EC-COUNCIL 312-50 Online Practice
Questions and Exam Preparation
312-50 Exam Details
Exam Code
:312-50
Exam Name
:Certified Ethical Hacker
Certification
:EC-COUNCIL Certifications
Vendor
:EC-COUNCIL
Total Questions
:765 Q&As
Last Updated
:May 31, 2026
EC-COUNCIL 312-50 Online Questions &
Answers
Question 581:
What will the following command produce on a website's login page if executed successfully? SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'
A. This code will insert the [email protected] email address into the members table. B. This command will delete the entire members table. C. It retrieves the password for the first user in the members table. D. This command will not produce anything since the syntax is incorrect.
B. This command will delete the entire members table.
Question 582:
Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access
card and follows him through the open door into the secure systems area.
How would you describe Jason's behavior within a security context?
A. Trailing B. Tailgating C. Swipe Gating D. Smooth Talking
B. Tailgating
Tailgating, in which an unauthorized person follows someone with a pass into an office, is a very simple social engineering attack. The intruder opens the door, which the authorized user walks through, and then engages them in conversation about the weather or weekend sport while they walk past the reception area together.
Question 583:
There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption? Select the best answers.
A. PKI provides data with encryption, compression, and restorability. B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman. C. When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption. D. RSA is a type of encryption.
B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman. D. RSA is a type of encryption.
PKI provides confidentiality, integrity, and authenticity of the messages exchanged between these two types of systems. The 3rd party provides the public key and the receiver verifies the message with a combination of the private and public key. Public-key encryption WAS invented in 1976 by Whitfield Diffie and Martin Hellman. The famous hashing algorithm Diffie-Hellman was named after them. The RSA Algorithm is created by the RSA Security company that also has created other widely used encryption algorithms.
Question 584:
Marshall is the information security manager for his company. Marshall was just hired on two months ago after the last information security manager retired. Since the last manager did not implement or even write IT policies, Marshall has begun writing IT security policies to cover every conceivable aspect. Marshall's supervisor has informed him that while most employees will be under one set of policies, ten other employees will be under another since they work on computers in publicly- accessible areas. Per his supervisor, Marshall has written two sets of policies. For the users working on publicly-accessible computers, their policies state that everything is forbidden. They are not allowed to browse the Internet or even use email. The only thing they can use is their work related applications like Word and Excel.
What types of policies has Marshall written for the users working on computers in the publicly- accessible areas?
A. He has implemented Permissive policies for the users working on public computers B. These types of policies would be considered Promiscuous policies C. He has written Paranoid policies for these users in public areas D. Marshall has created Prudent policies for the computer users in publicly-accessible areas
C. He has written Paranoid policies for these users in public areas
It says that everything is forbidden, this means that there is a Paranoid Policy implemented
Question 585:
You are trying to compromise a Linux Machine and steal the password hashes for cracking with password brute forcing program. Where is the password file kept is Linux?
A. /etc/shadow B. /etc/passwd C. /bin/password D. /bin/shadow
A. /etc/shadow
/etc/shadow file stores actual password in encrypted format for user's account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file.
Question 586:
Attackers send an ACK probe packet with random sequence number, no response means port is filtered (Stateful firewall is present) and RST response means the port is not filtered. What type of Port Scanning is this?
A. RST flag scanning B. FIN flag scanning C. SYN flag scanning D. ACK flag scanning
D. ACK flag scanning
Question 587:
Why is Social Engineering considered attractive by hackers and also adopted by experts in the field?
A. It is done by well known hackers and in movies as well. B. It does not require a computer in order to commit a crime. C. It is easy and extremely effective to gain information. D. It is not considered illegal.
C. It is easy and extremely effective to gain information.
Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information
gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim. The term has been popularized in recent years by well known (reformed) computer criminal and security consultant
Kevin Mitnick who points out that it's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in.
He claims it to be the single most effective method in his arsenal.
Question 588:
What does ICMP (type 11, code 0) denote?
A. Unknown Type B. Time Exceeded C. Source Quench D. Destination Unreachable
B. Time Exceeded
An ICMP Type 11, Code 0 means Time Exceeded [RFC792], Code 0 = Time to Live exceeded in Transit and Code 1 = Fragment Reassembly Time Exceeded.
Question 589:
Which of the following encryption is not based on Block Cipher?
A. DES B. Blowfish C. AES D. RC4
D. RC4
RC4 (also known as ARC4 or ARCFOUR) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).
Question 590:
Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.
Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)
A. Ethernet Zapping B. MAC Flooding C. Sniffing in promiscuous mode D. ARP Spoofing
B. MAC Flooding D. ARP Spoofing
In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-50 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.