Exam Code: 312-50v8 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Certified Ethical Hacker v8
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50v8 Exam.

2021 Oct 312-50v8 exam price

Q431. John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. 

In the context of Session hijacking why would you consider this as a false sense of security? 

A. The token based security cannot be easily defeated. 

B. The connection can be taken over after authentication. 

C. A token is not considered strong authentication. 

D. Token security is not widely used in the industry. 

Answer: B 


Q432. Bob reads an article about how insecure wireless networks can be. He gets approval from his management to implement a policy of not allowing any wireless devices on the network. What other steps does Bob have to take in order to successfully implement this? (Select 2 answer.) 

A. Train users in the new policy. 

B. Disable all wireless protocols at the firewall. 

C. Disable SNMP on the network so that wireless devices cannot be configured. 

D. Continuously survey the area for wireless devices. 

Answer: AD 


Q433. In the context of Windows Security, what is a 'null' user? 

A. A user that has no skills 

B. An account that has been suspended by the admin 

C. A pseudo account that has no username and password 

D. A pseudo account that was created for security administration purpose 

Answer: C 


Q434. What do you call a system where users need to remember only one username and password, and be authenticated for multiple services? 

A. Simple Sign-on 

B. Unique Sign-on 

C. Single Sign-on 

D. Digital Certificate 

Answer: C 


Q435. A denial of Service (DoS) attack works on the following principle: 

A. MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily. 

B. All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily. 

C. Overloaded buffer systems can easily address error conditions and respond appropriately. 

D. Host systems cannot respond to real traffic,if they have an overwhelming number of incomplete connections (SYN/RCVD State). 

E. A server stops accepting connections from certain networks one those network become flooded. 

Answer: D 


312-50v8 practice question

Up to date 312-50v8 testing engine:

Q436. Exhibit: 


The following is an entry captured by a network IDS.You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack? 

A. The buffer overflow attack has been neutralized by the IDS 

B. The attacker is creating a directory on the compromised machine 

C. The attacker is attempting a buffer overflow attack and has succeeded 

D. The attacker is attempting an exploit that launches a command-line shell 

Answer: D 


Q437. An.ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend.recently started.a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor..What should the hacker's next step be before starting work on this job? 

A. Start by foot printing the network and mapping out a plan of attack. 

B. Ask the employer for.authorization to perform the work outside the company. 

C. Begin the reconnaissance phase with passive information gathering and then move into active information gathering. 

D. Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack. 

Answer: B 


Q438. A digital signature is simply a message that is encrypted with the public key instead of the private key. 

A. true 

B. false 

Answer: B 


Q439. Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing. 

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two) 

A. Ethernet Zapping 

B. MAC Flooding 

C. Sniffing in promiscuous mode 

D. ARP Spoofing 

Answer: BD 


Q440. What port scanning method is the most reliable but also the most detectable? 

A. Null Scanning 

B. Connect Scanning 

C. ICMP Scanning 

D. Idlescan Scanning 

E. Half Scanning 

F. Verbose Scanning 

Answer: B