New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free 312-50v12 ECCouncil Updates

Page: 10 / 43
Total 572 questions

Certified Ethical Hacker Exam (CEHv12) Questions and Answers

Question 37

Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

Options:

A.

DNS zone walking

B.

DNS cache snooping

C.

DNS SEC zone walking

D.

DNS cache poisoning

Question 38

As an IT Security Analyst, you’ve been asked to review the security measures of an e-commerce website that relies on a SQL database for storing sensitive customer data. Recently, an anonymous tip has alerted you to a possible threat: a seasoned hacker who specializes in SQL Injection attacks may be targeting your system. The site already employs input validation measures to prevent basic injection attacks, and it blocks any user inputs containing suspicious patterns. However, this hacker is known to use advanced SQL Injection techniques. Given this situation, which of the following strategies would the hacker most likely adopt to bypass your security measures?

Options:

A.

The hacker could deploy an 'out-of-band' SQL Injection attack, extracting data via a different communication channel, such as DNS or HTTP requests

B.

The hacker may resort to a DDoS attack instead, attempting to crash the server and thus render the e commerce site unavailable

C.

The hacker may try to use SQL commands which are less known and less likely to be blocked by your system's security

D.

The hacker might employ a blind' SQL Injection attack, taking advantage of the application's true or false responses to extract data bit by bit

Question 39

What type of a vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Options:

A.

Session hijacking

B.

Server side request forgery

C.

Cross-site request forgery

D.

Cross-site scripting

Question 40

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Options:

A.

UDP Ping Scan

B.

lCMP ECHO Ping Scan

C.

ICMP Timestamp Ping Scan

D.

TCP SYN Ping Scan

Page: 10 / 43
Total 572 questions