100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CEH Exam 312-50 - CEH v8 $22.38   Add to cart

Exam (elaborations)

CEH Exam 312-50 - CEH v8

 1 view  0 purchase
  • Course
  • Institution

An Ethical Hacker is one employed to undertake an attempt to penetrate networks and systems using the same methods and techniques as a hacker. This individual is expected to help in achieving optimal information security posture through scanning, testing, hacking and securing their own systems....

[Show more]

Preview 4 out of 77  pages

  • July 28, 2022
  • 77
  • 2021/2022
  • Exam (elaborations)
  • Questions & answers
avatar-seller
Exam Name: Certified Ethical Hacker
Exam Type: EC-Council
Exam Code: 312-50 Total Questions: 255

Question: 1
What is the name of the software tool used to crack a single account on Netware Servers using a
dictionary attack?

A. NPWCrack
B. NWPCrack
C. NovCrack
D. CrackNov
E. GetCrack

Answer: B

Explanation:
NWPCrack is the software tool used to crack single accounts on Netware servers.

Question: 2
How can you determine if an LM hash you extracted contains a password that is less than 8
characters long?

A. There is no way to tell because a hash cannot be reversed
B. The right most portion of the hash is always the same
C. The hash always starts with AB923D
D. The left most portion of the hash is always the same
E. A portion of the hash will be all 0's

Answer: B

Explanation:
When loosheets at an extracted LM hash, you will sometimes observe that the right most portion
is always the same. This is padding that has been added to a password that is less than 8
characters long.

Question: 3
Several of your co-workers are having a discussion over the etc/passwd file. They are at odds
over what types of encryption are used to secure Linux passwords.(Choose all that apply).

A. Linux passwords can be encrypted with MD5
B. Linux passwords can be encrypted with SHA
C. Linux passwords can be encrypted with DES
D. Linux passwords can be encrypted with Blowfish
E. Linux passwords are encrypted with asymmetric algrothims

Answer: A, C D

Explanation:
Linux passwords can be encrypted with several types of hashing algorithms. These include SHQ,
MD5, and Blowfish.

Question: 4
What are the two basic types of attacks?(Choose two.

A. DoS
B. Passive
C. Sniffing
D. Active
Page 1 of 77

,Exam Name: Certified Ethical Hacker
Exam Type: EC-Council
Exam Code: 312-50 Total Questions: 255

E. Cracsheets

Answer: B, D

Explanation:
Passive and active attacks are the two basic types of attacks.

Question: 5
Sniffing is considered an active attack.

A. True
B. False

Answer: B

Explanation:
Sniffing is considered a passive attack.

Question: 6
When discussing passwords, what is considered a brute force attack?

A. You attempt every single possibility until you exhaust all possible combinations or discover the
password
B. You threaten to use the rubber hose on someone unless they reveal their password
C. You load a dictionary of words into your cracsheets program
D. You create hashes of a large number of words and compare it with the encrypted passwords
E. You wait until the password expires

Answer: A

Explanation:
Brute force cracsheets is a time consuming process where you try every possible combination of
letters, numbers, and characters until you discover a match.

Question: 7
Which of the following are well know password-cracsheets programs?(Choose all that apply.

A. L0phtcrack
B. NetCat
C. Jack the Ripper
D. Netbus
E. John the Ripper

Answer: A, E

Explanation:
L0phtcrack and John the Ripper are two well know password-cracsheets programs. Netcat is
considered the Swiss-army knife of hacsheets tools, but is not used for password cracsheets

Question: 8
Password cracsheets programs reverse the hashing process to recover passwords.(True/False.

A. True
B. False

Page 2 of 77

,Exam Name: Certified Ethical Hacker
Exam Type: EC-Council
Exam Code: 312-50 Total Questions: 255

Answer: B

Explanation:
Password cracsheets programs do not reverse the hashing process. Hashing is a one-way
process.

What these programs can do is to encrypt words, phrases, and characters using the same
encryption process and compare them to the original password. A hashed match reveals the true
password.

Question: 9
What does the following command achieve?

Telnet <IP Address> <Port 80>
HEAD /HTTP/1.0
<Return>
<Return>

A. This command returns the home page for the IP address specified
B. This command opens a backdoor Telnet session to the IP address specified
C. This command returns the banner of the website specified by IP address
D. This command allows a hacker to determine the sites security
E. This command is bogus and will accomplish nothing

Answer: C

Explanation:
This command is used for banner grabbing. Banner grabbing helps identify the service and
version of web server running.

Question: 10
Your lab partner is trying to find out more information about a competitors web site. The site has a
.com extension. She has decided to use some online whois tools and look in one of the regional
Internet registrys.

Which one would you suggest she looks in first?

A. LACNIC
B. ARIN
C. APNIC
D. RIPE
E. AfriNIC

Answer: B

Explanation:
Regional registries maintain records from the areas from which they govern. ARIN is responsible
for domains served within North and South America and therefore, would be a good starting point
for a .com domain.

Question: 11
Which of the following tools are used for footprinting?(Choose four.

A. Sam Spade
B. NSLookup
Page 3 of 77

, Exam Name: Certified Ethical Hacker
Exam Type: EC-Council
Exam Code: 312-50 Total Questions: 255

C. Traceroute
D. Neotrace
E. Cheops

Answer: A, B, C, D

Explanation:
All of the tools listed are used for footprinting except Cheops.

Question: 12
According to the CEH methodology, what is the next step to be performed after footprinting?

A. Enumeration
B. Scanning
C. System Hacsheets
D. Social Engineering
E. Expanding Influence

Answer: B

Explanation:
Once footprinting has been completed, scanning should be attempted next. Scanning should take
lace on two distinct levels: network and host.

Question: 13
NSLookup is a good tool to use to gain additional information about a target network. What does
the following command accomplish?
nslookup
> server <ipaddress>
> set type =any
> ls -d <target.com>

A. Enables DNS spoofing
B. Loads bogus entries into the DNS table
C. Verifies zone security
D. Performs a zone transfer
E. Resets the DNS cache

Answer: D

Explanation:
If DNS has not been properly secured, the command sequence displayed above will perform a
zone transfer.

Question: 14
While footprinting a network, what port/service should you look for to attempt a zone transfer?

A. 53 UDP
B. 53 TCP
C. 25 UDP
D. 25 TCP
E. 161 UDP
F. 22 TCP
G. 60 TCP

Page 4 of 77

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller supportmutiglobeapp. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $22.38. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$22.38
  • (0)
  Add to cart