Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50v13

EC-Council 312-50v13 Exam
Certified Ethical Hacker v13 (Page 15 )

Updated On: 12-Feb-2026
Page 12 of 63
PDF with 574 Questions

Samuel, a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSLv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.

Which of the following attacks can be performed by exploiting the above vulnerability?

  1. Padding oracle attack
  2. DROWN attack
  3. DUHK attack
  4. Side-channel attack

Answer(s): B



Clark, a professional hacker, was hired by an organization to gather sensitive information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whois footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network.

What is the online tool employed by Clark in the above scenario?

  1. DuckDuckGo
  2. AOL
  3. ARIN
  4. Baidu

Answer(s): C



You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed source IP addresses.” Suppose that you are using Nmap to perform this scan.

What flag will you use to satisfy this requirement?

  1. The -g flag
  2. The -A flag
  3. The -f flag
  4. The -D flag

Answer(s): D



Jude, a pen tester, examined a network from a hacker’s perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.

What is the type of vulnerability assessment that Jude performed on the organization?

  1. Application assessment
  2. External assessment
  3. Passive assessment
  4. Host-based assessment

Answer(s): B



Widespread fraud at Enron, WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?

  1. SOX
  2. FedRAMP
  3. HIPAA
  4. PCI DSS

Answer(s): A






Post your Comments and Discuss EC-Council 312-50v13 exam prep with other Community members:

Join the 312-50v13 Discussion