Eccouncil 312-50V11 Exam Questions

Questions for the 312-50V11 were updated on : Jun 17 ,2024

Page 1 out of 36. Viewing questions 1-15 out of 528

Question 1

While performing online banking using a Web browser, a user receives an email that contains a link
to an interesting Web site. When the user clicks on the link, another Web browser session starts and
displays a video of cats playing a piano. The next business day, the user receives what looks like an
email from his bank, indicating that his bank account has been accessed from a foreign country. The
email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?

  • A. Clickjacking
  • B. Cross-Site Scripting
  • C. Cross-Site Request Forgery
  • D. Web form input validation
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Cross Site Request Forgery (XSRF) was committed against the poor individual. Fortunately the user's
bank checked with the user prior to sending the funds.
If it would be Cross Site Request Forgery than transaction shouldn't be shown from foreign country.
Because CSRF sends request from current user session. It seems XSS attack where attacker stolen the
cookie and made a transaction using that cookie from foreign country.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which service in a PKI will vouch for the identity of an individual or company?

  • A. KDC
  • B. CR
  • C. CBC
  • D. CA
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Identify the web application attack where the attackers exploit vulnerabilities in dynamically
generated web pages to inject client-side script into web pages viewed by other users.

  • A. LDAP Injection attack
  • B. Cross-Site Scripting (XSS)
  • C. SQL injection attack
  • D. Cross-Site Request Forgery (CSRF)
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

User A is writing a sensitive email message to user B outside the local network. User A has chosen to
use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of
the OSI layer does the encryption and decryption of the message take place?

  • A. Application
  • B. Transport
  • C. Session
  • D. Presentation
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and
software as many of the other clients on the network. The client can see the network, but cannot
connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to
the association requests being sent by the wireless client. What is a possible source of this problem?

  • A. The WAP does not recognize the client’s MAC address
  • B. The client cannot see the SSID of the wireless network
  • C. Client is configured for the wrong channel
  • D. The wireless client is not configured to use DHCP
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

If you want to only scan fewer ports than the default scan using Nmap tool, which option would you
use?

  • A. –r
  • B. –F
  • C. –P
  • D. –sP
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following is the structure designed to verify and authenticate the identity of individuals
within the enterprise taking part in a data exchange?

  • A. SOA
  • B. biometrics
  • C. single sign on
  • D. PKI
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

You are tasked to perform a penetration test. While you are performing information gathering, you
find an employee list in Google. You find the receptionists email, and you send her an email
changing the source email to her bosss email (boss@company). In this email, you ask for a pdf with
information. She reads your email and sends back a pdf with links. You exchange the pdf links with
your malicious links (these links contain malware) and send back the modified pdf, saying that the
links dont work. She reads your email, opens the links, and her machine gets infected. You now have
access to the company network. What testing method did you use?

  • A. Social engineering
  • B. Piggybacking
  • C. Tailgating
  • D. Eavesdropping
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

If a tester is attempting to ping a target that exists but receives no response or a response that states
the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which
other option could the tester use to get a response from a host using TCP?

  • A. Traceroute
  • B. Hping
  • C. TCP ping
  • D. Broadcast ping
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
https://tools.kali.org/information-gathering/hping3

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which is the first step followed by Vulnerability Scanners for scanning a network?

  • A. OS Detection
  • B. Firewall detection
  • C. TCP/UDP Port scanning
  • D. Checking if the remote host is alive
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following programs is usually targeted at Microsoft Office products?

  • A. Polymorphic virus
  • B. Multipart virus
  • C. Macro virus
  • D. Stealth virus
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

In an internal security audit, the white hat hacker gains control over a user account and attempts to
acquire access to another account's confidential files and information. How can he achieve this?

  • A. Privilege Escalation
  • B. Shoulder-Surfing
  • C. Hacking Active Directory
  • D. Port Scanning
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

A technician is resolving an issue where a computer is unable to connect to the Internet using a
wireless access point. The computer is able to transfer files locally to other machines, but cannot
successfully reach the Internet. When the technician examines the IP address and default gateway
they are both on the 192.168.1.0/24. Which of the following has occurred?

  • A. The computer is not using a private IP address.
  • B. The gateway is not routing to a public IP address.
  • C. The gateway and the computer are not on the same network.
  • D. The computer is using an invalid IP address.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of
communication?

  • A. 113
  • B. 69
  • C. 123
  • D. 161
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Due to a slowdown of normal network operations, the IT department decided to monitor internet
traffic for all of the employees. From a legal standpoint, what would be troublesome to take this kind
of measure?

  • A. All of the employees would stop normal work activities
  • B. IT department would be telling employees who the boss is
  • C. Not informing the employees that they are going to be monitored could be an invasion of privacy.
  • D. The network could still experience traffic slow down.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2