New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CEH v12 312-50v12 Dumps PDF

Page: 8 / 43
Total 572 questions

Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Question 29

You are the chief cybersecurity officer at CloudSecure Inc., and your team is responsible for securing a cloudbased application that handles sensitive customer data. To ensure that the data is protected from breaches, you

have decided to implement encryption for both data-at-rest and data-in-transit. The development team suggests using SSL/TLS for securing data in transit. However, you want to also implement a mechanism to detect if the data was tampered with during transmission. Which of the following should you propose?

Options:

A.

Implement IPsec in addition to SSL/TLS.

B.

Qswitch to using SSH for data transmission.

C.

Use the cloud service provider's built-in encryption services.

D.

Encrypt data using the AES algorithm before transmission.

Question 30

Which rootkit is characterized by its function of adding code and/or replacing some of the operating-system kernel code to obscure a backdoor on a system?

Options:

A.

User-mode rootkit

B.

Library-level rootkit

C.

Kernel-level rootkit

D.

Hypervisor-level rootkit

Question 31

Louis, a professional hacker, had used specialized tools or search engines to encrypt all his browsing activity and navigate anonymously to obtain sensitive/hidden information about official government or federal databases. After gathering the Information, he successfully performed an attack on the target government organization without being traced. Which of the following techniques is described in the above scenario?

Options:

A.

Dark web footprinting

B.

VoIP footpnnting

C.

VPN footprinting

D.

website footprinting

Question 32

An ethical hacker is testing a web application of a financial firm. During the test, a 'Contact Us' form's input field is found to lack proper user input validation, indicating a potential Cross-Site Scripting (XSS) vulnerability. However, the application has a stringent Content Security Policy (CSP) disallowing inline scripts and scripts from external domains but permitting scripts from its own domain. What would be the hacker's next step to confirm the XSS vulnerability?

Options:

A.

Try to disable the CSP to bypass script restrictions

B.

Inject a benign script inline to the form to see if it executes

C.

Utilize a script hosted on the application's domain to test the form

D.

Load a script from an external domain to test the vulnerability

Page: 8 / 43
Total 572 questions