312-50V12 Exam Questions
322 real 312-50V12 exam questions with expert-verified answers and explanations. Page 1 of 7.
- Question #1Fundamentals
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email cont...
PhishingCredential harvestingSocial engineering tools - Question #2Conduct Discovery
John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner...
Vulnerability scanningVulnerability assessment toolsAgent-based scanning - Question #3Fundamentals
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes...
Watering hole attackWeb application attacksMalware delivery - Question #4Fundamentals
Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltrated by an...
File-less malwareMalware detection evasionApplication whitelisting bypass - Question #5Fundamentals
Dorian is sending a digitally signed email to Poly. With which key is Dorian signing this message and how is Poly validating it?
Digital signaturesAsymmetric encryptionPrivate key - Question #6Network and Perimeter Hacking
Scenario: Joe turns on his home computer to access personal online banking. When he enters as if he has never visited the site before. When he examines the website URL closer, he f...
DNS HijackingNetwork AttacksWeb SecurityMan-in-the-Middle - Question #7Fundamentals
Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a...
Session hijackingSession donationWeb application security - Question #8Fundamentals
Kevin, a professional hacker, wants to penetrate CyberTech Inc's network. He employed a technique, using which he encoded packets with Unicode characters. The company's IDS cannot...
IDS evasionTraffic obfuscationNetwork security - Question #9Fundamentals
Suppose that you test an application for the SQL injection vulnerability. You know that the backend database is based on Microsoft SQL Server. In the login/password form, you enter...
SQL injectionWeb application vulnerabilitiesDatabase securityQuery manipulation - Question #10Conduct Discovery
Which of the following commands checks for valid users on an SMTP server?
SMTP commandsUser enumerationNetwork reconnaissance - Question #11Fundamentals
Bella, a security professional working at an IT firm, finds that a security breach has occurred while transferring important files. Sensitive data, employee usernames, and password...
Secure file transferFTPSData in transit encryptionProtocol security - Question #12Fundamentals
John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should...
PGPAsymmetric encryptionPublic key cryptographyConfidentiality - Question #13Fundamentals
In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?
CVSSVulnerability scoringRisk assessment - Question #14Fundamentals
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter....
SNMPNetwork monitoringTraffic encryptionProtocol security - Question #15Conduct Discovery
Consider the following Nmap output: What command-line parameter could you use to determine the type and version number of the web server?
NmapPort scanningService version detectionNetwork reconnaissance - Question #16Information Security and Ethical Hacking Overview
Bob was recently hired by a medical company after it experienced a major cyber security breach. Many patients are complaining that their personal medical records are fully exposed...
HIPAAData Privacy RegulationsProtected Health Information (PHI)Compliance - Question #17System Hacking Phases and Attack Techniques
Infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?
Ethical Hacking MethodologyGaining AccessMalwarePhishing - Question #18Fundamentals
Larry, a security professional in an organization, has noticed some abnormalities in the user accounts on a web server. To thwart evolving attacks, he decided to harden the securit...
Web server hardeningAccount securityPrinciple of least privilegeSecurity best practices - Question #19Cloud Computing
There are multiple cloud deployment options depending on how isolated a customer's resources are from those of other customers. Shared environments share the costs and allow each c...
cloud deployment modelscommunity cloud - Question #20System Hacking Phases and Attack Techniques
Allen, a professional pen tester, was hired by XpertTech Solutions to perform an attack simulation on the organization's network resources. To perform the attack, he took advantage...
NetBIOS enumerationmessenger serviceport 139 - Question #21Wireless Network, Mobile, IoT, and OT Hacking
Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his smartphone were replaced by deceptive application...
mobile malwareAgent Smith attackdeceptive applications - Question #22Cryptography
Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used...
SSLv2 vulnerabilityDROWN attackprivate key leakage - Question #23Reconnaissance Techniques
Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target...
Whois footprintingIP information lookupARIN - Question #24Network and Perimeter Hacking
You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the s...
Nmap scanspoofed IPdecoy scan - Question #25Network and Perimeter Hacking
Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, rout...
vulnerability assessmentexternal assessmentnetwork security - Question #26Information Security and Ethical Hacking Overview
Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounti...
regulatory complianceSOXcorporate disclosures - Question #27Network and Perimeter Hacking
Abel, a security professional, conducts penetration testing in his client organization to check for any security loopholes. He launched an attack on the DHCP servers by broadcastin...
