Ucertify 312-50 Questions are updated and all 312-50 answers are verified by experts. Once you have completely prepared with our 312-50 exam prep kits you will be ready for the real 312-50 exam without a problem. We have Improve EC-Council 312-50 dumps study guide. PASSED 312-50 First attempt! Here What I Did.

Q1. Which of the following activities would not be considered passive footprinting? 

A. Search on financial site such as Yahoo Financial 

B. Perform multiple queries through a search engine 

C. Scan the range of IP address found in their DNS database 

D. Go through the rubbish to find out any information that might have been discarded 

Answer: C

Explanation: Passive footprinting is a method in which the attacker never makes contact with the target. Scanning the targets IP addresses can be logged at the target and therefore contact has been made. 

Q2. In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them: 

FIN = 1 SYN = 2 RST = 4 PSH = 8 ACK = 16 URG = 32 ECE = 64 CWR = 128 

Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters. 

What is Jason trying to accomplish here? 





Answer: B

Q3. Fingerprinting an Operating System helps a cracker because: 

A. It defines exactly what software you have installed 

B. It opens a security-delayed window based on the port being scanned 

C. It doesn't depend on the patches that have been applied to fix existing security holes 

D. It informs the cracker of which vulnerabilities he may be able to exploit on your system 

Answer: D

Explanation: When a cracker knows what OS and Services you use he also knows which exploits might work on your system. If he would have to try all possible exploits for all possible Operating Systems and Services it would take too long time and the possibility of being detected increases. 

Q4. What does the following command achieve? 

Telnet <IP Address> <Port 80> 




A. This command returns the home page for the IP address specified 

B. This command opens a backdoor Telnet session to the IP address specified 

C. This command returns the banner of the website specified by IP address 

D. This command allows a hacker to determine the sites security 

E. This command is bogus and will accomplish nothing 

Answer: C

Explanation: This command is used for banner grabbing. Banner grabbing helps identify the service and version of web server running. 

Q5. Network Intrusion Detection systems can monitor traffic in real time on networks. 

Which one of the following techniques can be very effective at avoiding proper detection? 

A. Fragmentation of packets. 

B. Use of only TCP based protocols. 

C. Use of only UDP based protocols. 

D. Use of fragmented ICMP traffic only. 

Answer: A

Explanation: If the default fragmentation reassembly timeout is set to higher on the client than on the IDS then the it is possible to send an attack in fragments that will never be reassembled in the IDS but they will be reassembled and read on the client computer acting victim. 

Q6. More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers - it basically hides the true nature of the shellcode in different disguises. 

How does a polymorphic shellcode work? 

A. They convert the shellcode into Unicode, using loader to convert back to machine code then executing them 

B. They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode 

C. They reverse the working instructions into opposite order by masking the IDS signatures 

D. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode 

Answer: A

Explanation: In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode 

Q7. Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack? 

A. SQL Input attack 

B. SQL Piggybacking attack 

C. SQL Select attack 

D. SQL Injection attack 

Answer: D

Explanation: This technique is known as SQL injection attack 

Q8. ou are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. 

What encryption algorithm will you be decrypting? 

A. MD4 




Answer: B

Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. 

Q9. Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows Platform you must install a packet capture library. What is the name of this library? 





Answer: D

Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture. 

Q10. Theresa is an IT security analyst working for the United Kingdom Internet Crimes Bureau in London. Theresa has been assigned to the software piracy division which focuses on taking down individual and organized groups that distribute copyrighted software illegally. Theresa and her division have been responsible for taking down over 2,000 FTP sites hosting copyrighted software. Theresa's supervisor now wants her to focus on finding and taking down websites that host illegal pirated software. What are these sights called that Theresa has been tasked with taking down? 

A. These sites that host illegal copyrighted software are called Warez sites 

B. These sites that Theresa has been tasked to take down are called uTorrent sites 

C. These websites are referred to as Dark Web sites 

D. Websites that host illegal pirated versions of software are called Back Door sites 

Answer: A

Explanation: The Warez scene, often referred to as The Scene (often capitalized) is a term of self-reference used by a community that specializes in the underground distribution of pirated content, typically software but increasingly including movies and music. 

Q11. Which of the following is one of the key features found in a worm but not seen in a virus? 

A. The payload is very small, usually below 800 bytes. 

B. It is self replicating without need for user intervention. 

C. It does not have the ability to propagate on its own. 

D. All of them cannot be detected by virus scanners. 


Explanation: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. 

Q12. Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company came out with an exact duplicate product right before Kiley Innovators was about to release it. The executive team believes that an employee is leaking information to the rival company. Lori questions all employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given permission to search through the corporate email system. She searches by email being sent to and sent from the rival marketing company. 

She finds one employee that appears to be sending very large email to this other marketing company, even though they should have no reason to be communicating with them. Lori tracks down the actual emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly harmless, usually containing some kind of joke. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture. 

What technique was used by the Kiley Innovators employee to send information to the rival marketing company? 

A. The Kiley Innovators employee used cryptography to hide the information in the emails sent 

B. The method used by the employee to hide the information was logical watermarking 

C. The employee used steganography to hide information in the picture attachments 

D. By using the pictures to hide information, the employee utilized picture fuzzing 

Answer: C

Q13. What is the correct order of steps in CEH System Hacking Cycle? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: A

Q14. What does a type 3 code 13 represent?(Choose two. 

A. Echo request 

B. Destination unreachable 

C. Network unreachable 

D. Administratively prohibited 

E. Port unreachable 

F. Time exceeded 

Answer: BD

Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port. 

Q15. What type of Trojan is this? 

A. RAT Trojan 

B. E-Mail Trojan 

C. Defacement Trojan 

D. Destructing Trojan 

E. Denial of Service Trojan 

Answer: C