It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Update Ethical Hacking and Countermeasures (CEHv6) practice guides.

2016 Oct 312-50 free draindumps

Q261. Exhibit: 

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack? 

A. The buffer overflow attack has been neutralized by the IDS 

B. The attacker is creating a directory on the compromised machine 

C. The attacker is attempting a buffer overflow attack and has succeeded 

D. The attacker is attempting an exploit that launches a command-line shell 

Answer: D

Explanation: This log entry shows a hacker using a buffer overflow to fill the data buffer and trying to insert the execution of /bin/sh into the executable code part of the thread. It is probably an existing exploit that is used, or a directed attack with a custom built buffer overflow with the “payload” that launches the command shell. 

Q262. What does an ICMP (Code 13) message normally indicates? 

A. It indicates that the destination host is unreachable 

B. It indicates to the host that the datagram which triggered the source quench message will need to be re-sent 

C. It indicates that the packet has been administratively dropped in transit 

D. It is a request to the host to cut back the rate at which it is sending traffic to the Internet destination 

Answer: C

Explanation: CODE 13 and type 3 is destination unreachable due to communication administratively prohibited by filtering hence maybe they meant "code 13", therefore would be C). 

Note:A - Type 3B - Type 4C - Type 3 Code 13D - Typ4 4 

Q263. You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ? 

A. Black box testing 

B. Black hat testing 

C. Gray box testing 

D. Gray hat testing 

E. White box testing 

F. White hat testing 


Explanation: Internal Testing is also referred to as Gray-box testing. 

Q264. Which type of scan does not open a full TCP connection? 

A. Stealth Scan 

B. XMAS Scan 

C. Null Scan 

D. FIN Scan 

Answer: A

Explanation: Stealth Scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active. 

Q265. E-mail scams and mail fraud are regulated by which of the following? 

A. 18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers 

B. 18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices 

C. 18 U.S.C. par. 1362 Communication Lines, Stations, or Systems 

D. 18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication 

Answer: A


Avant-garde 312-50 test question:

Q266. Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces? 

A. Snow 

B. Gif-It-Up 

C. NiceText 

D. Image Hide 

Answer: A

Explanation: The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected. 

Q267. Exhibit: 

Given the following extract from the snort log on a honeypot, what service is being exploited? : 



C. Telnet 



Explanation: The connection is done to 

Q268. What is Form Scalpel used for? 

A. Dissecting HTML Forms 

B. Dissecting SQL Forms 

C. Analysis of Access Database Forms 

D. Troubleshooting Netscape Navigator 

E. Quatro Pro Analysis Tool 

Answer: A

Explanation: Form Scalpel automatically extracts forms from a given web page and splits up all fields for editing and manipulation. 

Q269. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’? 

A. The ethical hacker does not use the same techniques or skills as a cracker. 

B. The ethical hacker does it strictly for financial motives unlike a cracker. 

C. The ethical hacker has authorization from the owner of the target. 

D. The ethical hacker is just a cracker who is getting paid. 

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. 

Q270. What is a primary advantage a hacker gains by using encryption or programs such as Loki? 

A. It allows an easy way to gain administrator rights 

B. It is effective against Windows computers 

C. It slows down the effective response of an IDS 

D. IDS systems are unable to decrypt it 

E. Traffic will not be modified in transit 

Answer: D

Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.