Home
Eccouncil
312-50: Certified Ethical Hacker v13 Dumps

Free Eccouncil 312-50 Exam Dumps June 2026

Here you can find all the free questions related with Eccouncil Certified Ethical Hacker v13 (312-50) exam. You can also find on this page links to recently updated premium files with which you can practice for actual Eccouncil Certified Ethical Hacker v13 Exam. These premium versions are provided as 312-50 exam practice tests, both as desktop software and browser based application, you can use whatever suits your style. Feel free to try the Certified Ethical Hacker v13 Exam premium files for free, Good luck with your Eccouncil Certified Ethical Hacker v13 Exam.

Question No: 1

MultipleChoice

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database.

< iframe src=''''http://www.vulnweb.com/updateif.php'''' style=''''display:none'''' > < /iframe >

What is this type of attack (that can use either HTTP GET or HTTP POST) called?

Options

ABrowser Hacking

BCross-Site Scripting

CSQL Injection

DCross-Site Request Forgery

Answer
DExplanation

https://book.hacktricks.xyz/pentesting-web/csrf-cross-site-request-forgery

Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform.

This is done by making a logged in user in the victim platform access an attacker controlled website and from there execute malicious JS code, send forms or retrieve 'images' to the victims account.

In order to be able to abuse a CSRF vulnerability you first need to find a relevant action to abuse (change password or email, make the victim follow you on a social network, give you more privileges...). The session must rely only on cookies or HTTP Basic Authentication header, any other header can't be used to handle the session. An finally, there shouldn't be unpredictable parameters on the request.

Several counter-measures could be in place to avoid this vulnerability. Common defenses:

- SameSite cookies:If the session cookie is using this flag, you may not be able to send the cookie from arbitrary web sites.

- Cross-origin resource sharing:Depending on which kind of HTTP request you need to perform to abuse the relevant action, you may take int account the CORS policy of the victim site. Note that the CORS policy won't affect if you just want to send a GET request or a POST request from a form and you don't need to read the response.

- Ask for the passworduser to authorise the action.

- Resolve a captcha

- Read the Referrer or Origin headers. If a regex is used it could be bypassed form example with:

http://mal.net?orig=http://example.com (ends with the url)

http://example.com.mal.net (starts with the url)

- Modify the name of the parametersof the Post or Get request

- Use a CSRF token in each session. This token has to be send inside the request to confirm the action. This token could be protected with CORS.

Question No: 2

MultipleChoice

You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies

would you recommend to them?

Options

AUse hash functions to distribute the keys.

Bimplement the Diffie-Hellman protocol for secure key exchange.

CUse HTTPS protocol for secure key transfer.

DUse digital signatures to encrypt the symmetric keys.
Explanation:
Symmetric encryption is a method of encrypting and decrypting data using the same secret key. Symmetric encryption is fast and efficient, but it requires a secure way of managing and distributing the keys to the users who need them. If the keys are compromised, the data is no longer secure.
One of the strategies to securely manage and distribute symmetric keys is to use HTTPS protocol for secure key transfer. HTTPS is a protocol that uses SSL/TLS to encrypt the communication between a client and a server over the Internet. HTTPS can protect the symmetric keys from being intercepted or modified by an attacker during the key transfer process. HTTPS can also authenticate the server and the client using certificates, ensuring that the keys are sent to and received by the intended parties.
To use HTTPS protocol for secure key transfer, the development team needs to implement the following steps1:
Generate a symmetric key for each user who wants to store their files on the cloud storage platform. The symmetric key will be used to encrypt and decrypt the user's files.
Generate a certificate for the cloud storage server. The certificate will contain the server's public key and other information, such as the server's domain name, the issuer, and the validity period. The certificate will be signed by a trusted certificate authority (CA), which is a third-party entity that verifies the identity and legitimacy of the server.
Install the certificate on the cloud storage server and configure the server to use HTTPS protocol for communication.
When a user wants to upload or download their files, the user's client (such as a web browser or an app) will initiate a HTTPS connection with the cloud storage server. The client will verify the server's certificate and establish a secure session with the server using SSL/TLS. The client and the server will negotiate a session key, which is a temporary symmetric key that will be used to encrypt the data exchanged during the session.
The cloud storage server will send the user's symmetric key to the user's client, encrypted with the session key. The user's client will decrypt the symmetric key with the session key and use it to encrypt or decrypt the user's files.
The user's client will store the symmetric key securely on the user's device, such as in a password-protected file or a hardware token. The user's client will also delete the session key after the session is over.
Using HTTPS protocol for secure key transfer can ensure that the symmetric keys are protected from eavesdropping, tampering, or spoofing attacks. However, this strategy also has some challenges and limitations, such as:
The development team needs to obtain and maintain valid certificates for the cloud storage server from a trusted CA, which might incur costs and administrative overhead.
The users need to trust the CA that issued the certificates for the cloud storage server and verify the certificates before accepting them.
The users need to protect their symmetric keys from being lost, stolen, or corrupted on their devices. The development team needs to provide a mechanism for key backup, recovery, or revocation in case of such events.
The users need to update their symmetric keys periodically to prevent key exhaustion or reuse attacks. The development team needs to provide a mechanism for key rotation or renewal in a secure and efficient manner.

