312-50v11 ECCouncil Certified Ethical Hacker Exam (CEH v11) exact Exam Questions

Certified Ethical Hacker Exam (CEH v11)

Last Update 3 hours ago Total Questions : 528

The Certified Ethical Hacker Exam (CEH v11) content is now fully updated, with all current exam questions added 3 hours ago. Deciding to include 312-50v11 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 312-50v11 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 312-50v11 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Certified Ethical Hacker Exam (CEH v11) practice test comfortably within the allotted time.

Question # 31

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches ' ARP cache is successfully flooded, what will be the result?

The switches will drop into hub mode if the ARP cache is successfully flooded.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

The switches will route all traffic to the broadcast address created collisions.

Question # 32

What piece of hardware on a computer ' s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?

CPU

GPU

UEFI

TPM

Question # 33

In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. Ignorant users usually fall prey to this scam.

Which of the following statement is incorrect related to this attack?

Do not reply to email messages or popup ads asking for personal or financial information

Do not trust telephone numbers in e-mails or popup ads

Review credit card and bank account statements regularly

Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks

Do not send credit card numbers, and personal or financial information via e-mail

Question # 34

Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

AOL

ARIN

DuckDuckGo

Baidu

Question # 35

To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?

Exclamation mark (!)

Underscore (_)

Tilde H

Period (.)

Question # 36

which of the following protocols can be used to secure an LDAP service against anonymous queries?

SSO

RADIUS

WPA

NTLM

Answer:

Explanation:

In a Windows network, nongovernmental organization (New Technology) local area network Manager (NTLM) could be a suite of Microsoft security protocols supposed to produce authentication, integrity, and confidentiality to users.NTLM is that the successor to the authentication protocol in Microsoft local area network Manager (LANMAN), Associate in Nursing older Microsoft product. The NTLM protocol suite is enforced in an exceedingly Security Support supplier, which mixes the local area network Manager authentication protocol, NTLMv1, NTLMv2 and NTLM2 Session protocols in an exceedingly single package. whether or not these protocols area unit used or will be used on a system is ruled by cluster Policy settings, that totally different|completely different} versions of Windows have different default settings. NTLM passwords area unit thought-about weak as a result of they will be brute-forced very simply with fashionable hardware.

NTLM could be a challenge-response authentication protocol that uses 3 messages to authenticate a consumer in an exceedingly affiliation orientating setting (connectionless is similar), and a fourth extra message if integrity is desired.

First, the consumer establishes a network path to the server and sends a NEGOTIATE_MESSAGE advertising its capabilities.

Next, the server responds with CHALLENGE_MESSAGE that is employed to determine the identity of the consumer.

Finally, the consumer responds to the challenge with Associate in Nursing AUTHENTICATE_MESSAGE.

The NTLM protocol uses one or each of 2 hashed word values, each of that are keep on the server (or domain controller), and that through a scarcity of seasoning area unit word equivalent, that means that if you grab the hash price from the server, you’ll evidence while not knowing the particular word. the 2 area unit the lm Hash (a DES-based operate applied to the primary fourteen chars of the word born-again to the standard eight bit laptop charset for the language), and also the nt Hash (MD4 of the insufficient endian UTF-16 Unicode password). each hash values area unit sixteen bytes (128 bits) every.

The NTLM protocol additionally uses one among 2 a method functions, looking on the NTLM version. National Trust LanMan and NTLM version one use the DES primarily based LanMan a method operate (LMOWF), whereas National TrustLMv2 uses the NT MD4 primarily based a method operate (NTOWF).

Question # 37

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

SOA

biometrics

single sign on

PKI

Question # 38

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the " TCP three-way handshake. " While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.

How would an attacker exploit this design by launching TCP SYN attack?

Attacker generates TCP SYN packets with random destination addresses towards a victim host

Attacker floods TCP SYN packets with random source addresses towards a victim host

Attacker generates TCP ACK packets with random source addresses towards a victim host

Attacker generates TCP RST packets with random source addresses towards a victim host

Question # 39

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering that NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:8

The host is likely a Linux machine.

The host is likely a printer.

The host is likely a router.

The host is likely a Windows machine.

Question # 40

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

Have the network team document the reason why the rule was implemented without prior manager approval.

Monitor all traffic using the firewall rule until a manager can approve it.

Do not roll back the firewall rule as the business may be relying upon it, but try to get manager approval as soon as possible.

Immediately roll back the firewall rule until a manager can approve it

Question # 41

Morris, an attacker, wanted to check whether the target AP is in a locked state. He attempted using different utilities to identify WPS-enabled APs in the target wireless network. Ultimately, he succeeded with one special command-line utility. Which of the following command-line utilities allowed Morris to discover the WPS-enabled APs?

wash

ntptrace

macof

net View

Question # 42

To invisibly maintain access to a machine, an attacker utilizes a toolkit that sits undetected In the core components of the operating system. What is this type of rootkit an example of?

Mypervisor rootkit

Kernel toolkit

Hardware rootkit

Firmware rootkit

Question # 43

During the process of encryption and decryption, what keys are shared?

Private keys

User passwords

Public keys

Public and private keys

Question # 44

Which of the following is the BEST way to defend against network sniffing?

Using encryption protocols to secure network communications

Use Static IP Address

Restrict Physical Access to Server Rooms hosting Critical Servers

Question # 45

Tremp is an IT Security Manager, and he is planning to deploy an IDS in his small company. He is looking for an IDS with the following characteristics: - Verifies success or failure of an attack - Monitors system activities Detects attacks that a network-based IDS fails to detect - Near real-time detection and response - Does not require additional hardware - Lower entry cost Which type of IDS is best suited for Tremp ' s requirements?

Gateway-based IDS

Network-based IDS

Host-based IDS

Open source-based