Curious about Actual Eccouncil CEH (312-50) Exam Questions?

Here are sample Eccouncil Certified Ethical Hacker v12 (312-50) Exam questions from real exam. You can get more Eccouncil CEH (312-50) Exam premium practice questions at TestInsights.

Page: 1 /
Total 573 questions
Question 1

You are the chief security officer at AlphaTech, a tech company that specializes in data storage solutions. Your company is developing a new cloud storage platform where users can store their personal files. To ensure data security, the development team is proposing to use symmetric encryption for data at rest. However, they are unsure of how to securely manage and distribute the symmetric keys to users. Which of the following strategies

would you recommend to them?


Correct : C

Symmetric encryption is a method of encrypting and decrypting data using the same secret key. Symmetric encryption is fast and efficient, but it requires a secure way of managing and distributing the keys to the users who need them. If the keys are compromised, the data is no longer secure.

One of the strategies to securely manage and distribute symmetric keys is to use HTTPS protocol for secure key transfer. HTTPS is a protocol that uses SSL/TLS to encrypt the communication between a client and a server over the Internet. HTTPS can protect the symmetric keys from being intercepted or modified by an attacker during the key transfer process. HTTPS can also authenticate the server and the client using certificates, ensuring that the keys are sent to and received by the intended parties.

To use HTTPS protocol for secure key transfer, the development team needs to implement the following steps1:

Generate a symmetric key for each user who wants to store their files on the cloud storage platform. The symmetric key will be used to encrypt and decrypt the user's files.

Generate a certificate for the cloud storage server. The certificate will contain the server's public key and other information, such as the server's domain name, the issuer, and the validity period. The certificate will be signed by a trusted certificate authority (CA), which is a third-party entity that verifies the identity and legitimacy of the server.

Install the certificate on the cloud storage server and configure the server to use HTTPS protocol for communication.

When a user wants to upload or download their files, the user's client (such as a web browser or an app) will initiate a HTTPS connection with the cloud storage server. The client will verify the server's certificate and establish a secure session with the server using SSL/TLS. The client and the server will negotiate a session key, which is a temporary symmetric key that will be used to encrypt the data exchanged during the session.

The cloud storage server will send the user's symmetric key to the user's client, encrypted with the session key. The user's client will decrypt the symmetric key with the session key and use it to encrypt or decrypt the user's files.

The user's client will store the symmetric key securely on the user's device, such as in a password-protected file or a hardware token. The user's client will also delete the session key after the session is over.

Using HTTPS protocol for secure key transfer can ensure that the symmetric keys are protected from eavesdropping, tampering, or spoofing attacks. However, this strategy also has some challenges and limitations, such as:

The development team needs to obtain and maintain valid certificates for the cloud storage server from a trusted CA, which might incur costs and administrative overhead.

The users need to trust the CA that issued the certificates for the cloud storage server and verify the certificates before accepting them.

The users need to protect their symmetric keys from being lost, stolen, or corrupted on their devices. The development team needs to provide a mechanism for key backup, recovery, or revocation in case of such events.

The users need to update their symmetric keys periodically to prevent key exhaustion or reuse attacks. The development team needs to provide a mechanism for key rotation or renewal in a secure and efficient manner.


Key Management - OWASP Cheat Sheet Series

Symmetric Cryptography & Key Management: Exhaustion, Rotation, Defence

What is Key Management? How does Key Management work? | Encryption Consulting

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

A penetration tester is performing an enumeration on a client's network. The tester has acquired permission to perform enumeration activities. They have identified a remote inter-process communication (IPC) share and are trying to collect more information about it. The tester decides to use a common enumeration technique to collect the desired dat

a. Which of the following techniques would be most appropriate for this scenario?


Correct : B

Probing the IPC share by attempting to brute force admin credentials is the most appropriate technique for this scenario, because it can reveal valuable information about the target system, such as its operating system, services, users, groups, and shares. An IPC share is a special share that allows processes to communicate with each other over the network using named pipes. An IPC share can be accessed anonymously or with valid credentials, depending on the security configuration of the target system. A brute force attack is a method of trying different combinations of usernames and passwords until a valid pair is found. By using a brute force attack, the tester can try to access the IPC share with admin credentials, which can grant them more privileges and access to more resources on the target system.