Answer
CExplanation

Key Management - OWASP Cheat Sheet Series

Symmetric Cryptography & Key Management: Exhaustion, Rotation, Defence

What is Key Management? How does Key Management work? | Encryption Consulting

Question No: 3

MultipleChoice

John is an incident handler at a financial institution. His steps in a recent incident are not up to the standards of the company. John frequently forgets some steps and procedures while handling responses as they are very stressful to perform. Which option best actions should John take to overcome this problem with the least administrative effort?

Options

ACreate an incident checklist.

BSelect someone else to check the procedures.

CIncrease his technical skills.

DRead the incident manual every time it occurs.

Answer
C

Question No: 4

MultipleChoice

What does the --oX flag do in an Nmap scan?

Options

APerform an eXpress scan

BOutput the results in truncated format to the screen

COutput the results in XML format to a file

DPerform an Xmas scan

Answer
CExplanation

https://nmap.org/book/man-output.html

-oX <filespec> - Requests that XML output be directed to the given filename.

Incorrect answers:

Run an express scanhttps://nmap.org/book/man-port-specification.html

There is no express scan in Nmap, but there is a fast scan.

-F (Fast (limited port) scan)

Specifies that you wish to scan fewer ports than the default. Normally Nmap scans the most common 1,000 ports for each scanned protocol. With -F, this is reduced to 100.

Or we can influence the intensity (and speed) of the scan with the -T flag.https://nmap.org/book/man-performance.html

Output the results in truncated format to the screenhttps://nmap.org/book/man-output.html

-oG <filespec> (grepable output)

It is a simple format that lists each host on one line and can be trivially searched and parsed with standard Unix tools such as grep, awk, cut, sed, diff, and Perl.

Run a Xmas scanhttps://nmap.org/book/man-port-scanning-techniques.html

Xmas scan (-sX)

Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

Question No: 5

MultipleChoice

Which of the below hashing functions are not recommended for use?

Options

ASHA-1.ECC

BMD5, SHA-1

CSHA-2. SHA-3

DMD5. SHA-5

Answer
A

Question No: 6

MultipleChoice

Which of the following is the best countermeasure to encrypting ransomwares?

Options

AUse multiple antivirus softwares

BKeep some generation of off-line backup

CAnalyze the ransomware to get decryption key of encrypted data

DPay a ransom

Answer
B

Question No: 7

MultipleChoice

If an attacker uses the command SELECT*FROM user WHERE name = 'x' AND userid IS NULL; --'; which type of SQL injection attack is the attacker performing?

Options

AEnd of Line Comment

BUNION SQL Injection

CIllegal/Logically Incorrect Query

DTautology

Answer
D

Question No: 8

MultipleChoice

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

Options

ABotnet Attack

BSpear Phishing Attack

CAdvanced Persistent Threats

DRootkit Attack

Answer
A

Question No: 9

MultipleChoice

Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.

Options

Anmap -sn -sF 10.1.0.0/16 445

Bnmap -p 445 -n -T4 --open 10.1.0.0/16

Cnmap -s 445 -sU -T5 10.1.0.0/16

Dnmap -p 445 --max -Pn 10.1.0.0/16

Answer
B

Question No: 10

MultipleChoice

Darius is analysing IDS logs. During the investigation, he noticed that there was nothing suspicious found and an alert was triggered on normal web application traffic. He can mark this alert as:

Options

AFalse-Negative

BFalse-Positive

CTrue-Positive

DFalse-Signature

Answer
A

Question No: 11

MultipleChoice

A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

Options

ACredentialed assessment

BDatabase assessment

CHost-based assessment

DDistributed assessment

Answer
CExplanation

The host-based vulnerability assessment (VA) resolution arose from the auditors' got to periodically review systems. Arising before the net becoming common, these tools typically take an ''administrator's eye'' read of the setting by evaluating all of the knowledge that an administrator has at his or her disposal.

