Skip to content

Up to date 312-50 Exam Study Guides With New Update Exam Questions

we provide Breathing EC-Council 312-50 practice exam which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!


Free VCE & PDF File for EC-Council 312-50 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:


Drag the term to match with it’s description 



Q222. What is GINA? 

A. Gateway Interface Network Application 

B. GUI Installed Network Application CLASS 

C. Global Internet National Authority (G-USA) 

D. Graphical Identification and Authentication DLL 

Answer: D

Explanation: In computing, GINA refers to the graphical identification and authentication library, a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services. 

Q223. Jane wishes to forward X-Windows traffic to a remote host as well as POP3 traffic. She is worried that adversaries might be monitoring the communication link and could inspect captured traffic. She would line to tunnel the information to the remote end but does not have VPN capabilities to do so. 

Which of the following tools can she use to protect the link? 

A. MD5 




Answer: B

Explanation: Port forwarding, or tunneling, is a way to forward otherwise insecure TCP traffic through SSH Secure Shell. You can secure for example POP3, SMTP and HTTP connections that would otherwise be insecure. 

Q224. Which type of scan does not open a full TCP connection? 

A. Stealth Scan 

B. XMAS Scan 

C. Null Scan 

D. FIN Scan 

Answer: A

Explanation: Stealth Scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active. 

Q225. 802.11b is considered a ____________ protocol. 

A. Connectionless 

B. Secure 

C. Unsecure 

D. Token ring based 

E. Unreliable 

Answer: C

Explanation: 802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker. 

Q226. What does black box testing mean? 

A. You have full knowledge of the environment 

B. You have no knowledge of the environment 

C. You have partial knowledge of the environment 

Answer: B

Explanation: Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive. 

Q227. What type of attack changes its signature and/or payload to avoid detection by antivirus programs? 

A. Polymorphic 

B. Rootkit C. Boot sector 

D. File infecting 

Answer: A

Explanation: In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence. 

Q228. Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply. 

A. Linux passwords can be encrypted with MD5 

B. Linux passwords can be encrypted with SHA 

C. Linux passwords can be encrypted with DES 

D. Linux passwords can be encrypted with Blowfish 

E. Linux passwords are encrypted with asymmetric algrothims 

Answer: ACD

Explanation: Linux passwords are enrcypted using MD5, DES, and the NEW addition Blowfish. The default on most linux systems is dependant on the distribution, RedHat uses MD5, while slackware uses DES. The blowfish option is there for those who wish to use it. The encryption algorithm in use can be determined by authconfig on RedHat-based systems, or by reviewing one of two locations, on PAM-based systems (Pluggable Authentication Module) it can be found in /etc/pam.d/, the system-auth file or authconfig files. In other systems it can be found in /etc/security/ directory. 

Q229. Which of the following LM hashes represent a password of less than 8 characters? (Select 2) 

A. BA810DBA98995F1817306D272A9441BB 

B. 44EFCE164AB921CQAAD3B435B51404EE 

C. 0182BD0BD4444BF836077A718CCDF409 

D. CEC52EB9C8E3455DC2265B23734E0DAC 

E. B757BF5C0D87772FAAD3B435B51404EE 

F. E52CAC67419A9A224A3B108F3FA6CB6D 

Answer: BE

Explanation: Notice the last 8 characters are the same 

Q230. The follows is an email header. What address is that of the true originator of the message? 

Return-Path: <> 

Received: from ( []. 

by (8.10.2/8.10.2. with ESMTP id h78NIn404807 

for <>; Sat, 9 Aug 2003 18:18:50 -0500 

Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000 

Received: from ([]. 

by with SMTP 

Received: from unknown (HELO CHRISLAPTOP. ( 

by localhost with SMTP; 8 Aug 2003 23:25:01 -0000 

From: "Bill Gates" <> 

To: "mikeg" <> 

Subject: We need your help! 

Date: Fri, 8 Aug 2003 19:12:28 -0400 

Message-ID: <> 

MIME-Version: 1.0 

Content-Type: multipart/mixed; 


X-Priority: 3 (Normal. 

X-MSMail-Priority: Normal 

X-Mailer: Microsoft Outlook, Build 10.0.2627 

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 

Importance: Normal 





E. 8.10.2/8.10.2 

Answer: C

Explanation: Spoofing can be easily achieved by manipulating the "from" name field, however, it is much more difficult to hide the true source address. The "received from" IP address is the true source of the