1. Home
  2. EC-COUNCIL
  3. 312-50V8

Certified Ethical Hacker v8

Exam Details

  • Exam Code
    :312-50V8
  • Exam Name
    :Certified Ethical Hacker v8
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1008 Q&As
  • Last Updated
    :Apr 15, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

  • Question 211:

    Study the snort rule given below and interpret the rule.

    alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

    A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

    B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

    C. An alert is generated when a TCP packet is originated from port 111 of any IP address to the

    192.168.1.0 subnet

    D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

  • Question 212:

    Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.

    What is Bob supposed to do next?

    A. Take over the session

    B. Reverse sequence prediction

    C. Guess the sequence numbers

    D. Take one of the parties offline

  • Question 213:

    ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

    Here is a section of the Virus code:

    What is this technique called?

    A. Polymorphic Virus

    B. Metamorphic Virus

    C. Dravidic Virus

    D. Stealth Virus

  • Question 214:

    "Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

    A. Vulnerability Scanning

    B. Penetration Testing

    C. Security Policy Implementation

    D. Designing Network Security

  • Question 215:

    Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

    A. The switches will drop into hub mode if the ARP cache is successfully flooded.

    B. If the ARP cache is flooded,the switches will drop into pix mode making it less susceptible to attacks.

    C. Depending on the switch manufacturer,the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

    D. The switches will route all traffic to the broadcast address created collisions.

  • Question 216:

    In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled

    and confirmation is required before activation. The attackers then scam to collect not one but two credit

    card numbers, ATM PIN number and other personal details.

    Ignorant users usually fall prey to this scam.

    Which of the following statement is incorrect related to this attack?

    A. Do not reply to email messages or popup ads asking for personal or financial information

    B. Do not trust telephone numbers in e-mails or popup ads

    C. Review credit card and bank account statements regularly

    D. Antivirus,anti-spyware,and firewall software can very easily detect these type of attacks

    E. Do not send credit card numbers,and personal or financial information via e-mail

  • Question 217:

    Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized.

    What type of technique might be used by these offenders to access the Internet without restriction?

    A. They are using UDP that is always authorized at the firewall

    B. They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

    C. They have been able to compromise the firewall,modify the rules,and give themselves proper access

    D. They are using an older version of Internet Explorer that allow them to bypass the proxy server

  • Question 218:

    This is an example of whois record.

    Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

    A. Search engines like Google,Bing will expose information listed on the WHOIS record

    B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record

    C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

    D. IRS Agents will use this information to track individuals using the WHOIS record information

  • Question 219:

    A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate?

    A. A buffer overflow attack has been attempted

    B. A buffer overflow attack has already occurred

    C. A firewall has been breached and this is logged

    D. An intrusion detection system has been triggered

    E. The system has crashed

  • Question 220:

    In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them: FIN = 1 SYN = 2 RST = 4

    PSH = 8 ACK = 16 URG = 32

    ECE = 64 CWR =128 Example: To calculate SYN/ACK flag decimal value, add 2 (which is the decimal value of the SYN flag) to

    16 (which is the decimal value of the ACK flag), so the result would be 18. Based on the above calculation, what is the decimal value for XMAS scan?

    A. 23

    B. 24

    C. 41

    D. 64

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.