1. Home
  2. EC-COUNCIL
  3. 312-50V8

Certified Ethical Hacker v8

Exam Details

  • Exam Code
    :312-50V8
  • Exam Name
    :Certified Ethical Hacker v8
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1008 Q&As
  • Last Updated
    :Apr 24, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

  • Question 51:

    Take a look at the following attack on a Web Server using obstructed URL:

    http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%

    63%2f%70%61%73%73%77%64

    The request is made up of:

    %2e%2e%2f%2e%2e%2f%2e%2f% = ../../../

    %65%74%63 = etc

    %2f = /

    %70%61%73%73%77%64 = passwd

    How would you protect information systems from these attacks?

    A. Configure Web Server to deny requests involving Unicode characters.

    B. Create rules in IDS to alert on strange Unicode requests.

    C. Use SSL authentication on Web Servers.

    D. Enable Active Scripts Detection at the firewall and routers.

  • Question 52:

    What are the differences between SSL and S-HTTP?

    A. SSL operates at the network layer and S-HTTP operates at the application layer

    B. SSL operates at the application layer and S-HTTP operates at the network layer

    C. SSL operates at the transport layer and S-HTTP operates at the application layer

    D. SSL operates at the application layer and S-HTTP operates at the transport layer

  • Question 53:

    Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system.

    What would you term this attack?

    A. Phishing

    B. Denial of Service

    C. Cross Site Scripting

    D. Backdoor installation

  • Question 54:

    Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful.

    What is the probable cause of Bill's problem?

    A. You cannot use a buffer overflow to deface a web page

    B. There is a problem with the shell and he needs to run the attack again

    C. The HTML file has permissions of read only

    D. The system is a honeypot

  • Question 55:

    You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before.

    How can you retrieve information from the outdated website?

    A. Through Google searching cached files

    B. Through Archive.org

    C. Download the website and crawl it

    D. Visit customers' and prtners' websites

  • Question 56:

    You work as security technician at XYZ.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time.

    Which of the processes listed below would be a more efficient way of doing this type of validation?

    A. Use mget to download all pages locally for further inspection.

    B. Use wget to download all pages locally for further inspection.

    C. Use get* to download all pages locally for further inspection.

    D. Use get() to download all pages locally for further inspection.

  • Question 57:

    You wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization.

    While some of the methods listed below work, which holds the least risk of detection?

    A. Make some phone calls and attempt to retrieve the information using social engineering.

    B. Use nmap in paranoid mode and scan the web server.

    C. Telnet to the web server and issue commands to illicit a response.

    D. Use the netcraft web site look for the target organization's web site.

  • Question 58:

    Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL's (access control lists) to files or folders and also one that can be used within batch files.

    Which of the following tools can be used for that purpose? (Choose the best answer)

    A. PERM.exe

    B. CACLS.exe

    C. CLACS.exe

    D. NTPERM.exe

  • Question 59:

    Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

    A. Internet Printing Protocol (IPP) buffer overflow

    B. Code Red Worm

    C. Indexing services ISAPI extension buffer overflow

    D. NeXT buffer overflow

  • Question 60:

    On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?

    A. Everyone

    B. Guest

    C. System

    D. Administrator

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.