ECCouncil Certified Ethical Hacker (312-50v12) Free Practice Test
Question 1
Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?
What should you do?
Correct Answer: A
Question 2
Consider the following Nmap output:
what command-line parameter could you use to determine the type and version number of the web server?
what command-line parameter could you use to determine the type and version number of the web server?
Correct Answer: A
Question 3
Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.
Which of the following design flaws in the authentication mechanism is exploited by Calvin?
Which of the following design flaws in the authentication mechanism is exploited by Calvin?
Correct Answer: D
Question 4
What tool can crack Windows SMB passwords simply by listening to network traffic?
Correct Answer: B
Question 5
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories:
lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?
lower case letters, capital letters, numbers and special characters. With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?
Correct Answer: B
Question 6
Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?
Correct Answer: D
Question 7
What is the minimum number of network connections in a multihomed firewall?
Correct Answer: B
Question 8
Cross-site request forgery involves:
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 9
What is the main security service a cryptographic hash provides?
Correct Answer: C
Question 10
Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?
Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?
Correct Answer: A