• Home
  • Articles
  • CEH v11 Certification 312-50v11 Sample Questions Reliable [Q15-Q35]

CEH v11 Certification 312-50v11 Sample Questions Reliable [Q15-Q35]

Share

CEH v11 Certification 312-50v11 Sample Questions Reliable

Prepare for the Actual CEH v11 312-50v11 Exam Practice Materials Collection

NEW QUESTION 15
Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?

  • A. Bluesnarfing
  • B. BlueSniffing
  • C. Bluesmacking
  • D. Bluejacking

Answer: D

 

NEW QUESTION 16
An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's dat a. What type of attack is this?

  • A. Vlishing
  • B. Phishing
  • C. Spoofing
  • D. DDoS

Answer: B

 

NEW QUESTION 17
Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

  • A. Fed RAMP
  • B. PCIDSS
  • C. SOX
  • D. HIPAA

Answer: C

Explanation:
The Sarbanes-Oxley Act of 2002 could be a law the U.S. Congress passed on July thirty of that year to assist defend investors from fallacious money coverage by companies.Also called the SOX Act of 2002 and also the company Responsibility Act of 2002, it mandated strict reforms to existing securities rules and obligatory powerful new penalties on law breakers.
The Sarbanes-Oxley law Act of 2002 came in response to money scandals within the early 2000s involving in public listed corporations like Enron Corporation, Tyco International plc, and WorldCom. The high-profile frauds cask capitalist confidence within the trustiness of company money statements Associate in Nursingd light-emitting diode several to demand an overhaul of decades-old restrictive standards.

 

NEW QUESTION 18
Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

  • A. Time-based and union-based
  • B. Time-based and boolean-based
  • C. Out of band and boolean-based
  • D. union-based and error-based

Answer: C

 

NEW QUESTION 19
Which of the following is an extremely common IDS evasion technique in the web world?

  • A. Spyware
  • B. Unicode Characters
  • C. Port Knocking
  • D. Subnetting

Answer: B

 

NEW QUESTION 20
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?

  • A. Blind SQL injection
  • B. Boolean-based blind SQL injection
  • C. Union SQL injection
  • D. Error-based injection

Answer: C

 

NEW QUESTION 21
Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisements on his smartphone after installing the app.
What is the attack performed on Don in the above scenario?

  • A. SMS phishing attack
  • B. Clickjacking
  • C. SIM card attack
  • D. Agent Smith attack

Answer: D

 

NEW QUESTION 22
Richard, an attacker, aimed to hack loT devices connected to a target network. In this process. Richard recorded the frequency required to share information between connected devices. After obtaining the frequency, he captured the original data when commands were initiated by the connected devices. Once the original data were collected, he used free tools such as URH to segregate the command sequence.
Subsequently, he started injecting the segregated command sequence on the same frequency into the loT network, which repeats the captured signals of the devices. What Is the type of attack performed by Richard In the above scenario?

  • A. Side-channel attack
  • B. Replay attack
  • C. Reconnaissance attack
  • D. CrypTanalysis attack

Answer: B

Explanation:
Explanation
Replay Attack could be a variety of security attack to the info sent over a network.In this attack, the hacker or a person with unauthorized access, captures the traffic and sends communication to its original destination, acting because the original sender. The receiver feels that it's Associate in Nursing genuine message however it's really the message sent by the aggressor. the most feature of the Replay Attack is that the consumer would receive the message double, thence the name, Replay Attack.
Prevention from Replay Attack : 1. Timestamp technique -Prevention from such attackers is feasible, if timestamp is employed at the side of the info. Supposedly, the timestamp on an information is over a precise limit, it may be discarded, and sender may be asked to send the info once more.2. Session key technique
-Another way of hindrance, is by victimisation session key. This key may be used one time (by sender and receiver) per dealing, and can't be reused.

 

NEW QUESTION 23
An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

  • A. Only using OSPFv3 will mitigate this risk.
  • B. Make sure that legitimate network routers are configured to run routing protocols with authentication.
  • C. Redirection of the traffic cannot happen unless the admin allows it explicitly.
  • D. Disable all routing protocols and only use static routes

Answer: B

 

NEW QUESTION 24
Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students.
He identified this when the IDS alerted for malware activities in the network.
What should Bob do to avoid this problem?

  • A. Disable unused ports in the switches
  • B. Separate students in a different VLAN
  • C. Use the 802.1x protocol
  • D. Ask students to use the wireless network

Answer: C

 

NEW QUESTION 25
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place.
He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

  • A. Hardware and Software Keyloggers.
  • B. Software only, they are the most effective.
  • C. Passwords are always best obtained using Hardware key loggers.
  • D. Hardware, Software, and Sniffing.

Answer: D

 

NEW QUESTION 26
Samuel, a professional hacker, monitored and intercepted already established traffic between Bob and a host machine to predict Bob's ISN. Using this ISN, Samuel sent spoofed packets with Bob's IP address to the host machine. The host machine responded with a packet having an incremented ISN. Consequently, Bob's connection got hung, and Samuel was able to communicate with the host machine on behalf of Bob.
What is the type of attack performed by Samuel in the above scenario?

