We provide real 312-50v11 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass EC-Council 312-50v11 Exam quickly & easily. The 312-50v11 PDF type is available for reading and printing. You can print more and practice many times. With the help of our EC-Council 312-50v11 dumps pdf and vce product and material, you can easily pass the 312-50v11 exam.

Online EC-Council 312-50v11 free dumps demo Below:

NEW QUESTION 1
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

  • A. 137 and 139
  • B. 137 and 443
  • C. 139 and 443
  • D. 139 and 445

Answer: D

NEW QUESTION 2
If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

  • A. Birthday
  • B. Brute force
  • C. Man-in-the-middle
  • D. Smurf

Answer: B

NEW QUESTION 3
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

  • A. ESP transport mode
  • B. ESP confidential
  • C. AH permiscuous
  • D. AH Tunnel mode

Answer: A

NEW QUESTION 4
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?

  • A. Kismet
  • B. Abel
  • C. Netstumbler
  • D. Nessus

Answer: A

NEW QUESTION 5
Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches.
If these switches' ARP cache is successfully flooded, what will be the result?

  • A. The switches will drop into hub mode if the ARP cache is successfully flooded.
  • B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
  • C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
  • D. The switches will route all traffic to the broadcast address created collisions.

Answer: A

NEW QUESTION 6
Which of the following tools can be used to perform a zone transfer?

  • A. NSLookup
  • B. Finger
  • C. Dig
  • D. Sam Spade
  • E. Host
  • F. Netcat
  • G. Neotrace

Answer: ACDE

NEW QUESTION 7
What hacking attack is challenge/response authentication used to prevent?

  • A. Replay attacks
  • B. Scanning attacks
  • C. Session hijacking attacks
  • D. Password cracking attacks

Answer: A

NEW QUESTION 8
What is a NULL scan?

  • A. A scan in which all flags are turned off
  • B. A scan in which certain flags are off
  • C. A scan in which all flags are on
  • D. A scan in which the packet size is set to zero
  • E. A scan with an illegal packet size

Answer: A

NEW QUESTION 9
Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.
Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

  • A. Hardware, Software, and Sniffing.
  • B. Hardware and Software Keyloggers.
  • C. Passwords are always best obtained using Hardware key loggers.
  • D. Software only, they are the most effective.

Answer: A

NEW QUESTION 10
Password cracking programs reverse the hashing process to recover passwords. (True/False.)

  • A. True
  • B. False

Answer: B

NEW QUESTION 11
The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?
312-50v11 dumps exhibit

  • A. The buffer overflow attack has been neutralized by the IDS
  • B. The attacker is creating a directory on the compromised machine
  • C. The attacker is attempting a buffer overflow attack and has succeeded
  • D. The attacker is attempting an exploit that launches a command-line shell

Answer: D

NEW QUESTION 12
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

  • A. Perform a vulnerability scan of the system.
  • B. Determine the impact of enabling the audit feature.
  • C. Perform a cost/benefit analysis of the audit feature.
  • D. Allocate funds for staffing of audit log review.

Answer: B

NEW QUESTION 13
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

  • A. Nmap
  • B. Cain & Abel
  • C. Nessus
  • D. Snort

Answer: D

NEW QUESTION 14
In Trojan terminology, what is a covert channel?
312-50v11 dumps exhibit

  • A. A channel that transfers information within a computer system or network in a way that violates the security policy
  • B. A legitimate communication path within a computer system or network for transfer of data
  • C. It is a kernel operation that hides boot processes and services to mask detection
  • D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Answer: A

NEW QUESTION 15
Which of the following is an extremely common IDS evasion technique in the web world?

  • A. Spyware
  • B. Subnetting
  • C. Unicode Characters
  • D. Port Knocking

Answer: C

NEW QUESTION 16
Which definition among those given below best describes a covert channel?

  • A. A server program using a port that is not well known.
  • B. Making use of a protocol in a way it is not intended to be used.
  • C. It is the multiplexing taking place on a communication link.
  • D. It is one of the weak channels used by WEP which makes it insecure

Answer: B

NEW QUESTION 17
Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

  • A. 113
  • B. 69
  • C. 123
  • D. 161

Answer: C

NEW QUESTION 18
Which DNS resource record can indicate how long any "DNS poisoning" could last?

  • A. MX
  • B. SOA
  • C. NS
  • D. TIMEOUT

Answer: B

NEW QUESTION 19
Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occurring during non-business hours. After further examination of all login activities, it is noticed that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realizes the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux servers to synchronize the time has stopped working?

  • A. Time Keeper
  • B. NTP
  • C. PPP
  • D. OSPP

Answer: B

NEW QUESTION 20
What is the purpose of DNS AAAA record?

  • A. Authorization, Authentication and Auditing record
  • B. Address prefix record
  • C. Address database record
  • D. IPv6 address resolution record

Answer: D

NEW QUESTION 21
......

P.S. Easily pass 312-50v11 Exam with 254 Q&As Certshared Dumps & pdf Version, Welcome to Download the Newest Certshared 312-50v11 Dumps: https://www.certshared.com/exam/312-50v11/ (254 New Questions)