• Home
  • Articles
  • (2025) PASS 312-50v10 exam with EC-COUNCIL 312-50v10 Real Exam Questions [Q420-Q438]

(2025) PASS 312-50v10 exam with EC-COUNCIL 312-50v10 Real Exam Questions [Q420-Q438]

Share

(2025) PASS 312-50v10 exam with EC-COUNCIL 312-50v10 Real Exam Questions

Real exam questions are provided for Certified Ethical Hacker tests, which can make sure you 100% pass


Module 17: Hacking Mobile Platforms

Within this topic, the test takers need to have a solid understanding of mobile attack platform vectors; different android threat & attacks; different iOS threats & attacks; different Windows Phone OS threats & attacks; different blackberry threats & attacks; Mobile Device Management (MDM); mobile security guidelines & security tools; mobile penetration testing.

 

NEW QUESTION # 420
Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has taken some measures and implemented the necessary controls. After that, another security risk assessment was performed showing that risk has decreased to 10%. The risk threshold for the application is 20%. Which of the following risk decisions will be the best for the project in terms of its successful continuation with the most business profit?

  • A. Mitigate the risk
  • B. Avoid the risk
  • C. Introduce more controls to bring risk to 0%
  • D. Accept the risk

Answer: D


NEW QUESTION # 421
Which of the following is an extremely common IDS evasion technique in the web world?

  • A. port knocking
  • B. subnetting
  • C. spyware
  • D. unicode characters

Answer: D

Explanation:
Unicode attacks can be effective against applications that understand it. Unicode is the international standard whose goal is to represent every character needed by every written human language as a single integer number. What is known as Unicode evasion should more correctly be referenced as UTF-8 evasion. Unicode characters are normally represented with two bytes, but this is impractical in real life.
One aspect of UTF-8 encoding causes problems: non-Unicode characters can be represented encoded. What is worse is multiple representations of each character can exist. Non-Unicode character encodings are known as overlong characters, and may be signs of attempted attack.
References: http://books.gigatux.nl/mirror/apachesecurity/0596007248/apachesc-chp-10- sect-8.html


NEW QUESTION # 422
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

  • A. Ping of death
  • B. TCP hijacking
  • C. SYN flooding
  • D. Smurf attack

Answer: A


NEW QUESTION # 423
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

  • A. Data Execution Prevention (DEP)
  • B. Windows firewall
  • C. User Access Control (UAC)
  • D. Address Space Layout Randomization (ASLR)

Answer: A


NEW QUESTION # 424
How can a policy help improve an employee's security awareness?

  • A. By implementing written security procedures, enabling employee security training, and promoting the benefits of security
  • B. By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths
  • C. By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees
  • D. By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

Answer: A


NEW QUESTION # 425
The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?

  • A. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.
  • B. The CFO can use an excel file with a password.
  • C. The CFO can use a hash algorithm in the document once he approved the financial statements.
  • D. The document can be sent to the accountant using an exclusive USB for that document.

Answer: C


NEW QUESTION # 426
Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

  • A. USER, PASS
  • B. USER, NICK
  • C. LOGIN, USER
  • D. LOGIN, NICK

Answer: B


NEW QUESTION # 427
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands:

What is she trying to achieve?

  • A. She is encrypting the file.
  • B. She is using ftp to transfer the file to another hacker named John.
  • C. She is using John the Ripper to view the contents of the file.
  • D. She is using John the Ripper to crack the passwords in the secret.txt file.

Answer: D


NEW QUESTION # 428
You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

  • A. btmp
  • B. wtmp
  • C. auth.fesg
  • D. user.log

Answer: B


NEW QUESTION # 429
You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

  • A. One day
  • B. One month
  • C. One hour
  • D. One week

Answer: D


NEW QUESTION # 430
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

  • A. Fingerprinting to identify which operating systems are running on the network
  • B. ICMP ping sweep to determine which hosts on the network are not available
  • C. Timing options to slow the speed that the port scan is conducted
  • D. Traceroute to control the path of the packets sent during the scan

Answer: C


NEW QUESTION # 431
What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

  • A. SYN Flood
  • B. SSH
  • C. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server
  • D. Manipulate format strings in text fields

Answer: C


NEW QUESTION # 432
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?

  • A. openssl s_client -connect www.website.com:443
  • B. openssl s_client -site www.website.com:443
  • C. openssl_client -connect www.website.com:443
  • D. openssl_client -site www.website.com:443

Answer: A


NEW QUESTION # 433
Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still on the phone, grabs the door as it begins to close.
What just happened?

  • A. Whaling
  • B. Masquerading
  • C. Tailgating
  • D. Phishing

Answer: C

Explanation:
Explanation/Reference:


NEW QUESTION # 434
How does the Address Resolution Protocol (ARP) work?

  • A. It sends a request packet to all the network elements, asking for the domain name from a specific IP.
  • B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.
  • C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP.
  • D. It sends a reply packet for a specific IP, asking for the MAC address.

Answer: C

Explanation:
Explanation
When an incoming packet destined for a host machine on a particular local area network arrives at a gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the packet can be converted to the right packet length and format and sent to the machine. If no entry is found for the IP address, ARP broadcasts a request packet in a special format to all the machines on the LAN to see if one machine knows that it has that IP address associated with it. A machine that recognizes the IP address as its own returns a reply so indicating. ARP updates the ARP cache for future reference and then sends the packet to the MAC address that replied.
References:
http://searchnetworking.techtarget.com/definition/Address-Resolution-Protocol-ARP


NEW QUESTION # 435
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?

  • A. Forward the message to your supervisor and ask for her opinion on how to handle the situation.
  • B. Delete the email and pretend nothing happened.
  • C. Reply to the sender and ask them for more information about the message contents.
  • D. Forward the message to your company's security response team and permanently delete the messagefrom your computer.

Answer: D


NEW QUESTION # 436
During the security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

  • A. Terminate the audit
  • B. Conduct compliance testing
  • C. Create a procedures document
  • D. Identify and evaluate existing practices

Answer: D


NEW QUESTION # 437
Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?

  • A. NET CONFIG
  • B. NET USE
  • C. NET FILE
  • D. NET VIEW

Answer: B


NEW QUESTION # 438
......

Latest 312-50v10 Pass Guaranteed Exam Dumps Certification Sample Questions: https://pass4sure.validdumps.top/312-50v10-exam-torrent.html

Related Articles

more
EC-COUNCIL 312-50v10 Certification Practice Exam