Certified Ethical Hacker Exam Dumps Practice Question Answers -CEH v12

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Certified Ethical Hacker Exam Dumps Practice Question Answers -CEH v12 - 312-50v12

Email *

Write down the full name *

Write down the phone number
*

Write down the E-mail address
*

Question No : 201 You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?
*

1 point

A. IDS log

B. Event logs on domain controller

C. Internet Firewall/Proxy log.

D. Event logs on the PC

Question No : 202 When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?
*

1 point

A. Data items and vulnerability scanning

B. Interviewing employees and network engineers

C. Reviewing the firewalls configuration

D. Source code review

Question No : 203 A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm’s public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag:“b0aac0542e25c31:89d” Content-Length: 7369 Which of the following is an example of what the engineer performed?
*

1 point

A. Banner grabbing

B. SQL injection

C. Whois database query

D. Cross-site scripting

Question No : 204 Samuel, a professional hacker, monitored and Intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with <| packet having an Incremented ISN. Consequently. Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob. What is the type of attack performed by Samuel in the above scenario?
*

1 point

A. UDP hijacking

B. Blind hijacking

C. TCP/IP hacking

D. Forbidden attack

Question No : 205 The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access the Internet. According to the next configuration, what is happening in the network? access-list 102 deny tcp any any access-list 104 permit udp host 10.0.0.3 any access-list 110 permit tcp host 10.0.0.2 eq www any access-list 108 permit tcp any eq ftp any
*

1 point

A. The ACL 104 needs to be first because is UDP

B. The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C. The ACL for FTP must be before the ACL 110

D. The ACL 110 needs to be changed to port 80

Question No : 206 John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?
*

1 point

A. Advanced persistent

B. threat Diversion theft

C. Spear-phishing sites

D. insider threat

Question No : 207 Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?
*

1 point

A. Fed RAMP

B. PCIDSS

C. SOX

D. HIPAA

Question No : 208 While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?
*

1 point

A. -sA

B. -sX

C. -sT

D. -sF

Question No : 209 John the Ripper is a technical assessment tool used to test the weakness of which of the following?
*

1 point

A. Passwords

B. File permissions

C. Firewall rulesets

D. Usernames

Question No : 210 Take a look at the following attack on a Web Server using obstructed URL:
*

1 point

How would you protect from these attacks?

A. Configure the Web Server to deny requests involving "hex encoded" characters

B. Create rules in IDS to alert on strange Unicode requests

C. Use SSL authentication on Web Servers

D. Enable Active Scripts Detection at the firewall and routers

Clear form

Never submit passwords through Google Forms.

This content is neither created nor endorsed by Google. Report Abuse - Terms of Service - Privacy Policy

Forms