Certified Ethical Hacker v11 312-50v11 – Question105

What is the purpose of a demilitarized zone on a network?

A.
To scan all traffic coming through the DMZ to the internal network
B. To only provide direct access to the nodes within the DMZ and protect the network behind it
C. To provide a place to put the honeypot
D. To contain the network devices you wish to protect

Correct Answer: B

Certified Ethical Hacker v11 312-50v11 – Question104

The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. Which of the following options can be useful to ensure the integrity of the data?

A.
The CFO can use a hash algorithm in the document once he approved the financial statements
B. The CFO can use an excel file with a password
C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure is the same document
D. The document can be sent to the accountant using an exclusive USB for that document

Correct Answer: A

Certified Ethical Hacker v11 312-50v11 – Question101

While using your bank’s online servicing you notice the following string in the URL bar: “http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes. Which type of vulnerability is present on this site?

A.
Cookie Tampering
B. SQL Injection
C. Web Parameter Tampering
D. XSS Reflection

Correct Answer: C

Certified Ethical Hacker v11 312-50v11 – Question100

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.
What should you do?

A.
Confront the client in a respectful manner and ask her about the data.
B. Copy the data to removable media and keep it in case you need it.
C. Ignore the data and continue the assessment until completed as agreed.
D. Immediately stop work and contact the proper legal authorities.

Correct Answer: D

Certified Ethical Hacker v11 312-50v11 – Question099

What is the role of test automation in security testing?

A.
It is an option but it tends to be very expensive.
B. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
C. Test automation is not usable in security due to the complexity of the tests.
D. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

Correct Answer: D

Certified Ethical Hacker v11 312-50v11 – Question097

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports are open and if the packets can pass through the packet-filtering of the firewall?

A.
Session hijacking
B. Firewalking
C. Man-in-the middle attack
D. Network sniffing

Correct Answer: B