CEH v12

Lead4Pass 312-50v12 dumps for CEHv12 certification exam

leads4pass 312-50v12 dumps updated and released 528 latest exam questions and answers for preparing CEHv12 certification exam!

Using leads4pass 312-50v12 dumps with PDF and VCE: https://www.leads4pass.com/312-50v12.html, Help you practice real questions easily and pass the exam with 100% success.

What’s more, some free exam questions and answers are shared online from leads4pass 312-50v12 dumps: https://drive.google.com/file/d/1n0Cwjw7SwYi_SmyQEkUrVFphm1Xz2sOc/

You can also take the leads4pass 312-50v12 online practice test

FromNumber of exam questionsExam nameExam codeLast updated
leads4pass15Certified Ethical Hacker Exam (CEHv12)312-50v12312-50v12 dumps
Question 1:

BitLocker encryption has been implemented for all Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a mechanism was implemented to recover the keys from Active Directory. What is this mechanism called in cryptography?

A. Key Archival

B. Key escrow.

C. Certificate rollover

D. Key renewal

Correct Answer: B


Question 2:

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events does not match up.

What is the most likely cause?

A. The network devices are not all synchronized.

B. Proper chain of custody was not observed while collecting the logs.

C. The attacker altered or erased events from the logs.

D. The security breach was a false positive.

Correct Answer: A

Many network and system administrators don’t pay enough attention to system clock accuracy and time synchronization. Computer clocks can run faster or slower over time, batteries and power sources die, or daylight-saving time changes are forgotten. Sure, there are many more pressing security issues to deal with, but not ensuring that the time on network devices is synchronized can cause problems. And these problems often only come to light after a security incident. If you suspect a hacker is accessing your network, for example, you will want to analyze your log files to look for any suspicious activity. If your network\’s security devices do not have synchronized times, the timestamps\’ inaccuracy makes it impossible to correlate log files from different sources. Not only will you have difficulty in tracking events, but you will also find it difficult to use such evidence in court; you won’t be able to illustrate a smooth progression of events as they occurred throughout your network.


Question 3:

Which of the following is the primary objective of a rootkit?

A. It opens a port to provide an unauthorized service

B. It creates a buffer overflow

C. It replaces legitimate programs

D. It provides an undocumented opening in a program

Correct Answer: C


Question 4:

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.

C. Symmetric encryption allows the server to securely transmit the session keys out-of-band.

D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Correct Answer: A


Question 5:

Which command can be used to show the current TCP/IP connections?

A. Netsh

B. Netstat

C. Net use connection

D. Net use

Correct Answer: A


Question 6:

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A. All three servers need to be placed internally

B. A web server facing the Internet, an application server on the internal network, a database server on the internal network

C. A web server and the database server facing the Internet, an application server on the internal network

D. All three servers need to face the Internet so that they can communicate with themselves

Correct Answer: B


Question 7:

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP\’s owned by XYZ (Internal) and private IP\’s are communicating to a Single Public IP. Therefore, the Internal IP\’s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

A. Botnet Attack

B. Spear Phishing Attack

C. Advanced Persistent Threats

D. Rootkit Attack

Correct Answer: A


Question 8:

Harry. a professional hacker, targets the IT infrastructure of an organization. After preparing for the attack, he attempts to enter the target network using techniques such as sending spear-phishing emails and exploiting vulnerabilities on publicly available servers. Using these techniques, he successfully deployed malware on the target system to establish an outbound connection. What is the APT lifecycle phase that Harry is currently executing?

A. Preparation

B. Cleanup

C. Persistence

D. initial intrusion

Correct Answer: D

After the attacker completes preparations, the subsequent step is an effort to realize an edge within the target\’s environment.

A particularly common entry tactic is the use of spearphishing emails containing an internet link or attachment.

Email links usually cause sites where the target\’s browser and related software are subjected to varied exploit techniques or where the APT actors plan to social engineer information from the victim which will be used later.

If a successful exploit takes place, it installs an initial malware payload on the victim\’s computer. Figure 2 illustrates an example of a spearphishing email that contains an attachment. Attachments are usually executable malware, a zipper or other archive containing malware, or a malicious Office or Adobe PDF (Portable Document Format) document that exploits vulnerabilities within the victim\’s applications to ultimately execute the malware on the victim\’s computer.

Once the user has opened a malicious file using vulnerable software, malware is executing on the target system. These phishing emails are often very convincing and difficult to differentiate from legitimate email messages.

Tactics to extend their believability include modifying legitimate documents from or associated with the organization. Documents are sometimes stolen from the organization or its collaborators during previous exploitation operations.

Actors modify the documents by adding exploits and malicious code then send them to the victims. Phishing emails are commonly sent through previously compromised email servers, email accounts at organizations associated with the target, or public email services.

