1. Home
  2. EC-COUNCIL
  3. 312-50V8

Certified Ethical Hacker v8

Exam Details

  • Exam Code
    :312-50V8
  • Exam Name
    :Certified Ethical Hacker v8
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :1008 Q&As
  • Last Updated
    :Apr 15, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-50V8 Questions & Answers

  • Question 401:

    While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web sitE.

    Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text:

    "Testing Testing Testing".

    Which vulnerability has been detected in the web application?

    A. Buffer overflow

    B. Cross-site request forgery

    C. Distributed denial of service

    D. Cross-site scripting

  • Question 402:

    A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input fielD. IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"

    When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

    Which web applications vulnerability did the analyst discover?

    A. Cross-site request forgery

    B. Command injection

    C. Cross-site scripting

    D. SQL injection

  • Question 403:

    Which type of scan is used on the eye to measure the layer of blood vessels?

    A. Facial recognition scan

    B. Retinal scan

    C. Iris scan

    D. Signature kinetics scan

  • Question 404:

    To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

    A. Harvesting

    B. Windowing

    C. Hardening

    D. Stealthing

  • Question 405:

    While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model.

    Which type of firewall is the tester trying to traverse?

    A. Packet filtering firewall

    B. Application-level firewall

    C. Circuit-level gateway firewall

    D. Stateful multilayer inspection firewall

  • Question 406:

    A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

    The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT DatE. Mon, 16 Jan 2011 01:41:33 GMT

    Content-TypE. text/html Accept-Ranges: bytes Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT ETaG. "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?

    A. Cross-site scripting

    B. Banner grabbing

    C. SQL injection

    D. Whois database query

  • Question 407:

    Which of the following items is unique to the N-tier architecture method of designing software applications?

    A. Application layers can be separated,allowing each layer to be upgraded independently from other layers.

    B. It is compatible with various databases including Access,Oracle,and SQL.

    C. Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

    D. Application layers can be written in C,ASP.NET,or Delphi without any performance loss.

  • Question 408:

    To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

    A. Recipient's private key

    B. Recipient's public key

    C. Master encryption key

    D. Sender's public key

  • Question 409:

    An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this.

    What is the mostly likely way the attacker has been able to modify the purchase price?

    A. By using SQL injection

    B. By changing hidden form values

    C. By using cross site scripting

    D. By utilizing a buffer overflow attack

  • Question 410:

    After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

    A. SHA1

    B. Diffie-Helman

    C. RSA

    D. AES

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.