Most up-to-date 312-50 Exam Study Guides With New Update Exam Questions

312-50 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

Download 312-50 Dumps Free

Product Description:
Exam Number/Code: 312-50
Exam name: Ethical Hacking and Countermeasures (CEHv6)
n questions with full explanations
Certification: EC-Council Certification

HOW TO GET 312-50 Exam PDF Collection Free?

Your success in EC-Council 312-50 is our sole target and we develop all our 312-50 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50 study material the best you can find, it is also the most detailed and the most updated. 312-50 Practice Exams for EC-Council 312-50 are written to the highest standards of technical accuracy.

Q71. "Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement. 

A. Vulnerability Scanning 

B. Penetration Testing 

C. Security Policy Implementation 

D. Designing Network Security 

Answer: B

Q72. Smurf is a simple attack based on IP spoofing and broadcasts. A single packet (such as an ICMP Echo Request) is sent as a directed broadcast to a subnet on the Internet. All the machines on that subnet respond to this broadcast. By spoofing the source IP Address of the packet, all the responses will get sent to the spoofed IP Address. Thus, a hacker can often flood a victim with hundreds of responses for every request the hacker sends out. 

Who are the primary victims of these attacks on the Internet today? 

A. IRC servers are the primary victim to smurf attacks 

B. IDS devices are the primary victim to smurf attacks 

C. Mail Servers are the primary victim to smurf attacks 

D. SPAM filters are the primary victim to surf attacks 

Answer: A

Explanation: IRC servers are the primary victim to smurf attacks. Script-kiddies run programs that scan the Internet looking for "amplifiers" (i.e. subnets that will respond). They compile lists of these amplifiers and exchange them with their friends. Thus, when a victim is flooded with responses, they will appear to come from all over the Internet. On IRCs, hackers will use bots (automated programs) that connect to IRC servers and collect IP addresses. The bots then send the forged packets to the amplifiers to inundate the victim. 

Q73. What are two things that are possible when scanning UDP ports? (Choose two. 

A. A reset will be returned 

B. An ICMP message will be returned 

C. The four-way handshake will not be completed 

D. An RFC 1294 message will be returned 

E. Nothing 

Answer: BE

Explanation: Closed UDP ports can return an ICMP type 3 code 3 message. No response can mean the port is open or the packet was silently dropped. 

Q74. Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three) 

A. Internet Printing Protocol (IPP) buffer overflow 

B. Code Red Worm 

C. Indexing services ISAPI extension buffer overflow 

D. NeXT buffer overflow 

Answer: ABC

Explanation: Both the buffer overflow in the Internet Printing Protocol and the ISAPI extension buffer overflow is explained in Microsoft Security Bulletin MS01-023. The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. 

Q75. War dialing is one of the oldest methods of gaining unauthorized access to the target systems, it is one of the dangers most commonly forgotten by network engineers and system administrators. A hacker can sneak past all the expensive firewalls and IDS and connect easily into the network. Through wardialing an attacker searches for the devices located in the target network infrastructure that are also accessible through the telephone line. 

‘Dial backup’ in routers is most frequently found in networks where redundancy is required. Dial-on-demand routing(DDR) is commonly used to establish connectivity as a backup. 

As a security testers, how would you discover what telephone numbers to dial-in to the router? 

A. Search the Internet for leakage for target company’s telephone number to dial-in 

B. Run a war-dialing tool with range of phone numbers and look for CONNECT Response 

C. Connect using ISP’s remote-dial in number since the company’s router has a leased line connection established with them 

D. Brute force the company’s PABX system to retrieve the range of telephone numbers to dial-in 


Explanation: Use a program like Toneloc to scan the company’s range of phone numbers. 

Q76. Annie has just succeeded is stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible? 

A. Any Cookie can be replayed irrespective of the session status 

B. The scenario is invalid as a secure cookie can’t be replayed 

C. It works because encryption is performed at the network layer (layer 1 encryption) 

D. It works because encryption is performed at the application layer (Single Encryption Key) 

Answer: D

Explanation: Single key encryption (conventional cryptography) uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible. 

Q77. Which definition among those given below best describes a covert channel? 

A. A server program using a port that is not well known. 

B. Making use of a protocol in a way it is not intended to be used. 

C. It is the multiplexing taking place on a communication link. 

D. It is one of the weak channels used by WEP which makes it insecure. 


Explanation: A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." 

Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information. 

Q78. What port number is used by LDAP protocol? 

A. 110 

B. 389 

C. 445 

D. 464 


Explanation: Active Directory and Exchange use LDAP via TCP port 389 for clients. 

Q79. Gerald, the systems administrator for Hyped Enterprise, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, his discovers numerous remote tools were installed that no one claims to have knowledge of in his department. 

Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to proxy server in Brazil. 

Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. 

What tool Geralds’s attacker used to cover their tracks? 

A. Tor 



D. Cheops 

Answer: A

Explanation: Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). 

Q80. Michael is the security administrator for the for ABC company. Michael has been charged with strengthening the company’s security policies, including its password policies. Due to certain legacy applications. Michael was only able to enforce a password group policy in Active Directory with a minimum of 10 characters. He has informed the company’s employes, however that the new password policy requires that everyone must have complex passwords with at least 14 characters. Michael wants to ensure that everyone is using complex passwords that meet the new security policy requirements. Michael has just logged on to one of the network’s domain controllers and is about to run the following command: 

What will this command accomplish? 

A. Dumps SAM password hashes to pwd.txt 

B. Password history file is piped to pwd.txt 

C. Dumps Active Directory password hashes to pwd.txt 

D. Internet cache file is piped to pwd.txt 

Answer: A

Explanation: Pwdump is a hack tool that is used to grab Windows password hashes from a remote Windows computer. Pwdump > pwd.txt will redirect the output from pwdump to a text file named pwd.txt 

[TRY FREE] BUY 312-50 Full version( pdf+software ):