Exam 312-50v10: Certified Ethical Hacker Exam (CEH v10, 312-50v10 study guide material

What is the Certified Ethical Hacker Certification?

The Certified Ethical Hacker certification, or CEH, is one of the most popular certifications used to prove a person’s cybersecurity knowledge and expertise. An Ethical Hacker should be able to think, act and use the same tools a malicious hacker. However, rather than use their abilities to cause damage, they highlight IT infrastructure weaknesses and vulnerabilities in a legal way.

The CEH certification indicates that an IT professional has the requisite knowledge and skills in order to carry out these types of tasks. The primary target audience for this type of cert is security officers, IT auditors and network administrators who have direct oversight of a network structure.

The exam consists of 125 multiple choice questions, and candidates have up to 4 hours to complete it. In order to officially register for the exam, the candidate must have  have at least two years of direct work experience in the field of information security.

What are the best online resources to prep for the CEH?

The  version (V10) will become available .The app comes with 20 core modules in order to prepare the candidate to take the CEH certification exam. The topics of study include the latest cybersecurity threats, breaking down and understanding attack vectors, and a comprehensive review of the latest ethical hacking techniques and best practices.

It also comes with a simulated testing environment, in which the candidate is given four hours to complete 125 multiple choice practice exams. Other key features of this tool are:

  • You can create other forms of practice exams focused on the content you feel you need to be tested on, as well as how many practice exam questions you want to take.
  • Every answer (both correct and incorrect) has detailed explanations with them, so that the candidate can avoid making the same mistakes on the actual cert exam.
  • It includes a customizable dashboard that displays the results of exams you have taken, including how long it took you to complete them and detailed areas of strengths and weaknesses.

What are the best practice exams for the CEH?

There are both free and paid SkillSet options to help you train for the exam. The free option includes access to all of the practice questions, an exam readiness score and smart reinforcement questions. The paid option includes all of those features, as well as:

  • A personalized learning plan that continuously assesses your knowledge and determines when you are ready take and pass your exam.
  • Focused studying that can saves an average of 31% of the time required to prep for a professional certification exam.
  • An Exam Pass Guarantee for anyone that reaches a 100% readiness score before taking their exam.

More relating nformation about Exam 312-50v10, can be found:



This article has examined some of the best resources available when preparing for the CEH certification, including books, online resources, practice exams and forums. If you prefer to receive training from an instructor.

Here are some free demo for you:

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief
Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial
A. Gramm-Leach-Bliley Act (GLBA)
B. Fair and Accurate Credit Transactions Act (FACTA)
C. Sarbanes-Oxley Act (SOX)
D. Federal Information Security Management Act (FISMA)
Answer: C

Joseph was the Web site administrator for the Mason Insurance in New York, who's main
Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to
administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith.
According to Smith, the main Mason Insurance web site had been vandalized! All of its normal
content was removed and replaced with an attacker's message ''Hacker Message: You are dead!
Freaks!" From his office, which was directly connected to Mason Insurance's internal network, Joseph
surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the
problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while
Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To
help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He
disconnected his laptop from the corporate internal network and used his modem to dial up the
same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his
browser to reveal the following web page:
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal
network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the
entire Web site, and determined that every system file and all the Web content on the server were
intact. How did the attacker accomplish this hack?
A. DNS poisoning
B. SQL injection
C. Routing table injection
D. ARP spoofing
Answer: A

Ricardo wants to send secret messages to a competitor company. To secure these messages,
he uses a technique of hiding a secret message within an ordinary message.
The technique provides 'security through obscurity'.
What technique is Ricardo using?
A. Encryption
B. RSA algorithm
C. Public-key cryptography
D. Steganography
Answer: D
Steganography is the practice of concealing a file, message, image, or video within another file,
message, image, or video.
References: https://en.wikipedia.org/wiki/Steganography

The tools which receive event logs from servers, network equipment, and applications, and
perform analysis and correlation on those logs, and can generate alarms for security relevant issues,
are known as what?
A. Vulnerability Scanner
B. Security incident and event Monitoring
C. Intrusion prevention Server
D. network Sniffer
Answer: B

This is an attack that takes advantage of a web site vulnerability in which the site displays
content that includes un-sanitized user-provided data.
What is this attack?
A. Cross-site-scripting attack
B. SQL Injection
C. URL Traversal attack
D. Buffer Overflow attack
Answer: A

It is a widely used standard for message logging. It permits separation of the software that
generates messages, the system that stores them, and the software that reports and analyzes them.
This protocol is specifically designed for transporting event messages.
Which of the following is being described?
Answer: B

How is sniffing broadly categorized?
A. Unmanaged and managed
B. Filtered and unfiltered
C. Broadcast and unicast
D. Active and passive
Answer: D