Uses

Host VA tools verify system configuration, user directories, file systems, registry settings, and all forms of other info on a number to gain information about it. Then, it evaluates the chance of compromise. it should also live compliance to a predefined company policy so as to satisfy an annual audit. With administrator access, the scans area unit less possible to disrupt traditional operations since the computer code has the access it has to see into the complete configuration of the system.

What it Measures Host

VA tools will examine the native configuration tables and registries to spot not solely apparent vulnerabilities, however additionally ''dormant'' vulnerabilities -- those weak or misconfigured systems and settings which will be exploited when an initial entry into the setting. Host VA solutions will assess the safety settings of a user account table; the access management lists related to sensitive files or data; and specific levels of trust applied to other systems. The host VA resolution will a lot of accurately verify the extent of the danger by determinant however way any specific exploit could also be ready to get.

Types of Vulnerability Assessment Host-based assessments are a type of security check that involve conducting a configuration-level check to identify system configurations, user directories, file systems, registry settings, and other parameters to evaluate the possibility of compromise. â€¨Host-based scanners assess systems to identify vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. (P.528/512)

Question No: 12

MultipleChoice

Attempting an injection attack on a web server based on responses to True/False question no : is called which of the following?

Options

ACompound SQLi

BBlind SQLi

CClassic SQLi

DDMS-specific SQLi

Answer
BExplanation

https://en.wikipedia.org/wiki/SQL_injection#Blind_SQL_injection

Blind SQL injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack has traditionally been considered time-intensive because a new statement needed to be crafted for each bit recovered, and depending on its structure, the attack may consist of many unsuccessful requests. Recent advancements have allowed each request to recover multiple bits, with no unsuccessful requests, allowing for more consistent and efficient extraction.

Question No: 13

MultipleChoice

Darius is analysing logs from IDS. He want to understand what have triggered one alert and verify if it's true positive or false positive. Looking at the logs he copy and paste basic details like below:

source IP: 192.168.21.100

source port: 80

destination IP: 192.168.10.23

destination port: 63221

What is the most proper answer.

Options

AThis is most probably true negative.

BThis is most probably true positive which triggered on secure communication between client and server.

CThis is most probably false-positive, because an alert triggered on reversed traffic.

DThis is most probably false-positive because IDS is monitoring one direction traffic.

Answer
A

Question No: 14

MultipleChoice

Analyst is investigating proxy logs and found out that one of the internal user visited website storing suspicious Java scripts. After opening one of them, he noticed that it is very hard to understand the code and that all codes differ from the typical Java script. What is the name of this technique to hide the code and extend analysis time?

Options

AEncryption

BCode encoding

CObfuscation

DSteganography

Answer
A

Question No: 15

MultipleChoice

What does the -oX flag do in an Nmap scan?

Options

APerform an express scan

BOutput the results in truncated format to the screen

CPerform an Xmas scan

DOutput the results in XML format to a file

Answer
D

Question No: 16

MultipleChoice

DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switches leverages the DHCP snooping database to help prevent man-in-the-middle attacks?

Options

APort security

BA Layer 2 Attack Prevention Protocol (LAPP)

CDynamic ARP inspection (DAI)

DSpanning tree

Answer
C

Question No: 17

MultipleChoice

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

Options

Atcp.port != 21

Btcp.port = 23

Ctcp.port ==21

Dtcp.port ==21 || tcp.port ==22

Answer
D

Question No: 18

MultipleChoice

During the process of encryption and decryption, what keys are shared?

Options

APrivate keys

BUser passwords

CPublic keys

DPublic and private keys

Answer
C

Question No: 19

MultipleChoice

Your business has decided to add credit card numbers to the data it backs up to tape. Which of the

following represents the best practice your business should observe?

Options

AHire a security consultant to provide direction.

BDo not back up cither the credit card numbers or then hashes.

CBack up the hashes of the credit card numbers not the actual credit card numbers.

DEncrypt backup tapes that are sent off-site.

Answer
A

Question No: 20

MultipleChoice

Developers at your company are creating a web application which will be available for use by anyone on the Internet, The developers have taken the approach of implementing a Three-Tier Architecture for the web application. The developers are now asking you which network should the Presentation Tier (front- end web server) be placed in?

Options

Aisolated vlan network

BMesh network

CDMZ network

DInternal network

Answer
A

Limited Time Offer

25%

Off

Get Premium 312-50 Questions as Interactive Web-Based Practice Test or PDF