We provide real 312-50 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass EC-Council 312-50 Exam quickly & easily. The 312-50 PDF type is available for reading and printing. You can print more and practice many times. With the help of our EC-Council 312-50 dumps pdf and vce product and material, you can easily pass the 312-50 exam.

Q46. Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three) 

A. Internet Printing Protocol (IPP) buffer overflow 

B. Code Red Worm 

C. Indexing services ISAPI extension buffer overflow 

D. NeXT buffer overflow 

Answer: ABC

Explanation: Both the buffer overflow in the Internet Printing Protocol and the ISAPI extension buffer overflow is explained in Microsoft Security Bulletin MS01-023. The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. 


Q47. Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor. 

Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on. 

Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them. 

What technique has Jason most likely used? 

A. Stealth Rootkit Technique 

B. Snow Hiding Technique 

C. ADS Streams Technique 

D. Image Steganography Technique 

Answer: D


Q48. What is the most common vehicle for social engineering attacks? 

A. Phone 

B. Email 

C. In person 

D. P2P Networks 

Answer: A

Explanation: Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone. 


Q49. You receive an email with the following message: 

Hello Steve, 

We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password. http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services. Sincerely, Technical Support SuperEmailServices 

From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt: 

Ping 0xde.0xad.0xbe.0xef 

You get a response with a valid IP address. 

What is the obstructed IP address in the e-mail URL? 

A. 222.173.190.239 

B. 233.34.45.64 

C. 54.23.56.55 

D. 199.223.23.45 

Answer: A

Explanation: 0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239 


Q50. What is Form Scalpel used for? 

A. Dissecting HTML Forms 

B. Dissecting SQL Forms 

C. Analysis of Access Database Forms 

D. Troubleshooting Netscape Navigator 

E. Quatro Pro Analysis Tool 

Answer: A

Explanation: Form Scalpel automatically extracts forms from a given web page and splits up all fields for editing and manipulation. 


Q51. Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called? 

A. Spoof attack 

B. Replay attack 

C. Injection attack 

D. Rebound attack 

Answer: B

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 


Q52. Smurf is a simple attack based on IP spoofing and broadcasts. A single packet (such as an ICMP Echo Request) is sent as a directed broadcast to a subnet on the Internet. All the machines on that subnet respond to this broadcast. By spoofing the source IP Address of the packet, all the responses will get sent to the spoofed IP Address. Thus, a hacker can often flood a victim with hundreds of responses for every request the hacker sends out. 

Who are the primary victims of these attacks on the Internet today? 

A. IRC servers are the primary victim to smurf attacks 

B. IDS devices are the primary victim to smurf attacks 

C. Mail Servers are the primary victim to smurf attacks 

D. SPAM filters are the primary victim to surf attacks 

Answer: A

Explanation: IRC servers are the primary victim to smurf attacks. Script-kiddies run programs that scan the Internet looking for "amplifiers" (i.e. subnets that will respond). They compile lists of these amplifiers and exchange them with their friends. Thus, when a victim is flooded with responses, they will appear to come from all over the Internet. On IRCs, hackers will use bots (automated programs) that connect to IRC servers and collect IP addresses. The bots then send the forged packets to the amplifiers to inundate the victim. 


Q53. Nathalie would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. Which of the following type of scans would be the most accurate and reliable? 

A. A FIN Scan 

B. A Half Scan 

C. A UDP Scan 

D. The TCP Connect Scan 

Answer: D

Explanation: The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. This is the fastest scanning method supported by nmap, and is available with the -t (TCP) option. The big downside is that this sort of scan is easily detectable and filterable. 


Q54. Which of the following tools are used for footprinting?(Choose four. 

A. Sam Spade 

B. NSLookup 

C. Traceroute 

D. Neotrace 

E. Cheops 

Answer: ABCD 

Explanation: All of the tools listed are used for footprinting except Cheops. 


Q55. Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. 

But Jess is not picking up hashed from the network. 

Why? 

A. The network protocol is configured to use SMB Signing. 

B. The physical network wire is on fibre optic cable. 

C. The network protocol is configured to use IPSEC. 

D. L0phtCrack SMB filtering only works through Switches and not Hubs. 

Answer: A

Explanation: To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session. 


Q56. A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department. 

What kind of penetration test would you recommend that would best address the client’s concern? 

A. A Black Box test 

B. A Black Hat test 

C. A Grey Box test 

D. A Grey Hat test 

E. A White Box test 

F. A White Hat test 

Answer: C


Q57. Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports? 

A. SMB 

B. FTP 

C. SAMBA 

D. FINGER 

Answer: A

Explanation: Port 135 is for RPC and 136-139 is for NetBIOS traffic. SMB is an upper layer service that runs on top of the Session Service and the Datagram service of NetBIOS. 


Q58. In which location, SAM hash passwords are stored in Windows 7? 

A. c:\windows\system32\config\SAM 

B. c:\winnt\system32\machine\SAM 

C. c:\windows\etc\drivers\SAM 

D. c:\windows\config\etc\SAM 

Answer: A


Q59. What would best be defined as a security test on services against a known vulnerability database using an automated tool? 

A. A penetration test 

B. A privacy review 

C. A server audit 

D. A vulnerability assessment 

Answer: D

Explanation: Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region). 


Q60. You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before. How can you retrieve information from the outdated website? 

A. Through Google searching cached files 

B. Through Archive.org 

C. Download the website and crawl it 

D. Visit customers' and prtners' websites 

Answer: B

Explanation: Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that's the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org