Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

312-50 ECCouncil Certified Ethical Hacker Exam Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ECCouncil 312-50 Certified Ethical Hacker Exam certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

ECCouncil 312-50 Premium Access     Download Demo    
Page: 3 / 7
Total 614 questions

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

A.

SHA1

B.

Diffie-Helman

C.

RSA

D.

AES

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

A.

Cupp

B.

Nessus

C.

Cain and Abel

D.

John The Ripper Pro

What statement is true regarding LM hashes?

A.

LM hashes consist in 48 hexadecimal characters.

B.

LM hashes are based on AES128 cryptographic standard.

C.

Uppercase characters in the password are converted to lowercase.

D.

LM hashes are not generated when the password length exceeds 15 characters.

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

A.

Locate type=ns

B.

Request type=ns

C.

Set type=ns

D.

Transfer type=ns

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

A.

-sO

B.

-sP

C.

-sS

D.

-sU

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

A.

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

B.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

C.

Network firewalls can prevent attacks if they are properly configured.

D.

Network firewalls cannot prevent attacks because they are too complex to configure.

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

In order to show improvement of security over time, what must be developed?

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

Bluetooth uses which digital modulation technique to exchange information between paired devices?

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Which of the following programs is usually targeted at Microsoft Office products?

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Which of the following is an application that requires a host application for replication?

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

A.

Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Which of the following describes the characteristics of a Boot Sector Virus?

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Least privilege is a security concept that requires that a user is

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

Which of the following is a detective control?

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

What information should an IT system analysis provide to the risk assessor?

A.

Management buy-in

B.

Threat statement

C.

Security architecture

D.

Impact analysis

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

A.

Reject all invalid email received via SMTP.

B.

Allow full DNS zone transfers.

C.

Remove A records for internal hosts.

D.

Enable null session pipes.

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

Which of the following is an example of what the engineer performed?

A.

Cross-site scripting

B.

Banner grabbing

C.

SQL injection

D.

Whois database query

ECCouncil 312-50 Premium Access     Download Demo    
Page: 3 / 7
Total 614 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved