Download ECCouncil.312-50v10.ActualTests.2018-12-01.96q.tqb
| Vendor: | ECCouncil |
| Exam Code: | 312-50v10 |
| Exam Name: | Certified Ethical Hacker v10 Exam |
| Date: | Dec 01, 2018 |
| File Size: | 475 KB |
Demo Questions
Question 1
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key.
Suppose a malicious user Rob tries to get access to the account of a benign user Ned.
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
- “GET/restricted/goldtransfer?to=Rob&from=1 or 1=1’ HTTP/1.1Host: westbank.com”
- “GET/restricted/accounts/?name=Ned HTTP/1.1 Host: westbank.com”
- “GET/restricted/bank.getaccount(‘Ned’) HTTP/1.1 Host: westbank.com”
- “GET/restricted/\r\n\%00account%00Ned%00access HTTP/1.1 Host: westbank.com”
Correct answer: B
Question 2
Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?
- Metasploit
- Cain & Abel
- Maltego
- Wireshark
Correct answer: C
Explanation:
Question 3
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission.
Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?
- White Hat
- Suicide Hacker
- Gray Hat
- Black Hat
Correct answer: C
