312-50V12 dumps are upgraded to the latest version, including 528 latest exam questions and answers, reviewed by the EC-COUNCIL professional team, and confirmed that they can be used as preparation materials for the “Certified Ethical Hacker Exam (CEHv12)” certification exam!

Candidates are free to choose PDF or VCE tools to download the latest 312-50V12 dumps: https://www.pass4itsure.com/312-50v12.html because they all contain the latest exam questions and answers!

Share some latest 312-50V12 dumps exam questions online for free

FromNumber of exam questionsRelevant
Question 1:

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon review, he finds that user data have been exfiltrated by an attacker.

AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs, what type of malware did the attacker use to bypass the company\’s application whitelisting?

A. Phishing malware

B. Zero-day malware

C. File-less malware

D. Logic bomb malware

Correct Answer: C


Question 2:

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials.

Later, Calvin uses this information to perform social engineering.

Which of the following design flaws in the authentication mechanism is exploited by Calvin?

A. Insecure transmission of credentials

B. Verbose failure messages

C. User impersonation

D. Password reset mechanism

Correct Answer: D

Question 3:

Alice, a professional hacker, targeted an organization\’s cloud services. She infiltrated the target’s MSP provider by sending spear-phishing emails and distributing custom-made malware to compromise user accounts and gain remote access to the cloud service.

Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP.

Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

A. Cloud hopper attack

B. Cloud cryptojacking

C. Cloudborne attack

D. Man-in-the-cloud (MITC) attack

Correct Answer: A

Operation Cloud Hopper was an in-depth attack and theft of data in 2017 directed at MSP within the UK (U.K.), us (U.S.), Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa, India, Thailand, South Korea, and Australia.

The group used MSP as intermediaries to accumulate assets and trade secrets from MSP client engineering, MSP industrial manufacturing, retail, energy, pharmaceuticals, telecommunications, and government agencies.

Operation Cloud Hopper used over 70 variants of backdoors, malware, and trojans. These were delivered through spear-phishing emails.

The attacks scheduled tasks or leveraged services/utilities to continue Microsoft Windows systems albeit the pc system was rebooted. It installed malware and hacking tools to access systems and steal data.

Question 4:

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and whether any firewall rule sets are encountered.

John decided to perform a TCP SYN ping scan on the target network.

Which of the following Nmap commands must John use to perform the TCP SVN ping scan?

A. nmap -sn -pp < target IP address >

B. nmap -sn -PO < target IP address >

C. Anmap -sn -PS < target IP address >

D. nmap -sn -PA < target IP address >

Correct Answer: C

Question 5:

While testing a web application in development, you notice that the web server does not properly ignore the “dot slash” (../) character string and instead returns the file listing of a folder structure of the server.

What kind of attack is possible in this scenario?

A. Cross-site scripting

B. Denial of service

C. SQL injection

D. Directory traversal

Correct Answer: D

Appropriately controlling admittance to web content is significant for running a safe web worker. Index crossing or Path Traversal is an HTTP assault that permits aggressors to get to limited catalogs and execute orders outside of the web worker\’s root registry.

Web workers give two primary degrees of security instruments Access Control Lists (ACLs)

Root index An Access Control List is utilized in the approval cycle. It is a rundown that the web worker\’s manager uses to show which clients or gatherings can get to, change, or execute specific records on the worker, just as other access rights.

The root registry is a particular index on the worker record framework in which the clients are kept. Clients can’t get to anything over this root.

For instance: the default root registry of IIS on Windows is C:\Inetpub\wwwroot and with this arrangement, a client doesn\’t approach C:\Windows yet approaches C:\Inetpub\wwwroot\news and some other indexes and documents under the root catalog (given that the client is confirmed by means of the ACLs).

The root index keeps clients from getting to any documents on the worker, for example, C:\WINDOWS/system32/win.ini on Windows stages and the/and so on/passwd record on Linux/UNIX stages.

This weakness can exist either in the web worker programming itself or in the web application code.

To play out a registry crossing assault, all an assailant requires is an internet browser and some information on where to aimlessly discover any default documents and registries on the framework.

What an assailant can do if your site is defenseless with a framework defenseless against index crossing, an aggressor can utilize this weakness to venture out of the root catalog and access different pieces of the record framework.

This may enable the assailant to see confined documents, which could give the aggressor more data needed to additional trade off the framework.

Contingent upon how the site access is set up, the aggressor will execute orders by mimicking himself as the client which is related to “the site”.

Along these lines, everything relies upon what the site client has been offered admittance to in the framework. Illustration of a Directory Traversal assault by means of Web application code web applications with dynamic pages, input is generally gotten from programs through GET or POST solicitation techniques.

Here is an illustration of an HTTP GET demand URL GET http://test.webarticles.com/show.asp?view=oldarchive.html HTTP/1.1 Host: test.webarticles.com With this URL, the browser requests the dynamic page show. asp from the server and with it also sends the parameter view with the value of oldarchive.html.

When this request is executed on the web server, show.asp retrieves the file oldarchive.html from the server\’s file system, renders it, and then sends it back to the browser which displays it to the user.

The attacker would assume that show. asp can retrieve files from the file system and sends the following custom URL. GET http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini HTTP/1.1 Host: test.webarticles.com This will cause the dynamic page to retrieve the file system.ini from the file system and display it to the user.

The expression ../ instructs the system to go one directory up which is commonly used as an operating system directive.

The attacker has to guess how many directories he has to go up to find the Windows folder on the system, but this is easily done by trial and error. Example of a Directory Traversal attack via web server apart from vulnerabilities in the code, even the web server itself can be open to directory traversal attacks.

The problem can either be incorporated into the web server software or inside some sample script files left available on the server.

