312-50V13 Exam Questions
626 real 312-50V13 exam questions with expert-verified answers and explanations. Page 10 of 13.
- Question #452Hacking Web Applications
Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, whic...
verbose failure messagesusername enumerationauthentication flawsweb application vulnerability - Question #453Enumeration
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Fur...
DNS cache snoopingDNS enumerationcached DNS recordsreconnaissance - Question #454System Hacking
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a t...
side-channel attackpassword crackingICS securitytiming attack - Question #455System Hacking
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have ti...
Pass the HashCredential TheftLateral MovementPost-Exploitation - Question #456Social Engineering
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to se...
PhishingSocial EngineeringFileless MalwareExploit Delivery - Question #457Footprinting and Reconnaissance
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related informat...
Wordlist GenerationReconnaissance ToolsBrute-force PreparationFootprinting - Question #458Cryptography
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is...
GPGOpenPGPHybrid CryptographyEmail Security - Question #459System Hacking
Which among the following is the best example of the hacking concept called "clearing tracks"?
clearing trackslog tamperingpost-exploitation - Question #460Denial-of-Service
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he sta...
Denial of Service (DoS)DDoS AttackTCP/IP AttacksSpoofing - Question #461Cloud Computing
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract mig...
Cloud Service ProviderVendor Lock-inCloud MigrationContractual agreements - Question #462Cloud Computing
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well-defined cha...
containerizationDockerPaaScloud technologies - Question #463SQL Injection
CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies...
SQL InjectionInput ValidationWhitelistWeb Application Security - Question #464Sniffing
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
MAC floodingCAM table overflowswitch securitynetwork attacks - Question #465SQL Injection
What is the following command used for?
SQLMapdatabase enumerationSQL injection tools - Question #466SQL Injection
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same str...
SQL injectionUnion injectionWeb application attacksDatabase exploitation - Question #467Cloud Computing
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the fo...
Cloud ComputingCloud Service ModelsIaaSShared Responsibility Model - Question #468Footprinting and Reconnaissance
Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture- capital firm. He used an information-gathering tool to collect information about the lo...
CensysInformation GatheringReconnaissanceIoT Hacking - Question #470Footprinting and Reconnaissance
Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain informatio...
FootprintingReconnaissanceWhois lookupDomain information gathering - Question #471Hacking Wireless Networks
An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is...
Evil TwinWireless HackingSSID SpoofingWi-Fi Pineapple - Question #472Sniffing
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how...
ARP SpoofingARP TableNetwork SecuritySniffing Detection - Question #473SQL Injection
This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or...
Blind SQL injectionSQL injection typesdatabase attacks - Question #474Hacking Wireless Networks
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility i...
downgrade attackWPA2 crackingWPA3wireless security - Question #475Social Engineering
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email cont...
PhishingCredential HarvestingEvilginxSpoofing - Question #476Hacking Wireless Networks
Which of the following Bluetooth hacking techniques does an attacker use to send messages to users without the recipient's consent, similar to email spamming?
Bluetooth HackingBluejackingWireless Hacking Techniques - Question #477Hacking Mobile Platforms
Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. U...
reverse engineeringmobile application securityvulnerability analysiscode analysis - Question #478Malware Threats
Which rootkit is characterized by its function of adding code and/or replacing some of the operating- system kernel code to obscure a backdoor on a system?
rootkitskernel-level rootkitmalwaresystem compromise - Question #479System Hacking
Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?
MetasploitPrivilege EscalationPost-exploitationWindows Hacking - Question #480IoT Hacking
Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used f...
Fault InjectionIoT SecurityHardware HackingPower/Clock Glitching - Question #481Footprinting and Reconnaissance
What would be the purpose of running "wget 192.168.0.15 -q -S" against a web server?
wgetbanner grabbingreconnaissanceinformation gathering - Question #482Evading IDS, Firewalls, and Honeypots
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise In order to evade...
NmapPort ScanningIDS EvasionStealth Scanning - Question #483SQL Injection
As an IT Security Analyst, you've been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, a...
