← Back to exam page

312-50v11 Certified Ethical Hacker v11

Loading demo links...

Showing 13–15 of 15 questions

Question 13

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities.

Which phase of the vulnerability-management life cycle is David currently in?

Select an option, then click Submit answer.

  • Remediation

  • Verification

  • Risk assessment

  • Vulnerability scan
Question 14

Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchronous communication. This further allows the transmission of web-service requests and response messages using different TCP connections.

Which of the following attack techniques is used by Stella to compromise the web services?

Select an option, then click Submit answer.

  • Web services parsing attacks

  • WS-Address spoofing

  • SOAPAction spoofing

  • XML injection
Question 15

You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection System. What is the best approach?

Select an option, then click Submit answer.

  • Use Alternate Data Streams to hide the outgoing packets from this server.

  • Use HTTP so that all traffic can be routed vis a browser, thus evading the internal Intrusion Detection Systems.

  • Install Cryptcat and encrypt outgoing packets from this server.

  • Install and use Telnet to encrypt all outgoing traffic from this server.