Eccouncil 312-50 Exam Questions Instant Access

Question 1

Which command can be used to show the current TCP/IP connections?

ANetsh

BNetstat

CNet use connection

DNet use

Answer : A

Question 2

Which of the following programs is usually targeted at Microsoft Office products?

APolymorphic virus

BMultipart virus

CMacro virus

DStealth virus

Answer : C

A macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Some applications, such as Microsoft Office, allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. (Wikipedia)

NB: The virus Melissa is a well-known macro virus we could find attached to word documents.

Question 3

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

AConverts passwords to uppercase.

BHashes are sent in clear text over the network.

CMakes use of only 32-bit encryption.

DEffective length is 7 characters.

Answer : A, B, D

Question 4

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

AVPN footprinting

BEmail footprinting

CVoIP footprinting

DWhois footprinting

Answer : B

Question 5

Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or 16-round Feistel network with a block size of 64 bits for encryption, which includes large 8 x 32-bit S-boxes (S1, S2, S3, S4) based on bent functions, modular addition and subtraction, key-dependent rotation, and XOR operations. This cipher also uses a masking key(Km1)and a rotation key (Kr1) for performing its functions. What is the algorithm employed by Harper to secure the email messages?

ACAST-128

BAES

CGOST block cipher

DDES

Answer : A

Question 6

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

Which of the following design flaws in the authentication mechanism is exploited by Calvin?

AInsecure transmission of credentials

BVerbose failure messages

CUser impersonation

DPassword reset mechanism

Answer : B

Question 7

You have been hired as an intern at a start-up company. Your first task is to help set up a basic web server for the company's new website. The team leader has asked you to make sure the server is secure from common - threats. Based on your knowledge from studying for the CEH exam, which of the following actions should be

your priority to secure the web server?

AInstalling a web application firewall

Blimiting the number of concurrent connections to the server

CEncrypting the company's website with SSL/TLS

DRegularly updating and patching the server software
Explanation:
One of the most important actions to secure a web server from common threats is to regularly update and patch the server software. This includes the operating system, the web server software, the database software, and any other applications or frameworks that run on the server. Updating and patching the server software can fix known vulnerabilities, bugs, or errors that could be exploited by attackers to compromise the server or the website. Failing to update and patch the server software can expose the server to common attacks, such as SQL injection, cross-site scripting, remote code execution, denial-of-service, etc.
Installing a web application firewall, limiting the number of concurrent connections to the server, and encrypting the company's website with SSL/TLS are also good practices to secure a web server, but they are not as critical as updating and patching the server software. A web application firewall can filter and block malicious requests, but it cannot prevent attacks that exploit unpatched vulnerabilities in the server software. Limiting the number of concurrent connections to the server can prevent overload and improve performance, but it cannot stop attackers from sending malicious requests or payloads. Encrypting the company's website with SSL/TLS can protect the data in transit between the server and the client, but it cannot protect the data at rest on the server or prevent attacks that target the server itself.
Therefore, the priority action to secure a web server from common threats is to regularly update and patch the server software.

Answer : D

Web Server Security- Beginner's Guide - Astra Security Blog

Top 10 Web Server Security Best Practices | Liquid Web

21 Server Security Tips & Best Practices To Secure Your Server - phoenixNAP

Eccouncil Certified Ethical Hacker v13 312-50 Exam Questions