The vulnerability has been fixed in the latest versions of web server software, but there are web servers online that are still using older versions of IIS and Apache which might be open to directory traversal attacks.

Even though you might be using a web server software version that has fixed this vulnerability, you might still have some sensitive default script directories exposed which are well-known to hackers.

For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute command can be GET http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\ HTTP/1.1 Host: server.com The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe command shell file and run the command dir c:\ in the shell.

The %5c expression that is in the URL request is a web server escape code that is used to represent normal characters. In this case %5c represents the character \.

Newer versions of modern web server software check for these escape codes and do not let them through. Some older versions, however, do not filter out these codes in the root directory enforcer and will let the attackers execute such commands.

Question 6:

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ.

The employee of CompanyXYZ is aware of your test. Your email message looks like this: From: [email protected] To: [email protected] Subject: Test message Date: 4/3/2017 14:37 The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZ\’s email gateway doesn’t prevent what?

A. Email Masquerading

B. Email Harvesting

C. Email Phishing

D. Email Spoofing

Correct Answer: D

Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source.

Because core email protocols do not have a built-in method of authentication, it is common for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message.

The ultimate goal of email spoofing is to get recipients to open, and possibly even respond to a solicitation. Although the spoofed messages are usually just a nuisance requiring little action besides removal, the more malicious varieties can cause significant problems and sometimes pose a real security threat.

Question 7:

Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

A. ACK flag probe scanning

B. ICMP Echo scanning

C. SYN/FIN scanning using IP fragments

D. IPID scanning

Correct Answer: C

SYN/FIN scanning using IP fragments is a process of scanning that was developed to avoid false positives generated by other scans because of a packet filtering device on the target system.

The TCP header splits into several packets to evade the packet filter. For any transmission, every TCP header must have the source and destination port for the initial packet (8-octet, 64-bit).

The initialized flags in the next packet allow the remote host to reassemble the packets upon receipt via an Internet protocol module that detects the fragmented data packets using field-equivalent values of the source, destination, protocol, and identification.

Question 8:

Susan has attached to her company\’s network. She has managed to synchronize her boss\’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to, and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

A. A sniffing attack

B. A spoofing attack

C. A man in the middle attack

D. A denial of service attack

Correct Answer: C

Question 9:

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected.

After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

A. Timing-based attack

B. Side-channel attack

C. Downgrade security attack

D. Cache-based attack

Correct Answer: B

Question 10:


  1. The victim opens the attacker\’s website.
  2. The attacker sets up a website that contains interesting and attractive content like \’ Do you want to make $1000 in a day?\’.
  3. The victim clicks on the interesting and attractive content URL.
  4. The attacker creates a transparent \’ iframe\’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks to the \’Do you want to make $1000 in a day?\’ URL but actually he/she clicks on the content or URL that exists in the transparent \’iframe\’ which is set up by the attacker.

What is the name of the attack which is mentioned in the scenario?

A. Session Fixation

B. HTML Injection

C. HTTP Parameter Pollution

D. Clickjacking Attack

Correct Answer: D

https://en.wikipedia.org/wiki/Clickjacking Clickjacking is an attack that tricks a user into clicking a webpage element that is invisible or disguised as another element.

This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees.

The user believes they are clicking the visible page but in fact, they are clicking an invisible element in the additional page transposed on top of it.

Question 11:

Why should the security analyst disable/remove unnecessary ISAPI filters?

A. To defend against social engineering attacks

B. To defend against webserver attacks

C. To defend against jailbreaking

D. To defend against wireless attacks

Correct Answer: B

Question 12:

Which of the following describes the characteristics of a Boot Sector Virus?

A. Modifies directory table entries so that directory entries point to the virus code instead of the actual program.

B. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR.

C. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR.

D. Overwrites the original MBR and only executes the new virus code.

Correct Answer: C

Question 13:

Garry is a network administrator in an organization. He uses SNMP to manage networked devices from a remote location.

To manage nodes in the network, he uses MIB. which contains formal descriptions of all network objects managed by SNMP.

He accesses the contents of MIB by using a web browser or by entering the IP address and L-series. MLB or by entering the DNS library name and L-series. MLB. He is currently retrieving information from an MIB that contains object types for workstations and server services.

Which of the following types of MIB is accessed by Garry in the above scenario?





Correct Answer: A

DHCP.MIB: Monitors network traffic between DHCP servers and remote hosts HOSTMIB.MIB: Monitors and manages host resources

LNMIB2.MIB: Contains object types for workstation and server services MIBJI.MIB: Manages TCP/IP-based Internet using a simple architecture and system WINS.MIB: For the Windows Internet Name Service (WINS)

Question 14:

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.

If these switches\’ ARP cache is successfully flooded, what will be the result?

A. The switches will drop into hub mode if the ARP cache is successfully flooded.

B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D. The switches will route all traffic to the broadcast address that created collisions.

Correct Answer: A

Question 15:

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator\’s Computer to update the router configuration. What type of alert is this?

A. False negative

B. True negative

C. True positive

D. False positive

Correct Answer: D

True Positive IDS refers a behavior as an attack, in real life it is True Negative IDS referring a behavior not an attack and in real life it is not False Positive IDS referring a behavior as an attack, in real life, it is not False Negative IDS referring a behavior, not an attack, but in real life is an attack.

False Negative – is the most serious and dangerous state of all !!!!

The latest 312-50V12 dumps contain 528 latest exam questions and answers, the best preparation material for the “Certified Ethical Hacker Exam (CEHv12)” exam! Fully in line with the actual scene test conditions!

Candidates only need to download 312-50V12 dumps: https://www.pass4itsure.com/312-50v12.html, use PDF or PDF to help you practice all exam questions, and ensure that you pass the exam 100% successfully.