ECCouncil 312-50v12 dumps are the best practice material for the CEH v12 exam

best practice material for the CEH v12 exam

ECCouncil 312-50v12 dumps are edited, reviewed, corrected, and participated in actual verification by a professional editorial team, meeting the practice materials for candidates CEH v12 exam!

Certified Ethical Hacker Exam (CEHv12) exam “312-50v12” needs to complete 125 practical test questions within 4 hours, ECCouncil 312-50v12 dumps contain 528 latest exam questions and answers, completely covering all exam questions!

Download ECCouncil 312-50v12 dumps:, as your practice material before the actual exam, to ensure that you pass the CEH v12 exam 100%.

Online practice ECCouncil 312-50v12 dumps 15/528 exam questions and answers

FromNumber of exam questionsType

Question 1:

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication.

A. 113

B. 69

C. 123

D. 161

Correct Answer: C The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

NTP is intended to synchronize all participating computers within a few milliseconds of Coordinated Universal Time (UTC).

It uses the intersection algorithm, a modified version of Marzullo\’s algorithm, to select accurate time servers and is designed to mitigate variable network latency effects.

NTP can usually maintain time to within tens of milliseconds over the public Internet and achieve better than one-millisecond accuracy in local area networks.

Asymmetric routes and network congestion can cause errors of 100 ms or more. The protocol is usually described in terms of a client-server model but can easily be used in peer-to-peer relationships where both peers consider the other to be a potential time source.

Implementations send and receive timestamps using the User Datagram Protocol (UDP) on port number 123.

Question 2:

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas.

Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes into work and finds out that the company will be downsizing and he will be out of a job in two weeks.

Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him.

What would Yancey be considered?

A. Yancey would be considered a Suicide Hacker

B. Since he does not care about going to jail, he would be considered a Black Hat

C. Because Yancey works for the company currently; he would be a White Hat

D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Correct Answer: A

Question 3:

What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files locally it\’s made on the premiers environment?

A. VCloud based

B. Honypot based

C. Behaviour based

D. Heuristics based

Correct Answer: A

Question 4:

You are a Network Security Officer. You have two machines. The first machine ( has snort installed, and the second machine ( has Kiwi Syslog installed.

You perform a syn scan in your network, and you notice that Kiwi Syslog is not receiving the alert message from Snort.

You decide to run Wireshark in the snort machine to check if the messages are going to the Kiwi Syslog machine.

What Wireshark filter will show the connections from the snort machine to Kiwi syslog machine?

A. tcp.srcport= = 514 andand ip.src= =

B. tcp.srcport= = 514 andand ip.src= = 192.168.150

C. tcp.dstport= = 514 andand ip.dst= =

D. tcp.dstport= = 514 andand ip.dst= =

Correct Answer: D

Question 5:

Nedved is an IT Security Manager at a bank in his country. One day. he found out that there is a security breach in his company\’s email server based on an analysis of a suspicious connection from the email server to an unknown IP Address.

What is the first thing that Nedved needs to do before contacting the incident response team?

A. Leave it as it Is and contact the incident response team right away

B. Block the connection to the suspicious IP Address from the firewall

C. Disconnect the email server from the network

D. Migrate the connection to the backup email server

Correct Answer: C

Question 6:

What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?




D. ISO/I EC 27001:2013

Correct Answer: C

Question 7:

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds-checking mechanism?


#include int main(){char buffer[8];

strcpy(buffer, “”11111111111111111111111111111″”);} Output: Segmentation fault

A. C#

B. Python

C. Java

D. C++

Correct Answer: D

Question 8:

Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it using asymmetric cryptography.

What key does Bob use to encrypt the checksum for accomplishing this goal?

A. Alice\’s private key

B. Alice\’s public key

C. His own private key

D. His own public key

Correct Answer: B

Question 9:

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours.

After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours.

A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours.

What protocol used on Linux servers to synchronize the time has stopped working?

