312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 25

312-50 : All Parts

You’ve just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
- Disable Key Services
- Create User Account
- Download and Install Netcat
- Disable IPTables
What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators of the malware to remove the restriction?
- Ransomware
- Riskware
- Adware
- Spyware
The following are types of Bluetooth attack EXCEPT_____?
- Bluejacking
- Bluesmaking
- Bluesnarfing
- Bluedriving
Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
- Use digital certificates to authenticate a server prior to sending data.
- Verify access right before allowing access to protected information and UI controls.
- Verify access right before allowing access to protected information and UI controls.
- Validate and escape all information sent to a server.
A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?
- Intrusion Prevention System (IPS)
- Vulnerability scanner
- Protocol analyzer
- Network sniffer
Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?
- Use cryptographic storage to store all PII
- Use full disk encryption on all hard drives to protect PII
- Use encrypted communications protocols to transmit PII
- Use a security token to log into all Web applications that use PII
A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario?
- The client cannot see the SSID of the wireless network
- The WAP does not recognize the client’s MAC address.
- The wireless client is not configured to use DHCP.
- Client is configured for the wrong channel
This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. Select the option that BEST describes the above statement.
- Multi-cast mode
- WEM
- Promiscuous mode
- Port forwarding
Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?
- SOA
- Single-Sign On
- PKI
- Biometrics
A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?
- Mutating
- Randomizing
- Fuzzing
- Bounding
What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?
- c:\compmgmt.msc
- c:\gpedit
- c:\ncpa.cpl
- c:\services.msc
Which of the following is a wireless network detector that is commonly found on Linux?
- Kismet
- Abel
- Netstumbler
- Nessus
Which specific element of security testing is being assured by using hash?
- Authentication
- Integrity
- Confidentiality
- Availability
Which of the following is a restriction being enforced in “white box testing?”
- Only the internal operation of a system is known to the tester
- The internal operation of a system is completely known to the tester
- The internal operation of a system is only partly accessible to the tester
- Only the external operation of a system is accessible to the tester
Which of the following is a vulnerability in GNU’s bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
- Shellshock
- Rootshell
- Rootshock
- Shellbash
When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?
- AH Tunnel mode
- AH promiscuous
- ESP transport mode
- ESP confidential
Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:

invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

Obviously, it is not going through. What is the issue here?
- OS Scan requires root privileges
- The nmap syntax is wrong.
- The outgoing TCP/IP fingerprinting is blocked by the host firewall
- This is a common behavior for a corrupted nmap application
While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker?
- Clickjacking
- Web Form Input Validation
- Cross-Site Request Forgery
- Cross-Site Scripting
A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?
- Insufficient security management
- Insufficient database hardening
- Insufficient input validation
- Insufficient exception handling
Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement?
- TACACS+
- DIAMETER
- Kerberos
- RADIUS

312-50 : All Parts

312-50 : CEH Certified Ethical Hacker (312-50v9) : All Parts
312-50 Part 01	312-50 Part 09	312-50 Part 17	312-50 Part 25
312-50 Part 02	312-50 Part 10	312-50 Part 18	312-50 Part 26
312-50 Part 03	312-50 Part 11	312-50 Part 19	312-50 Part 27
312-50 Part 04	312-50 Part 12	312-50 Part 20	312-50 Part 28
312-50 Part 05	312-50 Part 13	312-50 Part 21	312-50 Part 29
312-50 Part 06	312-50 Part 14	312-50 Part 22	312-50 Part 30
312-50 Part 07	312-50 Part 15	312-50 Part 23	312-50 Part 31
312-50 Part 08	312-50 Part 16	312-50 Part 24

312-50 : CEH Certified Ethical Hacker (312-50v9) : All Parts
312-50 Part 01	312-50 Part 09	312-50 Part 17	312-50 Part 25
312-50 Part 02	312-50 Part 10	312-50 Part 18	312-50 Part 26
312-50 Part 03	312-50 Part 11	312-50 Part 19	312-50 Part 27
312-50 Part 04	312-50 Part 12	312-50 Part 20	312-50 Part 28
312-50 Part 05	312-50 Part 13	312-50 Part 21	312-50 Part 29
312-50 Part 06	312-50 Part 14	312-50 Part 22	312-50 Part 30
312-50 Part 07	312-50 Part 15	312-50 Part 23	312-50 Part 31
312-50 Part 08	312-50 Part 16	312-50 Part 24

312-50 : CEH Certified Ethical Hacker (312-50v9) : Part 25

You’ve just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?

What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators of the malware to remove the restriction?

The following are types of Bluetooth attack EXCEPT_____?

Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?

A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use?

Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?

This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. Select the option that BEST describes the above statement.

Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?

A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?

What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?

Which of the following is a wireless network detector that is commonly found on Linux?

Which specific element of security testing is being assured by using hash?

Which of the following is a restriction being enforced in “white box testing?”

Which of the following is a vulnerability in GNU’s bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?

When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:

invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24

TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!

Obviously, it is not going through. What is the issue here?

A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?