312-50 Guide

How Does Testking EC-Council 312-50 test engine Work?

Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Examcollection 312-50 exam study guides now. We will not let you down with our money-back guarantee.

Q161. Which of the following Nmap commands would be used to perform a stack fingerprinting? 

A. Nmap -O -p80 <host(s.> 

B. Nmap -hU -Q<host(s.> 

C. Nmap -sT -p <host(s.> 

D. Nmap -u -o -w2 <host> 

E. Nmap -sS -0p target 

Answer: A

Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file. to decide what type of system you are scanning. 


Q162. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’? 

A. The ethical hacker does not use the same techniques or skills as a cracker. 

B. The ethical hacker does it strictly for financial motives unlike a cracker. 

C. The ethical hacker has authorization from the owner of the target. 

D. The ethical hacker is just a cracker who is getting paid. 

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. 


Q163. You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker? 

A. 5 minutes 

B. 23 days 

C. 200 years 

D. 16 million years 

Answer: A

Explanation: A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password. As long as you use a word found in or similar to a word found in a dictionary the password is considered to be weak. 


Q164. Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city's computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill's primary responsibility is to keep PC's and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network. 

Hampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill's boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill's boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company's building. 

How was Bill able to get Internet access without using an agency laptop? 

A. Bill spoofed the MAC address of Dell laptop 

B. Bill connected to a Rogue access point 

C. Toshiba and Dell laptops share the same hardware address 

D. Bill brute forced the Mac address ACLs 

Answer: B


Q165. E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient. 

Select a feature, which you will NOT be able to accomplish with this probe? 

A. When the e-mail was received and read 

B. Send destructive e-mails 

C. GPS location and map of the recipient 

D. Time spent on reading the e-mails 

E. Whether or not the recipient visited any links sent to them 

F. Track PDF and other types of attachments 

G. Set messages to expire after specified time 

H. Remote control the User's E-mail client application and hijack the traffic 

Answer: H


Q166. During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces? 

A. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses. 

B. Send your attack traffic and look for it to be dropped by the IDS. 

C. Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network. 

D. The sniffing interface cannot be detected. 

Answer: D

Explanation: When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected. 


Q167. Exhibit: * Missing* 

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet? 

A. Port 1890 (Net-Devil Trojan) 

B. Port 1786 (Net-Devil Trojan) 

C. Port 1909 (Net-Devil Trojan) 

D. Port 6667 (Net-Devil Trojan) 

Answer: D

Explanation: From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's. 


Q168. SNMP is a connectionless protocol that uses UDP instead of TCP packets? (True or False) 

A. True 

B. False 

Answer: A

Explanation: TCP and UDP provide transport services. But UDP was preferred. This is due to TCP characteristics, it is a complicate protocol and it consume to many memory and CPU resources. Where as UDP is easy to build and run. Into devices (repeaters and modems) vendors have built simple version of IP and UDP. 


Q169. Which of the following is not an effective countermeasure against replay attacks? 

A. Digital signatures 

B. Time Stamps 

C. System identification 

D. Sequence numbers 

Answer: C

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature) 


Q170. Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to 

johndoe@gmail.com". What do you think has occurred? 

A. The web application picked up a record at random 

B. The web application returned the first record it found 

C. The server error has caused the application to malfunction 

D. The web application emailed the administrator about the error 

Answer: B

Explanation: The web application sends a query to an SQL database and by giving it the criteria 1=1, which always will be true, it will return the first value it finds. 


To know more about the 312-50, click here.

Tagged as : EC-Council 312-50 Dumps, Download 312-50 pdf, 312-50 VCE, 312-50 pass4sure, examcollection 312-50