https://www.examslabs.com/EC-COUNCIL/CertifiedEthicalHacker/best-312-50v10-exam-dumps.html (130 Q&As Dumps, 30%OFF Special Discount: bmzblwH7 )

NEW QUESTION NO: 10
Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?
A. Exchanges data between web services
B. Provides a structured model for messaging
C. Based on XML
D. Only compatible with the application protocol HTTP
Answer: D

NEW QUESTION NO: 11
An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections.
When users accessed any page, the applet ran and exploited many machines.
Which one of the following tools the hacker probably used to inject HTML code?
A. Aircrack-ng
B. Ettercap
C. Tcpdump
D. Wireshark
Answer: B

NEW QUESTION NO: 12
What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?
A. Black-box
B. Announced
C. White-box
D. Grey-box
Answer: D
Explanation/Reference:

NEW QUESTION NO: 13
Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities.
Which type of virus detection method did Chandler use in this context?
A. Scanning
B. Code Emulation
C. Heuristic Analysis
D. Integrity checking
Answer: B

NEW QUESTION NO: 14
Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?
A. Function Testing
B. Dynamic Testing
C. Static Testing
D. Fuzzing Testing
Answer: D

NEW QUESTION NO: 15
Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?
A. [inurl:]
B. [link:]
C. [cache:]
D. [site:]
Answer: D

NEW QUESTION NO: 16
Assume a business-crucial web-site of some company that is used to sell handsets to the customers worldwide. All the developed components are reviewed by the security team on a monthly basis. In order to drive business further, the web-site developers decided to add some 3rd party marketing tools on it. The tools are written in JavaScript and can track the customer's activity on the site. These tools are located on the servers of the marketing company.
What is the main security risk associated with this scenario?
A. There is no risk at all as the marketing services are trustworthy
B. External scripts increase the outbound company data traffic which leads greater financial losses
C. External script contents could be maliciously modified without the security team knowledge
D. External scripts have direct access to the company servers and can steal the data from there
Answer: C

NEW QUESTION NO: 17
In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?
A. Salting
B. Key Stretching
C. Keyed Hashing
D. Double Hashing
Answer: A

NEW QUESTION NO: 18
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?
A. Snort
B. Nmap
C. Nessus
D. Cain & Abel
Answer: A

NEW QUESTION NO: 19
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
A. SQL injection vulnerability
B. Web site defacement vulnerability
C. Cross-site Request Forgery vulnerability
D. Cross-site scripting vulnerability
Answer: D

NEW QUESTION NO: 20
Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.
A. Protect the payload and the headers
B. Encrypt
C. Work at the Data Link Layer
D. Authenticate
Answer: C