Eccouncil 312-50v11 practice test

Certified Ethical Hacker V11 Exam

Last exam update: Dec 03 ,2024
Page 1 out of 36. Viewing questions 1-15 out of 528

Question 1

Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device.
In this process, he injects faults into the power supply that can be used for remote execution, also
causing the skipping of key instructions. He also injects faults into the clock network used for
delivering a synchronized signal across the chip.
Which of the following types of fault injection attack is performed by Robert in the above scenario?

  • A. Frequency/voltage tampering
  • B. Optical, electromagnetic fault injection (EMFI)
  • C. Temperature attack
  • D. Power/clock/reset glitching
Mark Question:
Answer:

D


Explanation:
These types of attacks occur when faults or glitches are INJECTED into the Power supply that can be
used for remote execution.

User Votes:
A
50%
B 1 votes
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following Metasploit post-exploitation modules can be used to escalate privileges on
Windows systems?

  • A. getsystem
  • B. getuid
  • C. keylogrecorder
  • D. autoroute
Mark Question:
Answer:

A


User Votes:
A 1 votes
50%
B 1 votes
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-
system kernel code to obscure a backdoor on a system?

  • A. User-mode rootkit
  • B. Library-level rootkit
  • C. Kernel-level rootkit
  • D. Hypervisor-level rootkit
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Jacob works as a system administrator in an organization. He wants to extract the source code of a
mobile application and disassemble the application to analyze its design flaws. Using this technique,
he wants to fix any bugs in the application, discover underlying vulnerabilities, and improve defense
strategies against attacks.
What is the technique used by Jacob in the above scenario to improve the security of the mobile
application?

  • A. Reverse engineering
  • B. App sandboxing
  • C. Jailbreaking
  • D. Social engineering
Mark Question:
Answer:

A


User Votes:
A 2 votes
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following Bluetooth hacking techniques does an attacker use to send messages to users
without the recipients consent, similar to email spamming?

  • A. Bluesmacking
  • B. BlueSniffing
  • C. Bluejacking
  • D. Bluesnarfing
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark,
an attacker, noticed her activities several times and sent a fake email containing a deceptive page
link to her social media page displaying all-new and trendy outfits. In excitement, Sophia clicked on
the malicious link and logged in to that page using her valid credentials. Which of the following tools
is employed by Clark to create the spoofed email?

  • A. PyLoris
  • B. Slowloris
  • C. Evilginx
  • D. PLCinject
Mark Question:
Answer:

C


User Votes:
A
50%
B 1 votes
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3
encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity
and forced the victim to go through the WPA2 four-way handshake to get connected. After the
connection was established, the attacker used automated tools to crack WPA2-encrypted messages.
What is the attack performed in the above scenario?

  • A. Timing-based attack
  • B. Side-channel attack
  • C. Downgrade security attack
  • D. Cache-based attack
Mark Question:
Answer:

B


User Votes:
A
50%
B 2 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

This type of injection attack does not show any error message. It is difficult to exploit as it returns
information when the application is given SQL payloads that elicit a true or false response from the
server. By observing the response, an attacker can extract sensitive information. What type of attack
is this?

  • A. Time-based SQL injection
  • B. Union SQL injection
  • C. Error-based SQL injection
  • D. Blind SQL injection
Mark Question:
Answer:

D


User Votes:
A 1 votes
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN
to prevent intruders from sniffing your traffic. If you did not have a VPN, how would you identify
whether someone is performing an ARP spoofing attack on your laptop?

  • A. You should check your ARP table and see if there is one IP address with two different MAC addresses.
  • B. You should scan the network using Nmap to check the MAC addresses of all the hosts and look for duplicates.
  • C. You should use netstat to check for any suspicious connections with another IP address within the LAN.
  • D. You cannot identify such an attack and must use a VPN to protect your traffic, r
Mark Question:
Answer:

A


User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a
nearby business in order to capture the wireless password. What kind of attack is this?

  • A. MAC spoofing attack
  • B. Evil-twin attack
  • C. War driving attack
  • D. Phishing attack
Mark Question:
Answer:

B


User Votes:
A
50%
B 2 votes
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as
much information as possible. Using this technique, he gathers domain information such as the
target domain name, contact details of its owner, expiry date, and creation date. With this
information, he creates a map of the organization's network and misleads domain owners with social
engineering to obtain internal details of its network. What type of footprinting technique is
employed by Richard?

  • A. VPN footprinting
  • B. Email footprinting
  • C. VoIP footprinting
  • D. Whois footprinting
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
Mayuri
9 months, 3 weeks ago

Whois footprinting


Question 12

George, an employee of an organization, is attempting to access restricted websites from an official
computer. For this purpose, he used an anonymizer that masked his real IP address and ensured
complete and continuous anonymity for all his online activities. Which of the following anonymizers
helps George hide his activities?
A.
https://www.baidu.com
B.
https://www.guardster.com
C.
https://www.wolframalpha.com
D.
https://karmadecay.com

Mark Question:
Answer:

B


User Votes:
Discussions
vote your answer:
0 / 1000

Question 13

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture-capital
firm. He used an information-gathering tool to collect information about the loT devices connected
to a network, open ports and services, and the attack surface are
a. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool
helped Lewis continually monitor every reachable server and device on the Internet, further allowing
him to exploit these devices in the network. Which of the following tools was employed by Lewis in
the above scenario?

  • A. Censys
  • B. Wapiti
  • C. NeuVector
  • D. Lacework
Mark Question:
Answer:

A


Explanation:
Censys scans help the scientific community accurately study the Internet. The data is sometimes
used to detect security problems and to inform operators of vulnerable systems so that they can
fixed

User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Your organization has signed an agreement with a web hosting provider that requires you to take full
responsibility of the maintenance of the cloud-based resources. Which of the following models
covers this?

  • A. Platform as a service
  • B. Software as a service
  • C. Functions as a
  • D. service Infrastructure as a service
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following types of SQL injection attacks extends the results returned by the original
query, enabling attackers to run two or more statements if they have the same structure as the
original one?

  • A. Error-based injection
  • B. Boolean-based blind SQL injection
  • C. Blind SQL injection
  • D. Union SQL injection
Mark Question:
Answer:

D


User Votes:
A
50%
B 1 votes
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2