Cause all that matters here is passing the EC-Council 312-50v11 exam. Cause all that you need is a high score of 312-50v11 Certified Ethical Hacker Exam (CEH v11) exam. The only one thing you need to do is downloading Passleader 312-50v11 exam study guides now. We will not let you down with our money-back guarantee.

Free 312-50v11 Demo Online For EC-Council Certifitcation:

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

  • A. Data items and vulnerability scanning
  • B. Interviewing employees and network engineers
  • C. Reviewing the firewalls configuration
  • D. Source code review

Answer: A

What does the –oX flag do in an Nmap scan?

  • A. Perform an eXpress scan
  • B. Output the results in truncated format to the screen
  • C. Output the results in XML format to a file
  • D. Perform an Xmas scan

Answer: C

Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response team?

  • A. Leave it as it Is and contact the incident response te3m right away
  • B. Block the connection to the suspicious IP Address from the firewall
  • C. Disconnect the email server from the network
  • D. Migrate the connection to the backup email server

Answer: C

An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines. Which one of the following tools the hacker probably used to inject HTML code?

  • A. Wireshark
  • B. Ettercap
  • C. Aircrack-ng
  • D. Tcpdump

Answer: B

What is a NULL scan?

  • A. A scan in which all flags are turned off
  • B. A scan in which certain flags are off
  • C. A scan in which all flags are on
  • D. A scan in which the packet size is set to zero
  • E. A scan with an illegal packet size

Answer: A

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!” From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed in his browser to reveal the following web page:
312-50v11 dumps exhibit
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

  • A. ARP spoofing
  • B. SQL injection
  • C. DNS poisoning
  • D. Routing table injection

Answer: C

Which type of security feature stops vehicles from crashing through the doors of a building?

  • A. Bollards
  • B. Receptionist
  • C. Mantrap
  • D. Turnstile

Answer: A

What is the purpose of DNS AAAA record?

  • A. Authorization, Authentication and Auditing record
  • B. Address prefix record
  • C. Address database record
  • D. IPv6 address resolution record

Answer: D

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

  • A. 137 and 139
  • B. 137 and 443
  • C. 139 and 443
  • D. 139 and 445

Answer: D

Which service in a PKI will vouch for the identity of an individual or company?

  • A. KDC
  • B. CR
  • C. CBC
  • D. CA

Answer: D

Which of the following is the primary objective of a rootkit?

  • A. It opens a port to provide an unauthorized service
  • B. It creates a buffer overflow
  • C. It replaces legitimate programs
  • D. It provides an undocumented opening in a program

Answer: C

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

  • A. Traceroute
  • B. Hping
  • C. TCP ping
  • D. Broadcast ping

Answer: B

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

  • A. The network devices are not all synchronized.
  • B. Proper chain of custody was not observed while collecting the logs.
  • C. The attacker altered or erased events from the logs.
  • D. The security breach was a false positive.

Answer: A

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?

  • A. Network elements must be hardened with user ids and strong password
  • B. Regular security tests and audits should be performed.
  • C. As long as the physical access to the network elements is restricted, there is no need for additional measures.
  • D. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
  • E. The operator knows that attacks and down time are inevitable and should have a backup site.

Answer: A

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

  • A. Copy the system files from a known good system
  • B. Perform a trap and trace
  • C. Delete the files and try to determine the source
  • D. Reload from a previous backup
  • E. Reload from known good media

Answer: E

ViruXine.W32 virus hides their presence by changing the underlying executable code.
This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.
312-50v11 dumps exhibit
Here is a section of the Virus code:
312-50v11 dumps exhibit
What is this technique called?

  • A. Polymorphic Virus
  • B. Metamorphic Virus
  • C. Dravidic Virus
  • D. Stealth Virus

Answer: A

You are analysing traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs - What command you would use?

  • A. wireshark --fetch ''192.168.8*''
  • B. wireshark --capture --local masked ---range 24
  • C. tshark -net mask
  • D. sudo tshark -f''net 192 .68.8.0/24''

Answer: D

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?

  • A. SFTP
  • B. Ipsec
  • C. SSL
  • D. FTPS

Answer: B

What is correct about digital signatures?

  • A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.
  • B. Digital signatures may be used in different documents of the same type.
  • C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.
  • D. Digital signatures are issued once for each user and can be used everywhere until they expire.

Answer: A

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.
312-50v11 dumps exhibit
What is this attack?

  • A. Cross-site-scripting attack
  • B. SQL Injection
  • C. URL Traversal attack
  • D. Buffer Overflow attack

Answer: A

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:
To: Subject: Test message Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.
This proves that CompanyXYZ’s email gateway doesn’t prevent what?

  • A. Email Masquerading
  • B. Email Harvesting
  • C. Email Phishing
  • D. Email Spoofing

Answer: D

Which type of sniffing technique is generally referred as MiTM attack?
312-50v11 dumps exhibit

  • A. Password Sniffing
  • B. ARP Poisoning
  • C. Mac Flooding
  • D. DHCP Sniffing

Answer: B


Thanks for reading the newest 312-50v11 exam dumps! We recommend you to try the PREMIUM 312-50v11 dumps in VCE and PDF here: (254 Q&As Dumps)