Skip to content

The Secret of EC-Council 312-50 pdf

we provide Breathing EC-Council 312-50 dumps which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!


Free VCE & PDF File for EC-Council 312-50 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:

Q261. You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker? 

A. 5 minutes 

B. 23 days 

C. 200 years 

D. 16 million years 

Answer: A

Explanation: A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password. As long as you use a word found in or similar to a word found in a dictionary the password is considered to be weak. 

Q262. Which of the following Nmap commands would be used to perform a stack fingerprinting? 

A. Nmap -O -p80 <host(s.> 

B. Nmap -hU -Q<host(s.> 

C. Nmap -sT -p <host(s.> 

D. Nmap -u -o -w2 <host> 

E. Nmap -sS -0p target 

Answer: A

Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file. to decide what type of system you are scanning. 

Q263. Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position. 

Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around but the program he is using does not seem to be capturing anything. He pours through the sniffer’s manual but can’t find anything that directly relates to his problem. Harold decides to ask the network administrator if the has any thoughts on the problem. Harold is told that the sniffer was not working because the agency’s network is a switched network, which can’t be sniffed by some programs without some tweaking. 

What technique could Harold use to sniff agency’s switched network? 

A. ARP spoof the default gateway 

B. Conduct MiTM against the switch 

C. Launch smurf attack against the switch 

D. Flood switch with ICMP packets 

Answer: A

Explanation: ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack). The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). 

Q264. John wants to try a new hacking tool on his Linux System. As the application comes from a site in his untrusted zone, John wants to ensure that the downloaded tool has not been Trojaned. Which of the following options would indicate the best course of action for John? 

A. Obtain the application via SSL 

B. Obtain the application from a CD-ROM disc 

C. Compare the files’ MD5 signature with the one published on the distribution media 

D. Compare the file’s virus signature with the one published on the distribution media 

Answer: C

Explanation: In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods. 

Q265. 1 ( 0.724 ms 3.285 ms 0.613 ms 2 ( 12.169 ms 14.958 ms 13.416 ms 3 ( 13.948 ms 

( 16.743 ms 16.207 ms 4 ( 17.324 ms 13.933 ms 

20.938 ms 

5 ( 12.439 ms 220.166 ms 204.170 ms 6 ( 16.177 ms 25.943 ms 14.104 ms 7 ( 14.227 ms 17.553 ms 15.415 ms 8 ( 17.063 ms 20.960 ms 

19.512 ms 9 ( 20.334 ms 19.440 ms 

17.938 ms 10 ( 27.526 ms 18.317 ms 21.202 ms 11 ( 21.411 ms 

19.133 ms 18.830 ms 12 ( 21.203 ms 22.670 ms 

20.111 ms 13 ( 30.929 ms 24.858 ms 

23.108 ms 14 ( 37.894 ms 33.244 ms 

33.910 ms 15 ( 51.165 ms 49.935 ms 

49.466 ms 16 ( 50.937 ms 49.005 ms 

51.055 ms 17 117.ATM6-0.GW5.MIA1.ALTER.NET ( 51.897 ms 50.280 ms 

53.647 ms 18 ( 51.921 ms 51.571 ms 

56.855 ms 19 <> ( 52.191 ms 

52.571 ms 56.855 ms 20 <> ( 53.561 ms 

54.121 ms 58.333 ms 

You perform the above traceroute and notice that hops 19 and 20 both show the same IP address. This probably indicates what? 

A. A host based IDS 

B. A Honeypot 

C. A stateful inspection firewall 

D. An application proxying firewall 

Answer: C

Q266. Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference? 

A. Eric network has been penetrated by a firewall breach 

B. The attacker is using the ICMP protocol to have a covert channel 

C. Eric has a Wingate package providing FTP redirection on his network 

D. Somebody is using SOCKS on the network to communicate through the firewall 

Answer: D

Explanation: Port Description: SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \\bounce\\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port — good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only domain hosts. 

Q267. You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. 

What should be the next logical step that should be performed? 

A. Connect to open ports to discover applications. 

B. Perform a ping sweep to identify any additional systems that might be up. 

C. Perform a SYN scan on port 21 to identify any additional systems that might be up. 

D. Rescan every computer to verify the results. 

Answer: C

Explanation: As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems. 

Q268. This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive tasks for an IDS to reassemble all fragments itself and on a busy system the packet will slip through the IDS onto the network. 

What is this technique called? 

A. IP Fragmentation or Session Splicing 

B. IP Routing or Packet Dropping 

C. IDS Spoofing or Session Assembly 

D. IP Splicing or Packet Reassembly 

Answer: A

Explanation: The basic premise behind session splicing, or IP Fragmentation, is to deliver the payload over multiple packets thus defeating simple pattern matching without session reconstruction. This payload can be delivered in many different manners and even spread out over a long period of time. Currently, Whisker and Nessus have session splicing capabilities, and other tools exist in the wild. 

Q269. Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.) 

A. Identifies the wireless network 

B. Acts as a password for network access 

C. Should be left at the factory default setting 

D. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools 

Answer: AB

Q270. Here is the ASCII Sheet. 

You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection technique. 

What is the correct syntax? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: A