312-50V8 Exam Details

  • Exam Code
    :312-50V8
  • Exam Name
    :Certified Ethical Hacker v8
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1008 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 312-50V8 Online Questions & Answers

  • Question 1:

    A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting

    language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input fielD.

    IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC"

    originalPath="vbscript:msgbox("Vulnerable");>"

    When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

    Which web applications vulnerability did the analyst discover?

    A. Cross-site request forgery
    B. Command injection
    C. Cross-site scripting
    D. SQL injection

  • Question 2:

    Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

    A. Dictionary attack
    B. Brute forcing attack
    C. Hybrid attack
    D. Syllable attack
    E. Rule-based attack

  • Question 3:

    Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?

    A. CI Gathering
    B. Scanning
    C. Dumpster Diving
    D. Garbage Scooping

  • Question 4:

    One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?

    A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process
    B. Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack
    C. Replicating servers that can provide additional failsafe protection
    D. Load balance each server in a multiple-server architecture

  • Question 5:

    What is Form Scalpel used for?

    A. Dissecting HTML Forms
    B. Dissecting SQL Forms
    C. Analysis of Access Database Forms
    D. Troubleshooting Netscape Navigator
    E. Quatro Pro Analysis Tool

  • Question 6:

    Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out vulnerabilities.

    What are some of the common vulnerabilities in web applications that he should be concerned about?

    A. Non-validated parameters,broken access control,broken account and session management,cross-site scripting and buffer overflows are just a few common vulnerabilities
    B. Visible clear text passwords,anonymous user account set as default,missing latest security patch,no firewall filters set and no SSL configured are just a few common vulnerabilities
    C. No SSL configured,anonymous user account set as default,missing latest security patch,no firewall filters set and an inattentive system administrator are just a few common vulnerabilities
    D. No IDS configured,anonymous user account set as default,missing latest security patch,no firewall filters set and visible clear text passwords are just a few common vulnerabilities

  • Question 7:

    Which set of access control solutions implements two-factor authentication?

    A. USB token and PIN
    B. Fingerprint scanner and retina scanner
    C. Password and PIN
    D. Account and password

  • Question 8:

    _________ is one of the programs used to wardial.

    A. DialIT
    B. Netstumbler
    C. TooPac
    D. Kismet
    E. ToneLoc

  • Question 9:

    In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

    A. Token Injection Replay attacks
    B. Shoulder surfing attack
    C. Rainbow and Hash generation attack
    D. Dumpster diving attack

  • Question 10:

    Which of the following parameters describe LM Hash:

    I -The maximum password length is 14 characters.

    II -There are no distinctions between uppercase and lowercase.

    III -It's a simple algorithm, so 10,000,000 hashes can be generated per second.

    A. I
    B. I and II
    C. II
    D. I, II and III

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.