1. Home
  2. EC-COUNCIL
  3. 312-50V10

EC-Council Certified Ethical Hacker (C|EH v10)

Exam Details

  • Exam Code
    :312-50V10
  • Exam Name
    :EC-Council Certified Ethical Hacker (C|EH v10)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :747 Q&As
  • Last Updated
    :Apr 14, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

  • Question 111:

    Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He's determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

    A. Error-based SQL injection

    B. Blind SQL injection

    C. Union-based SQL injection

    D. NoSQL injection

  • Question 112:

    A zone file consists of which of the following Resource Records (RRs)?

    A. DNS, NS, AXFR, and MX records

    B. DNS, NS, PTR, and MX records

    C. SOA, NS, AXFR, and MX records

    D. SOA, NS, A, and MX records

  • Question 113:

    MX record priority increases as the number increases. (True/False.)

    A. True

    B. False

  • Question 114:

    Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain.

    What do you think Tess King is trying to accomplish? Select the best answer.

    A. A zone harvesting

    B. A zone transfer

    C. A zone update

    D. A zone estimate

  • Question 115:

    In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

    A. Full Blown

    B. Thorough

    C. Hybrid

    D. BruteDics

  • Question 116:

    Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

    A. har.txt

    B. SAM file

    C. wwwroot D. Repair file

  • Question 117:

    Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company

    A and B are working together in developing a product that will generate a major competitive advantage for

    them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing.

    With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails

    from company B.

    How do you prevent DNS spoofing?

    A. Install DNS logger and track vulnerable packets

    B. Disable DNS timeouts

    C. Install DNS Anti-spoofing

    D. Disable DNS Zone Transfer

  • Question 118:

    A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems.

    However, he is unable to capture any logons though he knows that other users are logging in.

    What do you think is the most likely reason behind this?

    A. There is a NIDS present on that segment.

    B. Kerberos is preventing it.

    C. Windows logons cannot be sniffed.

    D. L0phtcrack only sniffs logons to web servers.

  • Question 119:

    Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

    A. Interceptor

    B. Man-in-the-middle

    C. ARP Proxy

    D. Poisoning Attack

  • Question 120:

    You have initiated an active operating system fingerprinting attempt with nmap against a target system:

    What operating system is the target host running based on the open ports shown above?

    A. Windows XP

    B. Windows 98 SE

    C. Windows NT4 Server

    D. Windows 2000 Server

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.