312-50V12 Exam Questions
322 real 312-50V12 exam questions with expert-verified answers and explanations. Page 6 of 7.
- Question #251Network and Perimeter Hacking
Martin, a Certified Ethical Hacker (CEH), is conducting a penetration test on a large enterprise network. He suspects that sensitive information might be leaking out of the network...
Network sniffingData exfiltrationPacket capturePenetration testing - Question #252Cryptography
As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiali...
CryptographyConfidentialityNon-repudiationDigital signatures - Question #253Wireless Network, Mobile, IoT, and OT Hacking
As a cybersecurity analyst for SecureNet, you are performing a security assessment of a new mobile payment application. One of your primary concerns is the secure storage of custom...
Mobile securityData at rest encryptionPayment application securityData storage - Question #254System Hacking Phases and Attack Techniques
A large multinational corporation is in the process of evaluating its security infrastructure to identify potential vulnerabilities. After a comprehensive analysis, they found mult...
TOC/TOU vulnerabilityRace conditionAtomicityVulnerability mitigation - Question #255System Hacking Phases and Attack Techniques
A security analyst is preparing to analyze a potentially malicious program believed to have infiltrated an organization's network. To ensure the safety and integrity of the product...
Malware analysisSheep dip computerSandboxSecurity best practices - Question #256Web Application Hacking
As an IT Security Analyst, you've been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, a...
SQL injectionBlind SQLiAdvanced SQLiWeb application attacks - Question #257Cryptography
Your company, SecureTech Inc., is planning to transmit some sensitive data over an unsecured communication channel. As a cyber security expert, you decide to use symmetric key encr...
Symmetric key exchangeDiffie-HellmanCryptography protocolsKey management - Question #258Wireless Network, Mobile, IoT, and OT Hacking
As an IT intern, you have been asked to help set up a secure Wi-Fi network for a local coffee shop. The owners want to provide free Wi-Fi to their customers, but they are concerned...
Wi-Fi securityWPA2WPA3Wireless networks - Question #259Web Application Hacking
During a penetration test, an ethical hacker is exploring the security of a complex web application. The application heavily relies on JavaScript for client-side input sanitization...
XSS attackclient-side sanitization bypassHttpOnly flagweb application vulnerabilities - Question #260Reconnaissance Techniques
In the process of footprinting a target website, an ethical hacker utilized various tools to gather critical information. The hacker encountered a target site where standard web sp...
footprintingweb spideringrobots.txt bypassBurp Suite - Question #261Information Security and Ethical Hacking Overview
During a comprehensive security assessment, your cybersecurity team at XYZ Corp stumbles upon signs that point toward a possible Advanced Persistent Threat (APT) infiltration in th...
Advanced Persistent Threat (APT)APT indicatorszero-day exploitsthreat detection - Question #262Wireless Network, Mobile, IoT, and OT Hacking
As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless network security. While experimenting with your home Wi-Fi network, you deci...
WPA2-PersonalAES encryptionWi-Fi crackingwireless security - Question #263Web Application Hacking
An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a p...
XSS vulnerabilityContent Security Policy (CSP)CSP bypasssame-domain script execution - Question #264System Hacking Phases and Attack Techniques
John, a security analyst, is analyzing a server suspected of being compromised. The attacker has used a non admin account and has already gained a foothold on the system. John disc...
DLL Hijackingprivilege escalationnon-admin compromisemalicious DLL - Question #265Web Application Hacking
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregor...
Burp Suitesession hijackingintercepting proxyweb application testing - Question #266Information Security and Ethical Hacking Overview
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should...
auditingsystem securityimpact assessmentsecurity controls - Question #268Wireless Network, Mobile, IoT, and OT Hacking
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started...
WPA3SAEdragonfly key exchangeWi-Fi encryption - Question #269Reconnaissance Techniques
A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine. Which of the following Zenmap...
ZenmapNmapICMP timestamp scannetwork reconnaissance - Question #270System Hacking Phases and Attack Techniques
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a t...
side-channel attacktiming attackpassword crackingindustrial control systems - Question #271Information Security and Ethical Hacking Overview
Given below are different steps involved in the vulnerability-management life cycle. 1) Remediation 2) Identify assets and create a baseline 3) Verification 4) Monitor 5) Vulnerabi...
vulnerability management lifecycleremediationrisk assessmentvulnerability scanning - Question #272Network and Perimeter Hacking
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
MAC floodingCAM table overflowEthernet switch attacksnetwork attacks - Question #273Web Application Hacking
What is the following command used for?
