Latest ECCouncil 312-50v8 Real Exam Download 381-390



A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application’s search form and introduces the following code in the search input fielD.

IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"

When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?


A. Cross-site request forgery

B. Command injection

C. Cross-site scripting

D. SQL injection


Answer: C 




While testing the company’s web applications, a tester attempts to insert the following test script into the search area on the company’s web sitE.

<script>alert(" Testing Testing Testing ")</script>

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability.has been.detected in the web application?


A. Buffer overflow

B. Cross-site request forgery

C. Distributed denial of service

D. Cross-site scripting


Answer: D 




A hacker was able to sniff packets on a company’s wireless network. The following information was discovereD.

The Key.10110010 01001011

The Cyphertext 01100101 01011010

Using the Exlcusive OR, what was the original message?


A. 00101000 11101110

B. 11010111 00010001

C. 00001101 10100100

D. 11110010 01011011


Answer: B 




International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining


A. guidelines and practices for security controls.

B. financial soundness and business viability metrics.

C. standard best practice for configuration management.

D. contract agreement writing standards.


Answer: A 




Which solution can be.used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?


A. Firewall

B. Honeypot

C. Core server

D. Layer 4 switch


Answer: B 



QUESTION 386 administrator.received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network.over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?


A. True negatives

B. False negatives

C. True positives

D. False positives


Answer: D 




The following is part of a log file taken from the machine on the network with the IP address of

Time:Mar 13 17:30:15 Port:20 Source: Destination: Protocol:TCP Time:Mar 13 17:30:17 Port:21 Source: Destination: Protocol:TCP Time:Mar 13 17:30:19 Port:22 Source: Destination: Protocol:TCP Time:Mar 13 17:30:21 Port:23 Source: Destination: Protocol:TCP Time:Mar 13 17:30:22 Port:25 Source: Destination: Protocol:TCP Time:Mar 13 17:30:23 Port:80 Source: Destination: Protocol:TCP Time:Mar 13 17:30:30 Port:443 Source: Destination: Protocol:TCP

What type of activity has been logged?


A. Port scan targeting

B. Teardrop attack targeting

C. Denial of service attack targeting

D. Port scan targeting


Answer: D 




Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?


A. Detective

B. Passive

C. Intuitive

D. Reactive


Answer: B 




Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?


A. Netstat WMI Scan

B. Silent Dependencies

C. Consider unscanned ports as closed

D. Reduce parallel connections on congestion


Answer: D 




Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process..Which of the following is.the correct bit size of the Diffie-Hellman (DH) group 5?


A. 768 bit key

B. 1025 bit key

C. 1536 bit key

D. 2048 bit key


Answer: C 


Download Latest ECCouncil 312-50v8 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.