  • A. Blind hijacking
  • B. Forbidden attack
  • C. TCP/IP hijacking
  • D. UDP hijacking

Answer: C

 

NEW QUESTION 27
SQL injection (SOU) attacks attempt to inject SOL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?

  • A. Union-based SQLI
  • B. ln-band SQLI
  • C. Out-of-band SQLI
  • D. Time-based blind SQLI

Answer: A

 

NEW QUESTION 28
This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

  • A. IDEA
  • B. Twofish encryption algorithm
  • C. Blowfish encryption algorithm
  • D. HMAC encryption algorithm

Answer: B

Explanation:
Explanation
Twofish is an encryption algorithm designed by Bruce Schneier. It's a symmetric key block cipher with a block size of 128 bits, with keys up to 256 bits. it's associated with AES (Advanced Encryption Standard) and an earlier block cipher called Blowfish. Twofish was actually a finalist to become the industry standard for encryption, but was ultimately beaten out by the present AES.Twofish has some distinctive features that set it aside from most other cryptographic protocols. For one, it uses pre-computed, key-dependent S-boxes. An S-box (substitution-box) may be a basic component of any symmetric key algorithm which performs substitution. within the context of Twofish's block cipher, the S-box works to obscure the connection of the key to the ciphertext. Twofish uses a pre-computed, key-dependent S-box which suggests that the S-box is already provided, but depends on the cipher key to decrypt the knowledge .
How Secure is Twofish?Twofish is seen as a really secure option as far as encryption protocols go. one among the explanations that it wasn't selected because the advanced encryption standard is thanks to its slower speed.
Any encryption standard that uses a 128-bit or higher key, is theoretically safe from brute force attacks.
Twofish is during this category.Because Twofish uses "pre-computed key-dependent S-boxes", it are often susceptible to side channel attacks. this is often thanks to the tables being pre-computed. However, making these tables key-dependent helps mitigate that risk. There are a couple of attacks on Twofish, but consistent with its creator, Bruce Schneier, it didn't constitute a real cryptanalysis. These attacks didn't constitue a practical break within the cipher.
Products That Use TwofishGnuPG: GnuPG may be a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also referred to as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a flexible key management system, along side access modules for all types of public key directories.KeePass: KeePass may be a password management tool that generates passwords with top-notch security. It's a free, open source, lightweight and easy-to-use password manager with many extensions and plugins.Password Safe: Password Safe uses one master password to stay all of your passwords protected, almost like the functionality of most of the password managers on this list. It allows you to store all of your passwords during a single password database, or multiple databases for various purposes. Creating a database is straightforward , just create the database, set your master password.PGP (Pretty Good Privacy):
PGP is employed mostly for email encryption, it encrypts the content of the e-mail . However, Pretty Good Privacy doesn't encrypt the topic and sender of the e-mail , so make certain to never put sensitive information in these fields when using PGP.TrueCrypt: TrueCrypt may be a software program that encrypts and protects files on your devices. With TrueCrypt the encryption is transparent to the user and is completed locally at the user's computer. this suggests you'll store a TrueCrypt file on a server and TrueCrypt will encrypt that file before it's sent over the network.

 

NEW QUESTION 29
These hackers have limited or no training and know how to use only basic techniques or tools.
What kind of hackers are we talking about?

  • A. Black-Hat Hackers A
  • B. White-Hat Hackers
  • C. Script Kiddies
  • D. Gray-Hat Hacker

Answer: B

 

NEW QUESTION 30
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?

  • A. administration.config
  • B. php.ini
  • C. idq.dll
  • D. httpd.conf

Answer: B

 

NEW QUESTION 31
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site.
Which file does the attacker need to modify?

  • A. Sudoers
  • B. Networks
  • C. Boot.ini
  • D. Hosts

Answer: D

 

NEW QUESTION 32
if you send a TCP ACK segment to a known closed port on a firewall but it does not respond with an RST.
what do you know about the firewall you are scanning?

  • A. There is no firewall in place.
  • B. It is a stateful firewall
  • C. This event does not tell you encrypting about the firewall.
  • D. It Is a non-stateful firewall.

Answer: B

 

NEW QUESTION 33
Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network.
What is the type of vulnerability assessment that Morris performed on the target organization?

  • A. Internal assessment
  • B. Credentialed assessment
  • C. Passive assessment
  • D. External assessment

Answer: C

 

NEW QUESTION 34
In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56 bits. Which is this encryption algorithm?

  • A. IDEA
  • B. AES
  • C. MD5 encryption algorithm
  • D. Triple Data Encryption Standard

Answer: D

 

NEW QUESTION 35
......

Ace EC-COUNCIL 312-50v11 Certification with Actual Questions Jun 29, 2022 Updated: https://exams4sure.briandumpsprep.com/312-50v11-prep-exam-braindumps.html

Related Articles

more
EC-COUNCIL 312-50v11 Certification Practice Exam

Our Newest Torrent will greatly reduce your burden and improve your possibility of passing the exam. Our Latest Study Material will help you clear your exam easily and successfully. Our Practice Materials will ensure you get the newest and latest knowledge of actual test.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BraindumpsPrep NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy