Tens of thousands of competitors, pages of hard questions and unsatisfied exam preparation situations… Do not worried about all those annoying things! We, help you with your CEH v11 312-50V11 Certified Ethical Hacker v11 Exam exam. We will assist you clear the 312-50V11 exam with CEH v11 312-50V11 practice tests. We 312-50V11 pdf are the most comprehensive ones.

Download more 312-50V11 exam questions and answers on:https://www.pass4true.com/312-50v11.html (528 QAs Dumps)
Question 1:

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.

B. A backdoor placed into a cryptographic algorithm by its creator.

C. Extraction of cryptographic secrets through coercion or torture.

D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Correct Answer: C

Question 2:

When considering how an attacker may exploit a web server, what is web server footprinting?

A. When an attacker implements a vulnerability scanner to identify weaknesses

B. When an attacker creates a complete profile of the site\’s external links and file structures

C. When an attacker gathers system-level data, including account details and server names

D. When an attacker uses a brute-force attack to crack a web-server password

Correct Answer: B

Question 3:

When configuring wireless on his home router, Javik disables SSID broadcast. He leaves authentication “open” but sets the SSID to a 32-character string of random letters and numbers.

What is an accurate assessment of this scenario from a security perspective?

A. Since the SSID is required in order to connect, the 32-character string is sufficient to prevent brute-force attacks.

B. Disabling SSID broadcast prevents 802.11 beacons from being transmitted from the access point, resulting in a valid setup leveraging “security through obscurity”.

C. It is still possible for a hacker to connect to the network after sniffing the SSID from a successful wireless association.

D. Javik\’s router is still vulnerable to wireless hacking attempts because the SSID broadcast setting can be enabled using a specially crafted packet sent to the hardware address of the access point.

Correct Answer: C

Question 4:

what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?

A. httpd.conf

B. administration.config

C. idq.dll

D. php.ini

Correct Answer: D

The php.ini file may be a special file for PHP. it\’s where you declare changes to your PHP settings. The server is already configured with standard settings for PHP, which your site will use by default. Unless you would like to vary one or more settings, there\’s no got to create or modify a php.ini file. If you\’d wish to make any changes to settings, please do so through the MultiPHP INI Editor.

Question 5:

What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?