Emails also can be sent through mail relays with modified email headers to form the messages that appear to possess originated from legitimate sources.

The exploitation of vulnerabilities on public-facing servers is another favorite technique of some APT groups.

Though this will be accomplished using exploits for known vulnerabilities, 0-days are often developed or purchased to be used in intrusions as required

312-50v12 dumps practice q8

Gaining an edge within the target environment is the primary goal of the initial intrusion.

Once a system is exploited, the attacker usually places malware on the compromised system and uses it as a jump point or proxy for further actions.

Malware placed during the initial intrusion phase is usually an easy downloader, a basic Remote Access Trojan, or an easy shell. Figure 3 illustrates a newly infected system initiating an outbound connection to notify the APT actor that the initial intrusion attempt was successful which it\’s able to accept commands.


Question 9:

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

A. Transport layer port numbers and application layer headers

B. Presentation layer headers and the session layer port numbers

C. Network layer headers and the session layer port numbers

D. Application layer port numbers and the transport layer headers

Correct Answer: A


Question 10:

Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites.

Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most effective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer.)

A. Educate everyone with books, articles, and training on risk analysis, vulnerabilities, and safeguards.

B. Hire more computer security monitoring personnel to monitor computer systems and networks.

C. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D. Train more National Guard and reservists in the art of computer security to help out in times of emergency or crises.

Correct Answer: A


Question 11:

You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser and find it to

be accessible. But they are not accessible when you try using the URL.

What may be the problem?

A. Traffic is Blocked on UDP Port 53

B. Traffic is Blocked on TCP Port 80

C. Traffic is Blocked on TCP Port 54

D. Traffic is Blocked on UDP Port 80

Correct Answer: A

Most likely have an issue with DNS.

DNS stands for “Domain Name System.” It\’s a system that lets you connect to websites by matching human-readable domain names (like example.com) with the server\’s unique ID where a website is stored.

Think of the DNS system as the internet\’s phonebook. It lists domain names with their corresponding identifiers called IP addresses, instead of listing people\’s names with their phone numbers. When a user enters a domain name like wpbeginner.com on their device, it looks up the IP address and connects them to the physical location where that website is stored.

NOTE: Often DNS lookup information will be cached locally inside the querying computer or remotely in the DNS infrastructure. There are typically 8 steps in a DNS lookup. When DNS information is cached, steps are skipped from the DNS

lookup process, making it quicker. The example below outlines all 8 steps when nothing is cached.

The 8 steps in a DNS lookup:

1.

A user types `example.com\’ into a web browser, and the query travels into the Internet and is received by a DNS recursive resolver;

2.

The resolver then queries a DNS root nameserver;

3.

The root server then responds to the resolver with the address of a Top-Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for example.com, our request is pointed toward the .com TLD;

4.

The resolver then requests the .com TLD;

5.

The TLD server then responds with the IP address of the domain\’s nameserver, example.com;

6.

Lastly, the recursive resolver sends a query to the domain\’s nameserver;

7.

The IP address for example.com is then returned to the resolver from the nameserver;

8.

The DNS resolver then responds to the web browser with the IP address of the domain requested initially;

Once the 8 steps of the DNS lookup have returned the IP address for example.com, the browser can request the web page:

9.

The browser makes an HTTP request to the IP address;

10.

The server at that IP returns the webpage to be rendered in the browser. NOTE 2: DNS primarily uses the User Datagram Protocol (UDP) on port number 53 to serve requests. And if this port is blocked, then a problem arises already in the first step.

But the ninth step is performed without problems.


Question 12:

This TCP flag instructs the sending system to transmit all buffered data immediately.

A. SYN

B. RST

C. PSH

D. URG

E. FIN

Correct Answer: C


Question 13:

Fred is the network administrator for his company. Fred is testing an internal switch.

From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

B. He can send an IP packet with the SYN bit and the source address of his computer.

C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Correct Answer: D


Question 14:

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon review, he finds that user data have been exfiltrated by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company\’s application whitelisting?

A. Phishing malware

B. Zero-day malware

C. File-less malware

D. Logic bomb malware

Correct Answer: C

https://www.mcafee.com/enterprise/en-us/security-awareness/ransomware/what-is-fileless-malware.html


Question 15:

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He\’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A. Error-based SQL injection

B. Blind SQL injection

C. Union-based SQL injection

D. NoSQL injection

Correct Answer: B

leads4pass 312-50v12 dumps are dedicated to helping all candidates successfully pass the CEHv12 certification exam!

Use the free leads4pass 312-50v12 exam resources to help you verify your recent study! You can also download the latest 312-50v12 dumps: https://www.leads4pass.com/312-50v12.html (528 Q&A), to help you pass the CEHv12 certification exam 100% successfully!