A. Time Keeper




Correct Answer: B

Question 10:

You have the SOA presented below in your Zone.

Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that the zone is dead and stops responding to queries?, (200302028 3600 3600 604800 3600)

A. One day

B. One hour

C. One week

D. One month

Correct Answer: C

Question 11:

An unauthorized individual enters a building following an employee through the employee entrance after the lunch rush. What type of breach has the individual just performed?

A. Reverse Social Engineering

B. Tailgating

C. Piggybacking

D. Announced

Correct Answer: B

Identifying operating systems, services, protocols, and devices,

Collecting unencrypted information about usernames and passwords,

Capturing network traffic for further analysis are passive network sniffing method since with their help of them we only receive information and do not make any changes to the target network.

When modifying and replaying the captured network traffic, we are already starting to make changes and actively interact with it.

Question 12:

What would be the purpose of running “wget -q -S” against a web server?

A. Performing content enumeration on the webserver to discover hidden folders

B. Using wget to perform banner grabbing on the webserver

C. Flooding the web server with requests to perform a DoS attack

D. Downloading all the contents of the web page locally for further examination

Correct Answer: B

-q, –quiet quiet (no output) -S, –server-response print server response

Question 13:

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learned to use these tools in his lab and is now ready for real-world exploitation.

He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections.

The two remote ends of the communication never notice that Eric is relaying the information between the two. What would you call this attack?

A. Interceptor

B. Man-in-the-middle

C. ARP Proxy

D. Poisoning Attack

Correct Answer: B

Question 14:

in an attempt to increase the security of your network, you Implement a solution that will help keep your wireless network undiscoverable and accessible only to those that know It. How do you accomplish this?

A. Delete the wireless network

B. Remove all passwords

C. Lock all users

D. Disable SSID broadcasting

Correct Answer: D

The SSID (service set identifier) is the name of your wireless network. SSID broadcast is how your router transmits this name to surrounding devices. Its primary function is to make your network visible and easily accessible.

Most routers broadcast their SSIDs automatically. To disable or enable SSID broadcast, you need to change your router\’s settings.

Disabling SSID broadcast will make your Wi-FI network name invisible to other users. However, this only hides the name, not the network itself. You cannot disguise the router\’s activity, so hackers can still attack it.

With your network invisible to wireless devices, connecting becomes a bit more complicated. Just giving a Wi-FI password to your guests is no longer enough.

They have to configure their settings manually by including the network name, security mode, and other relevant info.

Disabling SSID might be a small step towards online security, but by no means should it be your final one. Before considering it as a security measure, consider the following aspects:

Disabling SSID broadcast will not hide your network completely Disabling SSID broadcast only hides the network name, not the fact that it exists.

Your router constantly transmits so-called beacon frames to announce the presence of a wireless network.

They contain essential information about the network and help the device connect.

Third-party software can easily trace a hidden network Programs such as NetStumbler or Kismet can easily locate hidden networks.

You can try using them yourself to see how easy it is to find available networks. hidden or not.

-You might attract unwanted attention.

Disabling your SSID broadcast could also raise suspicion. Most of us assume that when somebody hides something, they have a reason to do so. Thus, some hackers might be attracted to your network.

Question 15:

John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected to the target network that are using default credentials and are vulnerable to various hijacking attacks.

For this purpose, he used an automated tool to scan the target network for specific types of loT devices and detect whether they are using the default, factory-set credentials.

What is the tool employed by John in the above scenario?

A. loTSeeker

B. loT Inspector

C. ATandT loT Platform

D. Azure loT Central

Correct Answer: A


ECCouncil 312-50v12 dumps provide two practice formats: PDF and VCE, you can choose any learning method you are used to! Just download and use it!

ECCouncil 312-50v12 dumps contain 528 latest exam questions and answers as practice materials for candidates CEH v12 exam, confirmed to be true and effective! Download now! Prepare ahead of time to pass the exam successfully.