1. Home
  2. EC-COUNCIL
  3. 312-50V9

EC-Council Certified Ethical Hacker (C|EH v9)

Exam Details

  • Exam Code
    :312-50V9
  • Exam Name
    :EC-Council Certified Ethical Hacker (C|EH v9)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :614 Q&As
  • Last Updated
    :Apr 14, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-50V9 Questions & Answers

  • Question 251:

    By using a smart card and pin, you are using a two-factor authentication that satisfies

    A. Something you know and something you are

    B. Something you have and something you know

    C. Something you have and something you are

    D. Something you are and something you remember

  • Question 252:

    What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

    A. User Access Control (UAC)

    B. Data Execution Prevention (DEP)

    C. Address Space Layout Randomization (ASLR)

    D. Windows firewall

  • Question 253:

    An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.

    In which order should he perform these steps?

    A. The sequence does not matter. Both steps have to be performed against all hosts.

    B. First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.

    C. First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.

    D. The port scan alone is adequate. This way he saves time.

  • Question 254:

    Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

    A. Network-based intrusion detection system (NIDS)

    B. Host-based intrusion detection system (HIDS)

    C. Firewalls

    D. Honeypots

  • Question 255:

    What is not a PCI compliance recommendation?

    A. Limit access to card holder data to as few individuals as possible.

    B. Use encryption to protect all transmission of card holder data over any public network.

    C. Rotate employees handling credit card transactions on a yearly basis to different departments.

    D. Use a firewall between the public network and the payment card data.

  • Question 256:

    What is correct about digital signatures?

    A. A digital signature cannot be moved from one signed document to another because it is the hash of the original document encrypted with the private key of the signing party.

    B. Digital signatures may be used in different documents of the same type.

    C. A digital signature cannot be moved from one signed document to another because it is a plain hash of the document content.

    D. Digital signatures are issued once for each user and can be used everywhere until they expire.

  • Question 257:

    If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

    A. Spoof Scan

    B. TCP Connect scan

    C. TCP SYN

    D. Idle Scan

  • Question 258:

    What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

    A. Security through obscurity

    B. Host-Based Intrusion Detection System

    C. Defense in depth

    D. Network-Based Intrusion Detection System

  • Question 259:

    Scenario:

    1.

    Victim opens the attacker's web site.

    2.

    Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make

    $1000 in a day?'.

    3.

    Victim clicks to the interesting and attractive content url.

    4.

    Attacker creates a transparent 'iframe' in front of the url which victim attempt to click, so victim thinks

    that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content

    or url that exists in the transparent 'iframe' which is setup by the attacker.

    What is the name of the attack which is mentioned in the scenario?

    A. HTTP Parameter Pollution

    B. HTML Injection

    C. Session Fixation

    D. ClickJacking Attack

  • Question 260:

    Look at the following output. What did the hacker accomplish?

    A. The hacker used whois to gather publicly available records for the domain.

    B. The hacker used the "fierce" tool to brute force the list of available domains.

    C. The hacker listed DNS records on his own domain.

    D. The hacker successfully transfered the zone and enumerated the hosts.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V9 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.