SQL Injection TechniquesOut-of-band SQL InjectionBypass Security MeasuresData Exfiltration - Question #484SQL Injection
In an intricate web application architecture using an Oracle database, you, as a security analyst, have identified a potential SQL Injection attack surface. The database consists o...
SQL InjectionData ExfiltrationOracle DatabaseWeb Application Security - Question #485Scanning Networks
During a penetration testing assignment, a Certified Ethical Hacker (CEH) used a set of scanning tools to create a profile of the target organization. The CEH wanted to scan for li...
Hping3IP SpoofingNetwork ScanningAnonymity - Question #486IoT Hacking
You are a cybersecurlty consultant for a smart city project. The project involves deploying a vast network of loT devices for public utilities like traffic control, water supply, a...
IoT SecurityDDoS PreventionFirmware UpdatesVulnerability Management - Question #487Hacking Web Applications
An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a p...
Cross-Site Scripting (XSS)Content Security Policy (CSP)Web Application VulnerabilitiesExploitation Techniques - Question #488Enumeration
A Certified Ethical Hacker (CEH) is given the task to perform an LDAP enumeration on a target system. The system is secured and accepts connections only on secure LDAP. The CEH use...
LDAP EnumerationSecure LDAPPython ScriptingSSL/TLS - Question #489Scanning Networks
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct co...
Host DiscoveryNetwork ScanningFirewall BypassTCP SYN Scan - Question #490Scanning Networks
An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead...
SYN scanPort scanningTCP handshakeStealth scan - Question #491Hacking Web Applications
A penetration tester is conducting an assessment of a web application for a financial institution. The application uses form-based authentication and does not implement account loc...
Brute Force AttackAuthentication BypassWeb Application SecurityUsername Enumeration - Question #492Hacking Wireless Networks
As a budding cybersecurity enthusiast, you have set up a small lab at home to learn more about wireless network security. While experimenting with your home Wi-Fi network, you deci...
Wireless Network SecurityWPA2-PSKPassword CrackingPassword Strength - Question #493Vulnerability Analysis
A large e-commerce organization is planning to implement a vulnerability assessment solution to enhance its security posture. They require a solution that imitates the outside view...
Vulnerability AssessmentExternal AssessmentSecurity PostureService-based Solution - Question #494Session Hijacking
A security analyst is investigating a potential network-level session hijacking incident. During the investigation, the analyst finds that the attacker has been using a technique i...
RST hijackingTCP reset attackSession hijackingPacket injection - Question #495Introduction to Ethical Hacking
Given the complexities of an organization's network infrastructure, a threat actor has exploited an unidentified vulnerability, leading to a major data breach. As a Certified Ethic...
Security StrategyAdaptive SecurityContinual MonitoringThreat Management - Question #496SQL Injection
An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection ev...
SQL Injection evasionSignature-based IDS bypassCHAR encodingDatabase hacking - Question #497Vulnerability Analysis
During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system...
CVSSVulnerability scoringBase metric - Question #498Evading IDS, Firewalls, and Honeypots
An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to det...
SQL InjectionIDS EvasionSignature DetectionObfuscation - Question #499Social Engineering
You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incid...
BYOD SecurityPhishing AttacksSecurity Awareness TrainingSocial Engineering Mitigation - Question #500Cloud Computing
You are a cybersecurity specialist at CloudTech Inc., a company providing cloud-based services. You are managing a project for a client who wants to migrate their sensitive data to...
Cloud SecurityEncryptionKey ManagementData at Rest - Question #501Social Engineering
Sarah, a system administrator, was alerted of potential malicious activity on the network of her company. She discovered a malicious program spread through the instant messenger ap...
Malware PropagationInstant Messenger SecuritySocial EngineeringUser Vigilance - Question #502SQL Injection
You're the security manager for a tech company that uses a database to store sensitive customer data. You have implemented countermeasures against SQL injection attacks. Recently,...
SQL injectiondatabase securitypayloadsdata integrity