New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CEH v11 312-50v11 Reddit Questions

Page: 24 / 39
Question 96

Scenario: Joe turns on his home computer to access personal online banking. When he enters the URL the website is displayed, but it prompts him to re-enter his credentials as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options:

A.

Dos attack

B.

DHCP spoofing

C.

ARP cache poisoning

D.

DNS hijacking

Question 97

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

Options:

A.

Protocol analyzer

B.

Network sniffer

C.

Intrusion Prevention System (IPS)

D.

Vulnerability scanner

Question 98

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1 -

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

Options:

A.

select * from Users where UserName = ‘attack’ ’ or 1=1 -- and UserPassword = ‘123456’

B.

select * from Users where UserName = ‘attack’ or 1=1 -- and UserPassword = ‘123456’

C.

select * from Users where UserName = ‘attack or 1=1 -- and UserPassword = ‘123456’

D.

select * from Users where UserName = ‘attack’ or 1=1 --’ and UserPassword = ‘123456’

Question 99

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options:

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers

Page: 24 / 39
Exam Code: 312-50v11
Exam Name: Certified Ethical Hacker Exam (CEH v11)
Last Update: Dec 22, 2024
Questions: 528
312-50v11 pdf

312-50v11 PDF

$25.5  $84.99
312-50v11 Engine

312-50v11 Testing Engine

$28.5  $94.99
312-50v11 PDF + Engine

312-50v11 PDF + Testing Engine

$40.5  $134.99