EC-Council 312-50v13 Practice Exams
Last updated on Apr 07,2025- Exam Code: 312-50v13
- Exam Name: Certified Ethical Hacker Exam (CEHv13)
- Certification Provider: EC-Council
- Latest update: Apr 07,2025
An organization is performing a vulnerability assessment tor mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols found on the organization’s machines to detect which ports are attached to services such as an email server, a web server or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevant tests.
What is the type of vulnerability assessment solution that James employed in the above scenario?
- A . Product-based solutions
- B . Tree-based assessment
- C . Service-based solutions
- D . inference-based assessment
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company’s systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company’s computer systems until they have signed the policy in acceptance of its terms.
What is this document called?
- A . Information Audit Policy (IAP)
- B . Information Security Policy (ISP)
- C . Penetration Testing Policy (PTP)
- D . Company Compliance Policy (CCP)
Which protocol is used for setting up secure channels between two devices, typically in VPNs?
- A . PEM
- B . ppp
- C . IPSEC
- D . SET
Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions
with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.
What kind of attack is Susan carrying on?
- A . A sniffing attack
- B . A spoofing attack
- C . A man in the middle attack
- D . A denial of service attack
In the field of cryptanalysis, what is meant by a “rubber-hose" attack?
- A . Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
- B . Extraction of cryptographic secrets through coercion or torture.
- C . Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
- D . A backdoor placed into a cryptographic algorithm by its creator.
One of your team members has asked you to analyze the following SOA record.
What is the version? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)
- A . 200303028
- B . 3600
- C . 604800
- D . 2400
- E . 60
- F . 4800
Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization’s network and misleads domain owners with social engineering to obtain internal details of its network.
What type of footprinting technique is employed by Richard?
- A . VPN footprinting
- B . Email footprinting
- C . VoIP footprinting
- D . Whois footprinting
You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation.
Which of the following is appropriate to analyze?
- A . IDS log
- B . Event logs on domain controller
- C . Internet Firewall/Proxy log.
- D . Event logs on the PC
Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?
- A . getsystem
- B . getuid
- C . keylogrecorder
- D . autoroute
what are common files on a web server that can be misconfigured and provide useful Information for a hacker such as verbose error messages?
- A . httpd.conf
- B . administration.config
- C . idq.dll
- D . php.ini