A. Vulnerability hunting program

B. Bug bounty program

C. White-hat hacking program

D. Ethical hacking program

Correct Answer: B

Bug bounty programs allow independent security researchers to report bugs to an companies and receive rewards or compensation. These bugs area unit sometimes security exploits and vulnerabilities, although they will additionally embody method problems, hardware flaws, and so on. The reports area unit usually created through a program travel by associate degree freelance third party (like Bugcrowd or HackerOne). The companies can got wind of (and run) a program curated to the organization\’s wants. Programs is also non-public (invite-only) wherever reports area unit unbroken confidential to the organization or public (where anyone will sign in and join). they will happen over a collection timeframe or with without stopping date (though the second possibility is a lot of common). Who uses bug bounty programs?Many major organizations use bug bounties as an area of their security program, together with AOL, Android, Apple, Digital Ocean, and goldman Sachs. you\’ll read an inventory of all the programs offered by major bug bounty suppliers, Bugcrowd and HackerOne, at these links. Why do corporations use bug bounty programs?Bug bounty programs provide corporations the flexibility to harness an outsized cluster of hackers so as to seek out bugs in their code. This gives them access to a bigger variety of hackers or testers than they\’d be able to access on a one-on-one basis. It {can also|also will|can even|may also|may} increase the probabilities that bugs area unit found and reported to them before malicious hackers can exploit them. It may also be an honest publicity alternative for a firm. As bug bounties became a lot of common, having a bug bounty program will signal to the general public and even regulators that a corporation incorporates a mature security program. This trend is likely to continue, as some have began to see bug bounty programs as an business normal that all companies ought to invest in. Why do researchers and hackers participate in bug bounty programs?Finding and news bugs via a bug bounty program may end up in each money bonuses and recognition. In some cases, it will be a good thanks to show real-world expertise once you are looking for employment, or will even facilitate introduce you to parents on the protection team within an companies. This can be full time income for a few of us, income to supplement employment, or the way to point out off your skills and find a full time job. It may also be fun! it is a nice (legal) probability to check out your skills against huge companies and government agencies. What area unit the disadvantages of a bug bounty program for independent researchers and hackers?A lot of hackers participate in these varieties of programs, and it will be tough to form a major quantity of cash on the platform. In order to say the reward, the hacker has to be the primary person to submit the bug to the program. meaning that in apply, you may pay weeks searching for a bug to use, solely to be the person to report it and build no cash. Roughly ninety seven of participants on major bug bounty platforms haven\’t sold-out a bug. In fact, a 2019 report from HackerOne confirmed that out of quite three hundred,000 registered users, solely around two.5% received a bounty in their time on the platform. Essentially, most hackers are not creating a lot of cash on these platforms, and really few square measure creating enough to switch a full time wage (plus they do not have advantages like vacation days, insurance, and retirement planning). What square measure the disadvantages of bug bounty programs for organizations?These programs square measure solely helpful if the program ends up in the companies realizeing issues that they weren\’t able to find themselves (and if they\’ll fix those problems)! If the companies is not mature enough to be able to quickly rectify known problems, a bug bounty program is not the right alternative for his or her companies. Also, any bug bounty program is probably going to draw in an outsized range of submissions, several of which can not be high-quality submissions. a corporation must be ready to cope with the exaggerated volume of alerts, and also the risk of a coffee signal to noise magnitude relation (essentially that it\’s probably that they\’re going to receive quite few unhelpful reports for each useful report). Additionally, if the program does not attract enough participants (or participants with the incorrect talent set, and so participants are not able to establish any bugs), the program is not useful for the companies. The overwhelming majority of bug bounty participants consider web site vulnerabilities (72%, per HackerOn), whereas solely a number of (3.5%) value more highly to seek for package vulnerabilities. This is probably because of the actual fact that hacking in operation systems (like network hardware and memory) needs a big quantity of extremely specialised experience. this implies that firms may even see vital come on investment for bug bounties on websites, and not for alternative applications, notably those that need specialised experience. This conjointly implies that organizations which require to look at AN application or web site among a selected time-frame may not need to rely on a bug bounty as there is no guarantee of once or if they receive reports. Finally, it are often probably risky to permit freelance researchers to try to penetrate your network. this could end in public speech act of bugs, inflicting name harm within the limelight (which could end in individuals not eager to purchase the organizations\’ product or service), or speech act of bugs to additional malicious third parties, United Nations agency may use this data to focus on the organization.

Question 6:

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

A. Timing-based attack

B. Side-channel attack

C. Downgrade security attack

D. Cache-based attack

Correct Answer: B

Question 7:

Which of the following statements is TRUE?

A. Packet Sniffers operate on the Layer 1 of the OSI model.

B. Packet Sniffers operate on Layer 2 of the OSI model.

C. Packet Sniffers operate on both Layer 2 and Layer 3 of the OSI model.

D. Packet Sniffers operate on Layer 3 of the OSI model.

Correct Answer: B

Question 8:

Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane\’s company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?

A. Dumpster diving

B. Eavesdropping

C. Shoulder surfing

D. impersonation

Correct Answer: D

Question 9:

Which tool can be used to silently copy files from USB devices?

A. USB Grabber

B. USB Snoopy

C. USB Sniffer

D. Use Dumper

Correct Answer: D

Question 10:

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored?

A. symmetric algorithms

B. asymmetric algorithms

C. hashing algorithms

D. integrity algorithms

Correct Answer: C

Question 11:

Don, a student, came across a gaming app in a third-party app store and Installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after Installing the app. What is the attack performed on Don in the above scenario?

