Last Updated on July 23, 2021 by InfraExam

312-50v10 : Certified Ethical Hacker v10 Exam : Part 11

  1. You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account. What should you do?

    • Do not report it and continue the penetration test.
    • Transfer money from the administrator’s account to another account.
    • Do not transfer the money but steal the bitcoins.
    • Report immediately to the administrator. 
  2. An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

    • Make sure that legitimate network routers are configured to run routing protocols with authentication. 
    • Disable all routing protocols and only use static routes
    • Only using OSPFv3 will mitigate this risk.
    • Redirection of the traffic cannot happen unless the admin allows it explicitly.
  3. Which system consists of a publicly available set of databases that contain domain name registration contact information?

    • IANA
    • IETF
    • WHOIS
  4. A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:

    – Access List should be written between VLANs.
    – Port security should be enabled for the intranet.
    – A security solution which filters data packets should be set between intranet (LAN) and DMZ.
    – A WAF should be used in front of the web applications.

    According to the section from the report, which of the following choice is true?

    • A stateful firewall can be used between intranet (LAN) and DMZ. 
    • There is access control policy between VLANs.
    • MAC Spoof attacks cannot be performed.
    • Possibility of SQL Injection attack is eliminated.
  5. In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

    • Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
    • Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
    • Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.
    • Vulnerabilities in the application layer are greatly different from IPv4.
  6. It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.

    Which of the following regulations best matches the description?

    • FISMA
    • ISO/IEC 27002
    • HIPAA
    • COBIT
  7. Jesse receives an email with an attachment labeled “”. Inside the zip file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt”. In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.

    What type of malware has Jesse encountered?

    • Worm
    • Macro Virus
    • Key-Logger
    • Trojan
  8. A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

    What kind of Web application vulnerability likely exists in their software?

    • Cross-site scripting vulnerability
    • Session management vulnerability
    • SQL injection vulnerability
    • Cross-site Request Forgery vulnerability
  9. An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction to his own IP address. Now when the employees of the office wants to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

    • MAC Flooding
    • Smurf Attack
    • DNS spoofing 
    • ARP Poisoning
  10. Which results will be returned with the following Google search query? accounting

    • Results from matches on the site that are in the domain but do not include the word accounting.
    • Results matching all words in the query.
    • Results for matches on and that include the word “accounting” 
    • Results matching “accounting” in domain but not on the site
  11. Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

    • Malicious code is attempting to execute instruction a non-executable memory region. 
    • A page fault is occuring, which forces the operating system to write data from the hard drive.
    • A race condition is being exploited, and the operating system is containing the malicious process.
    • Malware is executing in either ROM or a cache memory area.
  12. As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.

    What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?

    • Service Level Agreement
    • Project Scope
    • Rules of Engagement 
    • Non-Disclosure Agreement
  13. When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?

    • False negative
    • True negative
    • True positive
    • False positive 
  14. The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.

    What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

    • Public
    • Private 
    • Shared
    • Root
  15. Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

    312-50v10 Part 11 Q15 011
    312-50v10 Part 11 Q15 011

    What is she trying to achieve?

    • She is using ftp to transfer the file to another hacker named John.
    • She is using John the Ripper to crack the passwords in the secret.txt file 
    • She is encrypting the file.
    • She is using John the Ripper to view the contents of the file.
  16. What is the correct process for the TCP three-way handshake connection establishment and connection termination?

    • Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK
    • Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK
    • Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK
    • Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN
  17. env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’

    What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host?

    • Removes the passwd file
    • Changes all passwords in passwd
    • Add new user to the passwd file
    • Display passwd content to prompt 
  18. Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides ‘security through obscurity’.

    What technique is Ricardo using?

    • Encryption
    • Steganography 
    • RSA algorithm
    • Public-key cryptography
  19. A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

    • Try to sell the information to a well-paying party on the dark web.
    • Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.
    • Ignore it.
    • Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability. 
  20. Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

    • nmap –p 445 –n –T4 –open 
    • nmap –p 445 –max –Pn
    • nmap –sn –sF 445
    • nmap –s 445 –sU –T5