The other options are less suitable or effective techniques for this scenario. Brute forcing Active Directory may not be relevant or feasible, as the target system may not be part of a domain or may have strong password policies. Extracting usernames using email IDs may not provide enough information or access to the target system, as email IDs may not match the usernames or passwords. Conducting a DNS zone transfer may not be possible or useful, as the target system may not be a DNS server or may have restricted zone transfers. A DNS zone transfer is a method of obtaining information about the domain names and IP addresses of the hosts in a network by querying a DNS server.Reference:

Inter-process communication - Wikipedia

IPC$ share and null session behavior - Windows Server

Brute Force Attack: Definition, Examples, and Prevention

DNS Zone Transfer: Definition, Types, and Examples


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

You are a cybersecurity consultant for a healthcare organization that utilizes Internet of Medical Things (loMT) devices, such as connected insulin pumps and heart rate monitors, to provide improved patientcare. Recently, the organization has been targeted by ransomware attacks. While the IT infrastructure was unaffected due to robust security measures, they are worried that the loMT devices could be potential entry points for future

attacks. What would be your main recommendation to protect these devices from such threats?


Correct : C

Internet of Medical Things (IoMT) devices are internet-connected medical devices that can collect, transfer, and analyze data over a network. They can provide improved patient care and comfort, but they also pose security challenges and risks, as they can be targeted by cyberattacks, such as ransomware, that can compromise their functionality, integrity, or confidentiality. Ransomware is a type of malware that encrypts the victim's data or system and demands a ransom for its decryption or restoration. Ransomware attacks can cause serious harm to healthcare organizations, as they can disrupt their operations, endanger their patients, and damage their reputation.

To protect IoMT devices from ransomware attacks, the main recommendation is to use network segmentation to isolate IoMT devices from the main network. Network segmentation is a technique that divides a network into smaller subnetworks, each with its own security policies and controls. Network segmentation can prevent or limit the spread of ransomware from one subnetwork to another, as it restricts the communication and access between them. Network segmentation can also improve the performance, visibility, and manageability of the network, as it reduces the network congestion, complexity, and noise.

The other options are not as effective or feasible as network segmentation. Implementing multi-factor authentication for all IoMT devices may not be possible or practical, as some IoMT devices may not support or require user authentication, such as sensors or monitors. Disabling all wireless connectivity on IoMT devices may not be desirable or realistic, as some IoMT devices rely on wireless communication protocols, such as Wi-Fi, Bluetooth, or Zigbee, to function or transmit data. Regularly changing the IP addresses of all IoMT devices may not prevent or deter ransomware attacks, as ransomware can target devices based on other factors, such as their domain names, MAC addresses, or vulnerabilities.Reference:

What Is Internet of Medical Things (IoMT) Security?

5 Steps to Secure Internet of Medical Things Devices

Ransomware in Healthcare: How to Protect Your Organization

[Network Segmentation: Definition, Benefits, and Best Practices]


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

As a cybersecurity consultant for SafePath Corp, you have been tasked with implementing a system for secure email communication. The key requirement is to ensure both confidentiality and non-repudiation. While considering various encryption methods, you are inclined towards using a combination of symmetric and asymmetric cryptography. However, you are unsure which cryptographic technique would best serve the purpose. Which of the following options would you choose to meet these requirements?


Correct : D

To ensure both confidentiality and non-repudiation for secure email communication, you need to use a combination of symmetric and asymmetric cryptography. Symmetric encryption is a method of encrypting and decrypting data using the same secret key, which is faster and more efficient than asymmetric encryption. Asymmetric encryption is a method of encrypting and decrypting data using a pair of keys: a public key and a private key, which are mathematically related but not identical. Asymmetric encryption can provide authentication, integrity, and non-repudiation, as well as key distribution.

The cryptographic technique that would best serve the purpose is to apply asymmetric encryption with RSA and use the private key for signing. RSA is a widely used algorithm for asymmetric encryption, which is based on the difficulty of factoring large numbers. RSA can be used to encrypt data, as well as to generate digital signatures, which are a way of proving the identity and authenticity of the sender and the integrity of the message.

