The latest EC-Council Certified Ethical Hacker CEH v10 312-50 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Certified Ethical Hacker CEH v10 312-50 exam and earn EC-Council Certified Ethical Hacker CEH v10 312-50 certification.
Exam Question 121
Which system consists of a publicly available set of databases that contain domain name registration contact information?
A. IANA
B. CAPTCHA
C. IETF
D. WHOIS
Correct Answer:
D. WHOIS
Exam Question 122
A penetration test was done at a company. After the test, a report was written and given to the company’s IT authorities. A section from the report is shown below:
- Access List should be written between VLANs.
- Port security should be enabled for the intranet.
- A security solution which filters data packets should be set between intranet (LAN) and DMZ.
- A WAF should be used in front of the web applications.
According to the section from the report, which of the following choice is true?
A. A stateful firewall can be used between intranet (LAN) and DMZ.
B. There is access control policy between VLANs.
C. MAC Spoof attacks cannot be performed.
D. Possibility of SQL Injection attack is eliminated.
Correct Answer:
A. A stateful firewall can be used between intranet (LAN) and DMZ.
Exam Question 123
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?
A. FISMA
B. ISO/IEC 27002
C. HIPAA
D. COBIT
Correct Answer:
C. HIPAA
Exam Question 124
Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This word document is corrupt”. In the background, the file copies itself to Jesse APPDATA\local directory and begins to beacon to a C2 server to download additional malicious binaries.
What type of malware has Jesse encountered?
A. Worm
B. Macro Virus
C. Key-Logger
D. Trojan
Correct Answer:
D. Trojan
Exam Question 125
A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
A. Cross-site scripting vulnerability
B. Session management vulnerability
C. SQL injection vulnerability
D. Cross-site Request Forgery vulnerability
Correct Answer:
A. Cross-site scripting vulnerability
Exam Question 126
Which results will be returned with the following Google search query? site:target.com
site:Marketing.target.com accounting
A. Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting.
B. Results matching all words in the query.
C. Results for matches on target.com and Marketing.target.com that include the word “accounting”
D. Results matching “accounting” in domain target.com but not on the site Marketing.target.com
Correct Answer:
C. Results for matches on target.com and Marketing.target.com that include the word “accounting”
Exam Question 127
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?
A. False negative
B. True negative
C. True positive
D. False positive
Correct Answer:
D. False positive
Exam Question 128
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
A. Public
B. Private
C. Shared
D. Root
Correct Answer:
B. Private
Exam Question 129
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands.
What is she trying to achieve?
A. She is using ftp to transfer the file to another hacker named John.
B. She is using John the Ripper to crack the passwords in the secret.txt file
C. She is encrypting the file.
D. She is using John the Ripper to view the contents of the file.
Correct Answer:
B. She is using John the Ripper to crack the passwords in the secret.txt file
Exam Question 130
What is the correct process for the TCP three-way handshake connection establishment and connection termination?
A. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK
B. Connection Establishment: ACK, ACK-SYN, SYN Connection Termination: FIN, ACK-FIN, ACK
C. Connection Establishment: FIN, ACK-FIN, ACK Connection Termination: SYN, SYN-ACK, ACK
D. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: ACK, ACK-SYN, SYN
Correct Answer:
A. Connection Establishment: SYN, SYN-ACK, ACK Connection Termination: FIN, ACK-FIN, ACK