SQL injectiondatabase enumerationDBMSURL hacking - Question #274Cryptography
Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To...
Web of Trust (WOT)public key cryptographymessage integrityauthentication - Question #275Wireless Network, Mobile, IoT, and OT Hacking
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read,...
BtlejackingBluetooth Low Energy (BLE)IoT hacking toolsbtlejack command - Question #276Wireless Network, Mobile, IoT, and OT Hacking
John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the IoT devices connected in the target network that are using default credentials and are vulne...
IoTSeekerIoT device scanningdefault credentialsIoT vulnerabilities - Question #277System Hacking Phases and Attack Techniques
To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?
Linux file hidinghidden filesfilesystem conventionscommand line basics - Question #278Cryptography
Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128, 192, or 256 bits into a software program, which involves 32 rounds of computational operations that...
Serpent algorithmsymmetric block ciphercryptographic algorithmskey sizes - Question #280Wireless Network, Mobile, IoT, and OT Hacking
Mirai malware targets IoT devices. After infiltration, it uses them to propagate and create botnets that are then used to launch which types of attack?
Mirai malwareIoT botnetDDoS attackIoT hacking - Question #281Information Security and Ethical Hacking Overview
Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?
PCI-DSScompliance standardspayment card security - Question #282Cloud Computing
Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assig...
Kuberneteskube-schedulerpod schedulingcloud architecture - Question #283Cloud Computing
According to the NIST cloud deployment reference architecture, which of the following provides connectivity and transport services to consumers?
NIST cloud modelcloud carriercloud service roles - Question #284Wireless Network, Mobile, IoT, and OT Hacking
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-acces...
wardrivingwireless reconnaissanceWi-Fi hacking - Question #285System Hacking Phases and Attack Techniques
Which among the following is the best example of the third step (delivery) in the cyber kill chain?
cyber kill chaindelivery phasemalware deliveryattack methodology - Question #286Web Application Hacking
Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, whic...
verbose error messagesusername enumerationauthentication flawsweb application security - Question #287Web Application Hacking
Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Servic...
WS-SecuritySOAP securityweb services authenticationXML security - Question #288Wireless Network, Mobile, IoT, and OT Hacking
Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline di...
WPA3SAEwireless securityoffline dictionary attacks - Question #289Cryptography
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is...
GPGOpenPGPhybrid encryptionemail security - Question #290Network and Perimeter Hacking
Roma is a member of a security team. She was tasked with protecting the internal network of an organization from imminent threats. To accomplish this task, Roma fed threat intellig...
threat intelligencetechnical threat intelligencenetwork defenseIOCs - Question #291Web Application Hacking
This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or...
blind SQL injectionSQL injectionweb application vulnerabilities - Question #292System Hacking Phases and Attack Techniques
An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware. What is the best example of a scareware attack?
scarewaresocial engineeringmalwarephishing - Question #293Information Security and Ethical Hacking Overview
Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From thi...
threat intelligenceoperational threat intelligenceattacker methodologiesTTPs - Question #294Web Application Hacking
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same str...
Union SQL injectionSQL injectionweb application vulnerabilities - Question #295Information Security and Ethical Hacking Overview
What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?
SOXSarbanes-Oxley Actregulatory compliancefinancial fraud - Question #296Web Application Hacking
Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?
XXEXML external entityweb application vulnerabilitiesXML parsing - Question #297Reconnaissance Techniques
What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?
SMTP enumerationVRFYEXPNreconnaissanceuser enumeration - Question #298Reconnaissance Techniques
When considering how an attacker may exploit a web server, what is web server footprinting?
web server footprintingreconnaissanceinformation gathering - Question #299Wireless Network, Mobile, IoT, and OT Hacking
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility i...
downgrade attackWPA2WPA3wireless securityrogue access point - Question #300Reconnaissance Techniques
James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help...
OSINT frameworkopen-source intelligencereconnaissancefootprinting - Question #301Reconnaissance Techniques
What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?
banner grabbingwgetweb server enumerationreconnaissance tools - Question #302Reconnaissance Techniques
Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following resu...
OS fingerprintingTCP/IP headersTTLnetwork scanning