A. SMS phishing attack

B. SIM card attack

C. Agent Smith attack

D. Clickjacking

Correct Answer: D

Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. this will cause users to unwittingly download malware, visit malicious sites , provide credentials or sensitive information, transfer money, or purchase products online.Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they\’re clicking the visible page but actually they\’re clicking an invisible element within the additional page transposed on top of it.The invisible page might be a malicious page, or a legitimate page the user didn\’t shall visit ?for instance , a page on the user\’s banking site that authorizes the transfer of cash .There are several variations of the clickjacking attack, such as: Likejacking a way during which the Facebook “Like” button is manipulated, causing users to “like” a page they really didn\’t shall like. Cursorjacking a UI redressing technique that changes the cursor for the position the user perceives to a different position. Cursorjacking relies on vulnerabilities in Flash and therefore the Firefox browser, which have now been fixed. Clickjacking attack example1. The attacker creates a beautiful page which promises to offer the user a free trip to Tahiti.2. within the background the attacker checks if the user is logged into his banking site and if so, loads the screen that permits transfer of funds, using query parameters to insert the attacker\’s bank details into the shape .3. The bank transfer page is displayed in an invisible iframe above the free gift page, with the “Confirm Transfer” button exactly aligned over the “Receive Gift” button visible to the user.4. The user visits the page and clicks the “Book My Free Trip” button.5. actually the user is clicking on the invisible iframe, and has clicked the “Confirm Transfer” button. Funds are transferred to the attacker.6. The user is redirected to a page with information about the free gift (not knowing what happened within the background). This example illustrates that, during a clickjacking attack, the malicious action (on the bank website, during this case) can\’t be traced back to the attacker because the user performed it while being legitimately signed into their own account. Clickjacking mitigationThere are two general ways to defend against clickjacking: Client- side methods the foremost common is named Frame Busting. Client-side methods are often effective in some cases, but are considered to not be a best practice, because they will be easily bypassed. Server-side methods the foremost common is X-Frame-Options. Server-side methods are recommended by security experts as an efficient thanks to defend against clickjacking.

Question 12:

Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to “”know”” to prove yourself that it was Bob who had send a mail?

A. Non-Repudiation

B. Integrity

C. Authentication

D. Confidentiality

Correct Answer: A

Question 13:

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

A. Proxy scanner

B. Agent-based scanner

C. Network-based scanner

D. Cluster scanner

Correct Answer: B

Knowing when to include agents into your vulnerability management processes isn\’t an easy decision. Below are common use cases for agent-based vulnerability scanning to assist you build out your combined scanning strategy. Intermittent or Irregular Connectivity: Vulnerability management teams are now tasked with scanning devices that access the company network remotely using public or home-based Wi-Fi connections. These connections are often unreliable and intermittent leading to missed network-based scans. Fortunately, the scanning frequency of agents doesn\’t require a network connection. The agent detects when the device is back online, sending scan data when it\’s ready to communicate with the VM platform. Connecting Non-Corporate Devices to Corporate Networks:With the increased use of private devices, company networks are more exposed to malware and infections thanks to limited IT and security teams\’ control and visibility. Agent-based scanning gives security teams insight into weaknesses on non-corporate endpoints, keeping them informed about professional hacker is potential attack vectors in order that they can take appropriate action. Endpoints Residing Outside of Company Networks: Whether company-issued or BYOD, remote assets frequently hook up with the web outside of traditional network bounds. An agent that resides on remote endpoints conducts regular, authenticated scans checking out system changes and unpatched software. The results are then sent back to the VM platform and combined with other scan results for review, prioritization, and mitigation planning.

Question 14:

Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about ONS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names. IP addresses. DNS records, and network Who is records. He further exploited this information to launch other sophisticated attacks. What is the tool employed by Gerard in the above scenario?

A. Knative


C. Towelroot

D. Bluto

Correct Answer: D

Question 15:

Morris, an attacker, wanted to check whether the target AP is in a locked state. He attempted using

different utilities to identify WPS-enabled APs in the target wireless network. Ultimately, he succeeded with

one special command-line utility.

Which of the following command-line utilities allowed Morris to discover the WPS-enabled APs?

A. wash

B. ntptrace

C. macof

D. net View

Correct Answer: A

Download more 312-50V11 exam questions and answers on:https://www.pass4true.com/312-50v11.html (528 QAs Dumps)

Recommended Posts