The steps to implement this technique are as follows1:

Generate a pair of keys for each user: a public key and a private key. The public key can be shared with anyone, while the private key must be kept secret and protected by the user.

When a user wants to send an email to another user, they first encrypt the email content with a symmetric key, such as AES, which is a strong and efficient algorithm for symmetric encryption. The symmetric key is then encrypted with the recipient's public key, using RSA. The encrypted email and the encrypted symmetric key are then sent to the recipient.

The sender also generates a digital signature for the email, using their private key and a hash function, such as SHA-256, which is a secure and widely used algorithm for generating hashes. A hash function is a mathematical function that takes any input and produces a fixed-length output, called a hash or a digest, that uniquely represents the input. A digital signature is a hash of the email that is encrypted with the sender's private key, using RSA. The digital signature is then attached to the email and sent to the recipient.

When the recipient receives the email, they first decrypt the symmetric key with their private key, using RSA. They then use the symmetric key to decrypt the email content, using AES. They also verify the digital signature by decrypting it with the sender's public key, using RSA, and comparing the resulting hash with the hash of the email, using the same hash function. If the hashes match, it means that the email is authentic and has not been tampered with.

Using this technique, the email communication is secure because:

The confidentiality of the email content is ensured by the symmetric encryption with AES, which is hard to break without knowing the symmetric key.

The symmetric key is also protected by the asymmetric encryption with RSA, which is hard to break without knowing the recipient's private key.

The non-repudiation of the email is ensured by the digital signature with RSA, which is hard to forge without knowing the sender's private key.

The digital signature also provides authentication and integrity of the email, as it proves that the email was sent by the sender and has not been altered in transit.


How to Encrypt Email (Gmail, Outlook, iOS, Yahoo, Android, AOL)

Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

An ethical hacker has been tasked with assessing the security of a major corporation's network. She suspects the network uses default SNMP community strings. To exploit this, she plans to extract valuable network information using SNMP enumeration. Which tool could best help her to get the information without directly modifying any parameters within the SNMP agent's management information base (MIB)?


Correct : A

snmp-check (snmp_enum Module) is the best tool to help the ethical hacker to get the information without directly modifying any parameters within the SNMP agent's MIB. snmp-check is a tool that allows the user to enumerate SNMP devices and extract information from them. It can gather a wide array of information about the target, such as system information, network interfaces, routing tables, ARP cache, installed software, running processes, TCP and UDP services, user accounts, and more. snmp-check can also perform brute force attacks to discover the SNMP community strings, which are the passwords used to access the SNMP agent. snmp-check is available as a standalone tool or as a module (snmp_enum) within the Metasploit framework.

The other options are not as effective or suitable as snmp-check for the ethical hacker's task. Nmap is a network scanning and enumeration tool that can perform various types of scans and probes on the target. It can also run scripts to perform specific tasks, such as retrieving SNMP information. However, Nmap may not be able to gather as much information as snmp-check, and it may also trigger alerts or blocks from firewalls or intrusion detection systems. Oputils is a network monitoring and management toolset that can perform various functions, such as device discovery, configuration backup, bandwidth monitoring, IP address management, and more. However, Oputils is mainly designed for device management and not SNMP enumeration, and it may not be able to extract valuable network information from the SNMP agent. SnmpWalk is a tool that allows the user to retrieve the entire MIB tree of an SNMP agent by using SNMP GETNEXT requests. However, SnmpWalk is not suitable for the ethical hacker's task, because it requires the user to change an OID (object identifier) to a different value, which may modify the parameters within the SNMP agent's MIB and affect its functionality or security.Reference:

snmp-check - The SNMP enumerator

SNMP Enumeration | Ethical Hacking - GreyCampus

SNMP Enumeration - GeeksforGeeks

Nmap - the Network Mapper - Free Security Scanner

OpUtils - Network Monitoring & Management Toolset

SnmpWalk - SNMP MIB Browser


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 115   
Total 573 questions