DHCP starvationDoS attackNetwork attacks - Question #28Cryptography
This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128- bit block size, and its key size can be up to 256 bits. Which among the following...
symmetric encryptionblock cipherTwofish - Question #29Network and Perimeter Hacking
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he sta...
DDoS attackTCP session spoofingfirewall evasion - Question #30Wireless Network, Mobile, IoT, and OT Hacking
Jim, a professional hacker, targeted an organization that is operating critical industrial infrastructure. Jim used Nmap to scan open ports and running services on systems connecte...
OT network hackingNmap scriptingEthernet/IP devicesICS/SCADA - Question #31Web Application Hacking
While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file list...
web application vulnerabilitydirectory traversalpath traversal - Question #32Wireless Network, Mobile, IoT, and OT Hacking
Richard, an attacker, aimed to hack IoT devices connected to a target network. In this process, Richard recorded the frequency required to share information between connected devic...
IoT hackingreplay attackradio frequency attacks - Question #33Reconnaissance Techniques
Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack?
network mappingscanning networksnetwork infrastructure - Question #34System Hacking Phases and Attack Techniques
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based...
vulnerability scanningNessusWindows vulnerabilities - Question #35Web Application Hacking
Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she uses a user-defined HTTP callback or push APIs that a...
web APIwebhooksreal-time updates - Question #36Wireless Network, Mobile, IoT, and OT Hacking
Which IOS jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?
IOS jailbreakinguntethered jailbreakkernel patching - Question #37Web Application Hacking
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchron...
web services attackSOAP headerWS-Address spoofing - Question #38Network and Perimeter Hacking
Attacker Steve targeted an organization's network with the aim of redirecting the company's web traffic to another malicious website. To achieve this goal, Steve performed DNS cach...
DNS cache poisoningpharmingweb traffic redirectionidentity theft - Question #39Wireless Network, Mobile, IoT, and OT Hacking
What is the port to block first in case you are suspicious that an IoT device has been compromised?
IoT securityport blockingcompromised device - Question #40Network and Perimeter Hacking
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavio...
Proxy evasionEvasion techniquesAdversary tacticsNetwork stealth - Question #41Reconnaissance Techniques
What firewall evasion scanning technique make use of a zombie system that has low network activity as well as its fragment identification numbers?
Firewall evasionNetwork scanningIdle scanningZombie host - Question #42System Hacking Phases and Attack Techniques
By performing a penetration test, you gained access under a user account. During the test, you established a connection with your own machine via the SMB service and occasionally e...
Post-exploitationLinux forensicsCommand historyCredential cleanup - Question #43System Hacking Phases and Attack Techniques
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to se...
Social engineeringPhishingInitial accessFileless malware - Question #44Reconnaissance Techniques
Wilson, a professional hacker, targets an organization for financial benefit and plans to compromise its systems by sending malicious emails. For this purpose, he uses a tool to tr...
OSINTEmail reconnaissanceInformation gatheringReconnaissance tools - Question #45Information Security and Ethical Hacking Overview
David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vul...
Vulnerability managementRemediationSecurity operationsRisk management - Question #46Cloud Computing
Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the target's MSP provider by sending spear-phishing emails and distributed custom-made malw...
Cloud securitySupply chain attackMSP compromiseCloud hopper - Question #47Web Application Hacking
Judy created a forum. One day, she discovers that a user is posting strange images without writing comments. She immediately calls a security expert, who discovers that the followi...
Web application securityCross-site scripting (XSS)Session hijackingCookie theft - Question #48Web Application Hacking
Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to det...
SQL injectionTime-based SQLiBoolean-based SQLiWeb application vulnerabilities - Question #49Web Application Hacking
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by...
Web application securitySSRFServer-side request forgeryWeb server exploitation - Question #50Wireless Network, Mobile, IoT, and OT Hacking
George is a security professional working for iTech Solutions. He was tasked with securely transferring sensitive data of the organization between industrial systems. In this proce...
IoT securityOT securityWireless protocolsZigbee