Free of 312-50v9 practice exam materials and lab for EC-Council certification for candidates, Real Success Guaranteed with Updated 312-50v9 pdf dumps vce Materials. 100% PASS EC-Council Certified Ethical Hacker v9 exam Today!
Q1. A hacker has successfully infected an internet-facing server, which he will then use to send junk mail, take part incoordinated attacks, or host junk email content.
Which sort of trojan infects this server?
A. Botnet Trojan
B. Banking Trojans
C. Ransomware Trojans
D. Turtle Trojans
Q2. You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator’s bank account password and login information for the administrator’s bitcoin account.
What should you do?
A. Do not transfer the money but steal the bitcoins.
B. Report immediately to the administrator.
A. C. Transfer money from the administrator’s account to another account.
D. Do not report it and continue the penetration test.
Q3. You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?
D. Social engineering
Q4. It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up windows, webpage,or email warning from what looks like an officialauthority. It explains your computer has been locked because of possible illegal activities and demands payment before you can access your files and programs again.
Which term best matches this definition?
Q5. You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine.
What wireshark filter will show the connections from the snort machineto kiwi syslog machine?
A. tcp.dstport==514 && ip.dst==192.168.0.150 B. tcp.dstport==514 &&ip.dst==192.168.0.99 C. tcp.srcport==514 && ip.src==192.168.0.99 D. tcp.srcport==514 && ip.src==192.168.150
Q6. During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?
A. Terminate the audit.
B. Identify and evaluate existing practices.
C. Create a procedures document
D. Conduct compliance testing
Q7. Which of the following parameters describe LM Hash: I – The maximum password length is 14 characters.
II – There are no distinctions between uppercase and lowercase.
III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.
B. I and II
D. I, II and III
Q8. It isan entity or event with the potential to adversely impact a system through unauthorized access destruction disclosures denial of service or modification of data.
Which of the following terms best matches this definition?
Q9. An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?
A. Insufficient security management
B. Insufficient database hardening
C. Insufficient exception handling
D. Insufficient input validation
Q10. Which of the following is a design pattern based on distinct pieces ofsoftware providing application functionality as services to other applications?
A. Lean Coding
B. Service Oriented Architecture
C. Object Oriented Architecture
D. Agile Process