Certified Ethical Hacker 312-50v10 – Question319

Why is a penetration test considered to be more thorough than vulnerability scan?

Vulnerability scans only do host discovery and port scanning by default.
B. A penetration test actively exploits vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
C. It is not a penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.
D. The tools used by penetration testers tend to have much more comprehensive vulnerability databases.

Correct Answer: B

Certified Ethical Hacker 312-50v10 – Question317

You are a Network Security Officer. You have two machines. The first machine ( has snort installed, and the second machine ( has kiwi syslog installed.
You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

tcp.srcport= = 514 && ip.src= =
B. tcp.srcport= = 514 && ip.src= = 192.168.150
C. tcp.dstport= = 514 && ip.dst= =
D. tcp.dstport= = 514 && ip.dst= =

Correct Answer: D

Certified Ethical Hacker 312-50v10 – Question316

In the field of cryptanalysis, what is meant by a rubber-hose attack?

Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
B. A backdoor placed into a cryptographic algorithm by its creator.
C. Extraction of cryptographic secrets through coercion or torture.
D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Correct Answer: C

Certified Ethical Hacker 312-50v10 – Question315

What is one of the advantages of using both symmetric and asymmetric cryptogrsphy in SSL/TLS?

Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
C. Symmetric encryption allows the server to security transmit the session keys out-of-band.
D. Asymmetric cryptography is computationally expensive in comparison. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Correct Answer: D

Certified Ethical Hacker 312-50v10 – Question313

CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware of your test. Your email message looks like this:

From: jim_miller@companyxyz.com
To: michelle_saunders@companyxyz.com
Subject: Test message
Date: 4/3/2017 14:37
The employee of CompanyXYZ receives your email message.

This proves that CompanyXYZs email gateway doesnt prevent what?

Email Masquerading
B. Email Harvesting
C. Email Phishing
D. Email Spoofing

Correct Answer: D