Certified Ethical Hacker v9 Exam - 312-50v9 Exam Practice Test

Question 1

You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System (NIDS).
Which is the best way to evade the NIDS?

A. Encryption

B. Out of band signaling

C. Alternate Data Streams

D. Protocol Isolation

Correct Answer: A

Question 2

A new wireless client is configured to join a 802.11 network. Thisclient uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client.
What is a possible source of this problem?

A. The client cannot see the SSID of the wireless network

B. The WAP does not recognize the client's MAC address

C. The wireless client is not configured to use DHCP

D. Client isconfigured for the wrong channel

Correct Answer: B

Question 3

A company's security states that all web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?

A. Attempts by attacks to access the user and password information stores in the company's SQL database.

B. Attempts by attackers to determine the user's Web browser usage patterns, including when sites were visited and for how long.

C. Attempts by attackers to access passwords stored on the user's computer without the user's knowledge.

D. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user's authentication credentials.

Correct Answer: D

Question 4

Ricardo wants to send secret messages to acompetitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message, the technique provides 'security through obscurity'. What technique is Ricardo using?

A. Steganography

B. Encryption

C. Public-key cryptography

D. RSA algorithm

Correct Answer: A

Question 5

An attacker changes the profile information of a particular user on a target website (the victim). The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.
<frame src=http://www/vulnweb.com/updataif.php Style="display:none"></iframe>
What is this type of attack (that can use either HTTP GET or HRRP POST) called?

A. Cross-Site Scripting

B. SQL Injection

C. Browser Hacking

D. Cross-Site Request Forgery

Correct Answer: D

Question 6

The "Black box testing" methodology enforces which kind of restriction?

A. Only the internal operation of a system is known to the tester.

B. The internal operation of a system is completely known to the tester.

C. Only the external operation of a systemis accessible to the tester

D. The internal operation of a system is only partly accessible to the tester.

Correct Answer: C

Question 7

What is the best description of SQL Injection?

A. It is an attack used to modify code in an application.

B. It isa Man-in-the-Middle attack between your SQL Server and Web App Server.

C. It is a Denial of Service Attack.

D. It is and attack used to gain unauthorized access to a database.

Correct Answer: B

EC-COUNCIL Certified Ethical Hacker v9 - 312-50v9 Exam Practice Test

Latest Update

Useful Links

Contact Us