Which regulation defines security and privacy controls for Federal information systems and
C. EU Safe Harbor
D. NIST-800-53
Answer: D
NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and
Organizations," provides a catalog of security controls for all U.S. federal information systems except
those related to national security.
References: https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53

How does the Address Resolution Protocol (ARP) work?
A. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP.
B. It sends a request packet to all the network elements, asking for the MAC address from a specific
C. It sends a request packet to all the network elements, asking for the domain name from a specific
D. It sends a reply packet for a specific IP, asking for the MAC address.
Answer: B
When an incoming packet destined for a host machine on a particular local area network arrives at a
gateway, the gateway asks the ARP program to find a physical host or MAC address that matches the
IP address. The ARP program looks in the ARP cache and, if it finds the address, provides it so that the
packet can be converted to the right packet length and format and sent to the machine. If no entry is
found for the IP address, ARP broadcasts a request packet in a special format to all the machines on
the LAN to see if one machine knows that it has that IP address associated with it. A machine that
recognizes the IP address as its own returns a reply so indicating. ARP updates the ARP cache for
future reference and then sends the packet to the MAC address that replied.
References: http://searchnetworking.techtarget.com/definition/Address-Resolution-Protocol-ARP

You are a Network Security Officer. You have two machines. The first machine (
has snort installed, and the second machine ( has kiwi syslog installed. You perform a
syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from
snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi
syslog machine.
What wireshark filter will show the connections from the snort machine to kiwi syslog machine?
A. tcp.dstport==514 && ip.dst==
B. tcp.dstport==514 && ip.dst==
C. tcp.srcport==514 && ip.src==192.168.150
D. tcp.srcport==514 && ip.src==
Answer: A
We need to configure destination port at destination ip. The destination ip is, where
the kiwi syslog is installed.
References: https://wiki.wireshark.org/DisplayFilters

Which of the following is a protocol specifically designed for transporting event messages?
Answer: C
syslog is a standard for message logging. It permits separation of the software that generates
messages, the system that stores them, and the software that reports and analyzes them. Each
message is labeled with a facility code, indicating the software type generating the message, and
assigned a severity label.
References: https://en.wikipedia.org/wiki/Syslog#Network_protocol

There are several ways to gain insight on how a cryptosystem works with the goal of reverse
engineering the process. A term describes when two pieces of data result in the same value is?
A. Collision
B. Collusion
C. Escrow
D. Polymorphism
Answer: A

What kind of risk will remain even if all theoretically possible safety measures would be
A. Residual risk
B. Inherent risk
C. Deferred risk
D. Impact risk
Answer: A

Which of the following is a primary service of the U.S. Computer Security Incident Response
Team (CSIRT)?
A. CSIRT provides a computer security surveillance service to supply a government with important
intelligence information on individuals travelling abroad.
B. CSIRT provides a penetration testing service to support exception reporting on incidents
worldwide by individuals and multi-national corporations.
C. CSIRT provides an incident response service to enable a reliable and trusted single point of contact
for reporting computer security incidents worldwide.
D. CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling
an individual's property or company's asset.
Answer: C

While performing ping scans into a target network you get a frantic call from the organization's
security team. They report that they are under a denial of service attack.
When you stop your scan, the smurf attack event stops showing up on the organization's IDS
How can you modify your scan to prevent triggering this event in the IDS?
A. Spoof the source IP address.
B. Do not scan the broadcast IP.
C. Scan more slowly.
D. Only scan the Windows systems.
Answer: B

If you are to determine the attack surface of an organization, which of the following is the
BEST thing to do?
A. Reviewing the need for a security clearance for each employee
B. Using configuration management to determine when and where to apply security patches
C. Running a network scan to detect network services in the corporate DMZ
D. Training employees on the security policy regarding social engineering
Answer: C

Identify the correct terminology that defines the above statement.
A. Security Policy Implementation
B. Designing Network Security
C. Vulnerability Scanning
D. Penetration Testing
Answer: D

Which command line switch would be used in NMAP to perform operating system detection?
A. -sO
B. -O
C. -OS
D. -sP
Answer: B

You are manually conducting Idle Scanning using Hping2. During your scanning you notice
that almost every query increments the IPID regardless of the port being queried. One or two of the
queries cause the IPID to increment by more than one value. Why do you think this occurs?
A. Hping2 cannot be used for idle scanning.
B. The zombie you are using is not truly idle.
C. A stateful inspection firewall is resetting your queries.
D. These ports are actually open on the target system.
Answer: B

An organization hires a tester to do a wireless penetration test. Previous reports indicate that
the last test did not contain management or control packets in the submitted traces.
Which of the following is the most likely reason for lack of management or control packets?
A. Certain operating systems and adapters do not collect the management or control packets.
B. The wrong network card drivers were in use by Wireshark.
C. On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.
D. The wireless card was not turned on.
Answer: A

More information can be found in