DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest ECCouncil 312-50 Free Exam Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
_________ is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.
A. DNSSEC
B. Resource records
C. Resource transfer
D. Zone transfer
View answer
Correct Answer: A
Question #2
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. LDAP Injection attack
B. Cross-Site Scripting (XSS)
C. SQL injection attack
D. Cross-Site Request Forgery (CSRF)
View answer
Correct Answer: B
Question #3
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. Fast processor to help with network traffic analysis
B. They must be dual-homed
C. Similar RAM requirements
D. Fast network interface cards
View answer
Correct Answer: B
Question #4
You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:
A. Sending a mail message to a valid address on the target network,and examining the header information generated by the IMAP servers
B. Sending a mail message to an invalid address on the target network,and examining the header information generated by the POP servers
C. Examining the SMTP header information generated by using the -mx command parameter of DIG
D. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address
View answer
Correct Answer: D
Question #5
Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?
A. [inurl:]
B. [info:]
C. [site:]
D. [related:]
View answer
Correct Answer: D
Question #6
Which of the following act requires employer's standard national numbers to identify them on standard transactions?
A. SOX
B. HIPAA
C. DMCA
D. PCI-DSS
View answer
Correct Answer: B
Question #7
What are common files on a web server that can be misconfigured and provide useful information for a hacker such as verbose error messages?
A. httpd
B. administration
C. php
D. idq
View answer
Correct Answer: C
Question #8
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
A. SOA
B. biometrics
C. single sign on
D. PKI
View answer
Correct Answer: D
Question #9
In this form of encryption algorithm, every individual block contains 64-bit data, and three keys are used, where each key consists of 56?bits. Which is this encryption algorithm?
A. IDEA
B. Triple Data Encryption Standard
C. AES
D. MD5 encryption algorithm
View answer
Correct Answer: B
Question #10
Nation-state threat actors often discover vulnerabilitiesand hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of this vulnerability. What is this style of attack called?
A. zero-hour
B. no-day
C. zero-day
D. zero-sum
View answer
Correct Answer: C
Question #11
Gerard, a disgruntled ex-employee of Sunglass IT Solutions, targets this organization to perform sophisticated attacks and bring down its reputation in the market. To launch the attacks process, he performed DNS footprinting to gather information about DNS servers and to identify the hosts connected in the target network. He used an automated tool that can retrieve information about DNS zone data including DNS domain names, computer names, IP addresses, DNS records, and network Whois records. He further exp
A. Towelroot
B. Knative
C. zANTI
D. Bluto
View answer
Correct Answer: D
Question #12
Which of the following act requires employer's standard national numbers to identify them on standard transactions?
A. SOX
B. HIPAA
C. DMCA
D. PCI-DSS
View answer
Correct Answer: B
Question #13
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", that the user is directed to a phishing site. Which file does the attacker need to modify?
A. Boot
B. Sudoers
C. Networks
D. Hosts
View answer
Correct Answer: D
Question #14
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
A. LDAP Injection attack
B. Cross-Site Scripting (XSS)
C. SQL injection attack
D. Cross-Site Request Forgery (CSRF)
View answer
Correct Answer: B
Question #15
John, a professional hacker, performs a network attack on a renowned organization and gains unauthorized access to the target network. He remains in the network without being detected for a long time and obtains sensitive information without sabotaging the organization. Which of the following attack techniques is used by John?
A. Insider threat
B. Diversion theft
C. Spear-phishing sites
D. Advanced persistent threat
View answer
Correct Answer: D
Question #16
What port number is used by LDAP protocol?
A. 445
B. 110
C. 464
D. 389
View answer
Correct Answer: D
Question #17
Which of the following describes the characteristics of a Boot Sector Virus?
A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
B. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR
C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program
D. Overwrites the original MBR and only executes the new virus code
View answer
Correct Answer: B
Question #18
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
A. nmap -A - Pn
B. nmap -sP -p-65535 -T5
C. nmap -sT -O -T0
D. nmap -A --host-timeout 99 -T1
View answer
Correct Answer: C
Question #19
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?
A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping
View answer
Correct Answer: B
Question #20
This wireless security protocol allows 192-bit minimum-strength security protocols and cryptographic tools to protect sensitive data, such as GCMP-256, HMAC-SHA384, and ECDSA using a 384-bit elliptic curve. Which is this wireless security protocol?
A. WPA3-Personal
B. WPA3-Enterprise
C. WPA2-Enterprise
D. WPA2-Personal
View answer
Correct Answer: B
Question #21
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?
A. nmap -A - Pn
B. nmap -sP -p-65535 -T5
C. nmap -sT -O -T0
D. nmap -A --host-timeout 99 -T1
View answer
Correct Answer: C
Question #22
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A. Paros Proxy
B. BBProxy
C. BBCrack
D. Blooover
View answer
Correct Answer: B
Question #23
Which of the following programs is usually targeted at Microsoft Office products?
A. Polymorphic virus
B. Multipart virus
C. Macro virus
D. Stealth virus
View answer
Correct Answer: C
Question #24
Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks! From his office, which was directly connected to
A. ARP spoofing
B. SQL injection
C. DNS poisoning
D. Routing table injection
View answer
Correct Answer: C
Question #25
Bluetooth uses which digital modulation technique to exchange information between paired devices?
A. PSK (phase-shift keying)
B. FSK (frequency-shift keying)
C. ASK (amplitude-shift keying)
D. QAM (quadrature amplitude modulation)
View answer
Correct Answer: A
Question #26
John is investigating web-application firewall logs and observers that someone is attempting to inject the following: What type of attack is this?
A. SQL injection
B. Buffer overflow
C. CSRF
D. XSS
View answer
Correct Answer: B
Question #27
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
A. Fast processor to help with network traffic analysis
B. They must be dual-homed
C. Similar RAM requirements
D. Fast network interface cards
View answer
Correct Answer: B
Question #28
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
A. Produces less false positives
B. Can identify unknown attacks
C. Requires vendor updates for a new threat
D. Cannot deal with encrypted network traffic
View answer
Correct Answer: B
Question #29
You are a penetration tester working to test the user awareness of the employees of the client XYZ. You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?
A. Reconnaissance
B. Weaponization
C. Command and control
D. Exploitation
View answer
Correct Answer: B
Question #30
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?
A. Hping
B. John the Ripper
C. Cain
D. Nikto
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.