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof

so she can take him to court. What is the ethical response?

A. Say no; the friend is not the owner of the account.

B. Say yes; the friend needs help to gather evidence.

C. Say yes; do the job for free.

D. Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Answer: A

Question No : 9

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

A. Use cryptographic storage to store all PII

B. Use encrypted communications protocols to transmit PII

C. Use full disk encryption on all hard drives to protect PII

D. Use a security token to log into all Web applications that use PII

Answer: A

Question No : 10

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

A. Insufficient input validation

B. Insufficient exception handling

C. Insufficient database hardening

D. Insufficient security management

Answer: A

Pass Eccouncil 312-50v8 Exam In First Attempt | 312-50v8 Exam Questions Dumps