Which regulationdefines security and privacy controls for Federal information systems and organizations?
A. HIPAA
B. EU Safe Harbor
C. PCI-DSS
D. NIST-800-53
What is the best description of SQL Injection?
A. It is a Denial of Service Attack.
B. It is an attack used to modify code in an application.
C. It is and attack used to gain unauthorized access to a database.
D. It isa Man-in-the-Middle attack between your SQL Server and Web App Server.
Perspective clients wantto see sample reports from previous penetration tests.
What should you do next?
A. Share full reports, not redacted.
B. Share full reports, with redacted.
C. Decline but, provide references.
D. Share reports, after NDA is signed.
This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attach along with some optimizations like Korek attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. Which of the following tools is being described?
A. Wificracker
B. WLAN-crack
C. Airguard
D. Aircrack-ng
You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.
What should you do?
A. Do not transfer the money but steal the bitcoins.
B. Report immediately to the administrator.
C. Transfer money from the administrator's account to another account.
D. Do not report it and continue the penetration test.
Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file is a file named "Court_Notice_21206.docx.exe" disguised as a word document.Upon execution, a windows appears stating, "This word document is corrupt." In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?
A. Trojan
B. Worm
C. Key-Logger
D. Micro Virus
Which of the following is an extremelycommon IDS evasion technique in the web world?
A. post knocking
B. subnetting
C. unicode characters
D. spyware
As a Certified Ethical hacker, you were contracted by aprivate firm to conduct an external security assessment through penetration testing.
What document describes the specified of the testing, the associated violations, and essentially protects both the organization's interest and your li abilities as a tester?
A. Term of Engagement
B. Non-Disclosure Agreement
C. Project Scope
D. Service Level Agreement
Which of the followingtypes of firewalls ensures that the packets are part of the established session?
A. Switch-level firewall
B. Stateful inspection firewall
C. Application-level firewall
D. Circuit-level firewall
Which tool allows analysis and pen testers to examine links between data using graphs and link analysis?
A. Metasploit
B. Maltego
C. Wireshark
D. Cain andAbel
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.