1. Home
  2. EC-COUNCIL
  3. 312-50V10

EC-COUNCIL 312-50V10 Online Practice Questions and Exam Preparation

312-50V10 Exam Details

  • Exam Code
    :312-50V10
  • Exam Name
    :EC-Council Certified Ethical Hacker (C|EH v10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :747 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-50V10 Online Questions & Answers

  • Question 311:

    How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?

    A. Defeating the scanner from detecting any code change at the kernel
    B. Replacing patch system calls with its own version that hides the rootkit (attacker's) actions
    C. Performing common services for the application process and replacing real applications with fake ones
    D. Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

  • Question 312:

    What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?

    A. nmap -T4 -F 10.10.0.0/24
    B. nmap -T4 -q 10.10.0.0/24
    C. nmap -T4 -O 10.10.0.0/24
    D. nmap -T4 -r 10.10.1.0/24

  • Question 313:

    Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?

    A. Metasploit
    B. Wireshark
    C. Maltego
    D. Cain and Abel

  • Question 314:

    Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

    A. CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.
    B. CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.
    C. CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.
    D. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

  • Question 315:

    This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. Select the option that BEST describes the above statement.

    A. Multi-cast mode
    B. WEM
    C. Promiscuous mode
    D. Port forwarding

  • Question 316:

    You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

    A. Event logs on the PC
    B. Internet Firewall/Proxy log
    C. IDS log
    D. Event logs on domain controller

  • Question 317:

    A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

    A. Ignore it.
    B. Try to sell the information to a well-paying party on the dark web.
    C. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.
    D. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.

  • Question 318:

    This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landscape" looks like. What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

    A. footprinting
    B. network mapping
    C. gaining access
    D. escalating privileges

  • Question 319:

    You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

    A. False Negative
    B. False Positive
    C. True Negative
    D. True Positive

  • Question 320:

    The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a

    buffer overflow attack.

    You also notice "/bin/sh" in the ASCII part of the output.

    As an analyst what would you conclude about the attack?

    A. The buffer overflow attack has been neutralized by the IDS
    B. The attacker is creating a directory on the compromised machine
    C. The attacker is attempting a buffer overflow attack and has succeeded
    D. The attacker is attempting an exploit that launches a command-line shell

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.