Exambible offers free demo for 312-50 exam. “Ethical Hacking and Countermeasures (CEHv6)”, also known as 312-50 exam, is a EC-Council Certification. This set of posts, Passing the EC-Council 312-50 exam, will help you answer those questions. The 312-50 Questions & Answers covers all the knowledge points of the real exam. 100% real EC-Council 312-50 exams and revised by experts!
2017 NEW RECOMMEND
Free VCE & PDF File for EC-Council 312-50 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q301. You want to scan the live machine on the LAN, what type of scan you should use?
Explanation: The ping scan is one of the quickest scans that nmap performs, since no actual ports are queried. Unlike a port scan where thousands of packets are transferred between two stations, a ping scan requires only two frames. This scan is useful for locating active devices or determining if ICMP is passing through a firewall.
Q302. When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?
Explanation: Filesnarf – sniff files from NFS traffic
Specify the interface to listen on.
-v "Versus" mode. Invert the sense of matching, to
select non-matching files.
Specify regular expression for filename matching.
Specify a tcpdump(8) filter expression to select
traffic to sniff.
Q303. Which of the following act in the united states specifically criminalizes the transmission of unsolicited commercial e-mail(SPAM) without an existing business relationship.
A. 2004 CANSPAM Act
B. 2003 SPAM Preventing Act
C. 2005 US-SPAM 1030 Act
D. 1990 Computer Misuse Act
Explanation: The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them. The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A "transactional or relationship message" â email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship â may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.
Q304. What is the following command used for?
net use \\targetipc$ "" /u:""
A. Grabbing the etc/passwd file
B. Grabbing the SAM
C. Connecting to a Linux computer through Samba.
D. This command is used to connect as a null session
E. Enumeration of Cisco routers
Explanation: The null session is one of the most debilitating vulnerabilities faced by Windows.
Null sessions can be established through port 135, 139, and 445.
Q305. Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.
In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?
A. Switch then acts as hub by broadcasting packets to all machines on the network
B. The CAM overflow table will cause the switch to crash causing Denial of Service
C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF
D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port
Q306. Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dumo.)
05/20-17:06:45.061034 22.214.171.124:31337 -> 172.16.1.101:1 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400 . . .
05/20-17:06:58.685879 126.96.36.199:31337 -> 172.16.1.101:1024 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
D. There packets were created by a tool; they were not created by a standard IP stack.
Explanation: Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of âeliteâ, meaning âelite hackersâ.
Q307. Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless routerâs management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the routerâs logs and notices that the unfamiliar machine has the same MAC address as his laptop.
What is Paul seeing here?
A. MAC Spoofing
C. ARP Spoofing
D. DNS Spoofing
Explanation: You can fool MAC filtering by spoofing your MAC address and pretending to have some other computers MAC address.
Topic 16, Virus and Worms
423. Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?
A. System integrity verification tools
B. Anti-Virus Software
C. A properly configured gateway
D. There is no way of finding out until a new updated signature file is released
Explanation: Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Q308. Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?
A. Jayden can use the command: ip binding set.
B. Jayden can use the command: no ip spoofing.
C. She should use the command: no dhcp spoofing.
D. She can use the command: ip dhcp snooping binding.
Q309. John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.
In the context of Session hijacking why would you consider this as a false sense of security?
A. The token based security cannot be easily defeated.
B. The connection can be taken over after authentication.
C. A token is not considered strong authentication.
D. Token security is not widely used in the industry.
Explanation: A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated.
Q310. Global deployment of RFC 2827 would help mitigate what classification of attack?
A. Sniffing attack
B. Denial of service attack
C. Spoofing attack
D. Reconnaissance attack
E. Prot Scan attack
Explanation: RFC 2827 – Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing