Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
ECCouncil
Certified Ethical Hacker
312-50
Certified Ethical Hacker Exam Questions and Answers

Pass the ECCouncil Certified Ethical Hacker 312-50 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 312-50 Premium Access

View all detail and faqs for the 312-50 exam

Go to Exam

506 Students Passed

86% Average Score

90% Same Questions

Viewing page 1 out of 12 pages

Viewing questions 1-10 out of questions

Questions # 1:

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

Overwrites the original MBR and only executes the new virus code

Answer

Explanation

A boot sector virus is a computer virus that infects a storage device's master boot record (MBR). The virus moves the boot sector to another location on the hard drive.

References: https://www.techopedia.com/definition/26655/boot-sector-virus

Questions # 2:

Which of the following is an application that requires a host application for replication?

Options:

Micro

Worm

Trojan

Virus

Answer

Explanation

Computer viruses infect a variety of different subsystems on their hosts. A computer virus is a malware that, when executed, replicates by reproducing itself or infecting other programs by modifying them. Infecting computer programs can include as well, data files, or the boot sector of the hard drive. When this replication succeeds, the affected areas are then said to be "infected".

References: https://en.wikipedia.org/wiki/Computer_virus

Questions # 3:

In order to show improvement of security over time, what must be developed?

Options:

Reports

Testing tools

Metrics

Taxonomy of vulnerabilities

Answer

Explanation

Today, management demands metrics to get a clearer view of security.

Metrics that measure participation, effectiveness, and window of exposure, however, offer information the organization can use to make plans and improve programs.

References: http://www.infoworld.com/article/297464 2/security/4-security-metrics-that-matter.html

Questions # 4:

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Options:

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

Network firewalls can prevent attacks if they are properly configured.

Network firewalls cannot prevent attacks because they are too complex to configure.

Answer

Explanation

Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. To prevent Web Application attacks an Application layer firewall would be required.

References: https://en.wikipedia.org/wiki/Firewall_(comp uting)#Network_layer_or_packet_filters

Questions # 5:

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

Paros Proxy

BBProxy

BBCrack

Blooover

Answer

Explanation

Blackberry users warned of hacking tool threat.

Users have been warned that the security of Blackberry wireless e-mail devices is at risk due to the availability this week of a new hacking tool. Secure Computing Corporation said businesses that have installed Blackberry servers behind their gateway security devices could be vulnerable to a hacking attack from a tool call BBProxy.

References: http://www.computerweekly.com/news/2240062112/Technology-news-in-brief

Questions # 6:

Bluetooth uses which digital modulation technique to exchange information between paired devices?

Options:

PSK (phase-shift keying)

FSK (frequency-shift keying)

ASK (amplitude-shift keying)

QAM (quadrature amplitude modulation)

Answer

Explanation

Phase shift keying is the form of Bluetooth modulation used to enable the higher data rates achievable with Bluetooth 2 EDR (Enhanced Data Rate). Two forms of PSK are used: π/4 DQPSK, and 8DPSK.

References: http://www.radio-electronics.com/info/wireless/bluetooth/radio-interface-modulation.php

Questions # 7:

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Options:

Fast processor to help with network traffic analysis

They must be dual-homed

Similar RAM requirements

Fast network interface cards

Answer

Explanation

Dual-homed or dual-homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dual-homed is one of the firewall architectures, such as an IDS/IPS system, for implementing preventive security.

References: https://en.wikipedia.org/wiki/Dual-homed

Questions # 8:

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Options:

Restore a random file.

Perform a full restore.

Read the first 512 bytes of the tape.

Read the last 512 bytes of the tape.

Answer

Explanation

A full restore is required.

Questions # 9:

Which of the following programs is usually targeted at Microsoft Office products?

Options:

Polymorphic virus

Multipart virus

Macro virus

Stealth virus

Answer

Explanation

A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread.

References: https://en.wik ipedia.org/wiki/Macro_virus

Questions # 10:

What is the most common method to exploit the “Bash Bug” or “ShellShock" vulnerability?

Options:

Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

Manipulate format strings in text fields

SSH

SYN Flood

Answer

Explanation

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell.

One specific exploitation vector of the Shellshock bug is CGI-based web servers.

Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the request to a handler program in the environment variable list. For example, the variable HTTP_USER_AGENT has a value that, in normal usage, identifies the program sending the request. If the request handler is a Bash script, or if it executes one for example using the system call, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request.

References: https://en.wikipedia.org/wiki/Shellshock_(software_bug)#Specific_exploitation_vectors

Viewing page 1 out of 12 pages

Viewing questions 1-10 out of questions