we provide Printable EC-Council 312-50 test questions which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!
Q301. What do you call a system where users need to remember only one username and password, and be authenticated for multiple services?
A. Simple Sign-on
B. Unique Sign-on
C. Single Sign-on
D. Digital Certificate
Answer: C
Explanation: Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Q302. What does the following command in netcat do?
nc -l -u -p 55555 < /etc/passwd
A. logs the incoming connections to /etc/passwd file
B. loads the /etc/passwd file to the UDP port 55555
C. grabs the /etc/passwd file when connected to UDP port 55555
D. deletes the /etc/passwd file when connected to the UDP port 55555
Answer: C
Explanation: -l forces netcat to listen for incoming connections.
-u tells netcat to use UDP instead of TCP
-p 5555 tells netcat to use port 5555
< /etc/passwd tells netcat to grab the /etc/passwd file when connected to.
Q303. This is an example of whois record.
Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)
A. Search engines like Google, Bing will expose information listed on the WHOIS record
B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record
C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record
D. IRS Agents will use this information to track individuals using the WHOIS record information
Answer: BC
Q304. Destination unreachable administratively prohibited messages can inform the hacker to what?
A. That a circuit level proxy has been installed and is filtering traffic
B. That his/her scans are being blocked by a honeypot or jail
C. That the packets are being malformed by the scanning software
D. That a router or other packet-filtering device is blocking traffic
E. That the network is functioning normally
Answer: D
Explanation: Destination unreachable administratively prohibited messages are a good way to discover that a router or other low-level packet device is filtering traffic. Analysis of the ICMP message will reveal the IP address of the blocking device and the filtered port. This further adds the to the network map and information being discovered about the network and hosts.
Q305. Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?
A. Garbage Scooping
B. Dumpster Diving
C. Scanning
D. CI Gathering
Answer: B
Explanation: Dumpster diving is the colloquial name for going through somebody's garbage --which will usually be in dumpsters for large organizations. This is a powerful tactic because it is protected by social taboos. Trash is bad, and once it goes into the trash, something is best forgotten. The reality is that most company trash is fairly clean, and provides a gold mine of information.
Q306. What is "Hacktivism"?
A. Hacking for a cause
B. Hacking ruthlessly
C. An association which groups activists
D. None of the above
Answer: A
Explanation: The term was coined by author/critic Jason Logan King Sack in an article about media artist Shu Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged effects similar to regular activism or civil disobedience.
Q307. Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position.
Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around but the program he is using does not seem to be capturing anything. He pours through the sniffer’s manual but can’t find anything that directly relates to his problem. Harold decides to ask the network administrator if the has any thoughts on the problem. Harold is told that the sniffer was not working because the agency’s network is a switched network, which can’t be sniffed by some programs without some tweaking.
What technique could Harold use to sniff agency’s switched network?
A. ARP spoof the default gateway
B. Conduct MiTM against the switch
C. Launch smurf attack against the switch
D. Flood switch with ICMP packets
Answer: A
Explanation: ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack). The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).
Q308. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)
A. symmetric algorithms
B. asymmetric algorithms
C. hashing algorithms
D. integrity algorithms
Answer: C
Explanation: In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint.
Q309. A file integrity program such as Tripwire protects against Trojan horse attacks by:
A. Automatically deleting Trojan horse programs
B. Rejecting packets generated by Trojan horse programs
C. Using programming hooks to inform the kernel of Trojan horse behavior
D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse
Answer: D
Explanation: Tripwire generates a database of the most common files and directories on your system. Once it is generated, you can then check the current state of your system against the original database and get a report of all the files that have been modified, deleted or added. This comes in handy if you allow other people access to your machine and even if you don't, if someone else does get access, you'll know if they tried to modify files such as /bin/login etc.
Q310. Stephanie, a security analyst, has just returned from a Black Hat conference in Las Vegas where she learned of many powerful tools used by hackers and security professionals alike. Stephanie is primarily worried about her Windows network because of all the legacy computers and servers that she must use, due to lack of funding.
Stephanie wrote down many of the tools she learned of in her notes and was particularly interested in one tool that could scan her network for vulnerabilities and return reports on her network's weak spots called SAINT. She remembered from her notes that SAINT is very flexible and can accomplish a number of tasks. Stephanie asks her supervisor, the CIO, if she can download and run SAINT on the network. Her boss said to not bother with it since it will not work for her at all.
Why did Stephanie's boss say that SAINT would not work?
A. SAINT only works on Macintosh-based machines
B. SAINT is too expensive and is not cost effective
C. SAINT is too network bandwidth intensive
D. SAINT only works on LINUX and UNIX machines
Answer: D
Explanation: Works with Unix/Linux/BSD and MacOS X http://www.saintcorporation.com/
Q311. Which is the right sequence of packets sent during the initial TCP three way handshake?
A. FIN, FIN-ACK, ACK
B. SYN, URG, ACK
C. SYN, ACK, SYN-ACK
D. SYN, SYN-ACK, ACK
Answer: D
Explanation: A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.
Q312. You work as security technician at ABC.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?
A. Use mget to download all pages locally for further inspection.
B. Use wget to download all pages locally for further inspection.
C. Use get* to download all pages locally for further inspection.
D. Use get() to download all pages locally for further inspection.
Answer: B
Explanation: Wget is a utility used for mirroring websites, get* doesn’t work, as for the actual FTP command to work there needs to be a space between get and * (ie. get *), get(); is just bogus, that’s a C function that’s written 100% wrong. mget is a command used from “within” ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the –R option (ie. wget –R www.ABC.com) it could mirror a site, all expect protected portions of course.
Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off.
Q313. uffer X is an Accounting application module for company can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted. Dave decided to insert 400 characters into the 200-character buffer which overflows the buffer. Below is the code snippet:
Void func (void)
{int I; char buffer [200];
for (I=0; I<400; I++)
buffer (I)= ‘A’;
return;
}
How can you protect/fix the problem of your application as shown above? (Choose two)
A. Because the counter starts with 0, we would stop when the counter is less then 200.
B. Because the counter starts with 0, we would stop when the counter is more than 200.
C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data.
D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data.
Answer: AC
Explanation: I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200.
Q314. What do you conclude from the nmap results below?
Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/)
(The 1592 ports scanned but not shown below are in state: closed)
PortStateService 21/tcpopenftp 25/tcpopensmtp 80/tcpopenhttp 443/tcpopenhttps
Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed – 1 IP address (1 host up) scanned in 91.66 seconds
A. The system is a Windows Domain Controller.
B. The system is not firewalled.
C. The system is not running Linux or Solaris.
D. The system is not properly patched.
Answer: B
Explanation: There is no reports of any ports being filtered.
Q315. How would you prevent session hijacking attacks?
A. Using biometrics access tokens secures sessions against hijacking
B. Using non-Internet protocols like http secures sessions against hijacking
C. Using hardware-based authentication secures sessions against hijacking
D. Using unpredictable sequence numbers secures sessions against hijacking
Answer: D
Explanation: Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.