EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-50V7 Online Questions & Answers

• Question 271:

  If the final set of security controls does not eliminate all risk in a system, what could be done next?

  A. Continue to apply controls until there is zero risk.
  B. Ignore any remaining risk.
  C. If the residual risk is low enough, it can be accepted.
  D. Remove current controls since they are not completely effective.
  C. If the residual risk is low enough, it can be accepted.

• Question 272:

  Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

  A. Port Scanning
  B. Single Scanning
  C. External Scanning
  D. Vulnerability Scanning
  D. Vulnerability Scanning

• Question 273:

  An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

  A. By using SQL injection
  B. By changing hidden form values
  C. By using cross site scripting
  D. By utilizing a buffer overflow attack
  B. By changing hidden form values

• Question 274:

  Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

  A. ping 192.168.2.
  B. ping 192.168.2.255
  C. for %V in (1 1 255) do PING 192.168.2.%V
  D. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"
  D. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

• Question 275:

  Which type of sniffing technique is generally referred as MiTM attack?

  

  A. Password Sniffing
  B. ARP Poisoning
  C. Mac Flooding
  D. DHCP Sniffing
  B. ARP Poisoning

• Question 276:

  Which of the following is a detective control?

  A. Smart card authentication
  B. Security policy
  C. Audit trail
  D. Continuity of operations plan
  C. Audit trail

• Question 277:

  A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

  A. Say no; the friend is not the owner of the account.
  B. Say yes; the friend needs help to gather evidence.
  C. Say yes; do the job for free.
  D. Say no; make sure that the friend knows the risk she's asking the CEH to take.
  A. Say no; the friend is not the owner of the account.

• Question 278:

  While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web sitE.

  Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

  A. Buffer overflow
  B. Cross-site request forgery
  C. Distributed denial of service
  D. Cross-site scripting
  D. Cross-site scripting

• Question 279:

  Smart cards use which protocol to transfer the certificate in a secure manner?

  A. Extensible Authentication Protocol (EAP)
  B. Point to Point Protocol (PPP)
  C. Point to Point Tunneling Protocol (PPTP)
  D. Layer 2 Tunneling Protocol (L2TP)
  A. Extensible Authentication Protocol (EAP)

• Question 280:

  What is the correct order of steps in CEH System Hacking Cycle?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A