Latest effective EC-Council 312-50 exam dumps free sharing | braindumpscity

Free Download latest EC-Council 312-50 PDF and EC-Council 312-50 exam dumps online practice from pass4itsure.
All content is from the actual exam questions provided by the Pass4itsure experts.
Pass4itsure the latest updated 312-50 exam questions to help candidates pass the 312-50 exam for the first time.
When you use Pass4itsure to prepare the product, your success in the certification exam is guaranteed. The following
questions and answers are the newly released EC-Council official exam Center: https://www.pass4itsure.com/312-50.html

[PDF] Free EC-Council 312-50 dumps download from Google Drive:
https://drive.google.com/open?id=1za6PhjZusQGmQzyonhaGbeQY0QWU_6tb

[PDF] Free All EC-Council dumps download from Google Drive:
https://drive.google.com/open?id=10v4eiGHFoVEcWKyPY50kwI9R7HuKL9Rr

Certified Ethical Hacker – CEH Certification | EC-Council:
https://www.EC-Council.org/programs/certified-ethical-hacker-ceh/

Pass4itsure offers the latest EC-Council 312-50 practice test free of charge (58Q&As)

Exam X
QUESTION 1
Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)
A. CHAT rooms
B. WHOIS database
C. News groups
D. Web sites
E. Search engines
F. Organization’s own web site
Correct Answer: ABCDEF
Explanation
Explanation/Reference:
A Security tester should search for information everywhere that he/she can access. You never know where you find that small piece of information that could
penetrate a strong defense.

QUESTION 2
What are the two basic types of attacks?(Choose two.
A. DoS
B. Passive
C. Sniffing
D. Active
E. Cracking
Correct Answer: BD
Explanation
Explanation/Reference:
Passive and active attacks are the two basic types of attacks.

QUESTION 3
The United Kingdom (UK) he passed a law that makes hacking into an unauthorized network a felony.
The law states:
Section1 of the Act refers to unauthorized access to computer material. This states that a person commits an offence if he causes a computer to perform any
function with intent to secure unauthorized access to any program or data held in any computer. For a successful conviction under this part of the Act, the
prosecution must prove that the access secured is unauthorized and that the suspect knew that this was the case. This section is designed to deal with common-
or-graden hacking.
Section 2 of the deals with unauthorized access with intent to commit or facilitate the commission of further offences. An offence is committed under Section 2 if a
Section 1 offence has been committed and there is the intention of committing or facilitating a further offense (any offence which attacks a custodial sentence of
more than five years, not necessarily one covered but the Act). Even if it is not possible to prove the intent to commit the further offence, the Section 1 offence is
still committed.
Section 3 Offences cover unauthorized modification of computer material, which generally means the creation and distribution of viruses. For conviction to
succeed there must have been the intent to cause the modifications and knowledge that the modification had not been authorized
What is the law called?
A. Computer Misuse Act 1990
B. Computer incident Act 2000
C. Cyber Crime Law Act 2003
D. Cyber Space Crime Act 1995
Correct Answer: A
Explanation
Explanation/Reference:
Computer Misuse Act (1990) creates three criminal offences:

QUESTION 4
Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester,
why would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures
from a sniff dumo.)
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400
05/20-17:06:58.685879 192.160.13.4:31337 -> 172.16.1.101:1024 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
D. There packets were created by a tool; they were not created by a standard IP stack.
Correct Answer: B
Explanation
Explanation/Reference:
Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of `elite’, meaning `elite hackers’.

QUESTION 5
Your company trainee Sandra asks you which are the four existing Regional Internet Registry (RIR’s)?A. APNIC, PICNIC, ARIN, LACNIC
B. RIPE NCC, LACNIC, ARIN, APNIC
C. RIPE NCC, NANIC, ARIN, APNIC
D. RIPE NCC, ARIN, APNIC, LATNIC
Correct Answer: B
Explanation
Explanation/Reference:
All other answers include non existing organizations (PICNIC, NANIC, LATNIC). See http://www.arin.net/library/internet_info/ripe.html

QUESTION 6
A very useful resource for passively gathering information about a target company is:
A. Host scanning
B. Whois search
C. Traceroute
D. Ping sweep
Correct Answer: B
Explanation
Explanation/Reference:
A, C & D are “Active” scans, the question says: “Passively”

QUESTION 7
You receive an email with the following message:
Hello Steve,
We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the
SuperEmailServices.com and change your password.
http://[email protected]/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never
sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal
numbers. You immediately enter the following at Windows 2000 command prompt:
Ping 0xde.0xad.0xbe.0xef
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
A. 222.173.190.239
B. 233.34.45.64
C. 54.23.56.55
D. 199.223.23.45
Correct Answer: A
Explanation
Explanation/Reference:
0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239

QUESTION 8
Which of the following tools are used for footprinting?(Choose four.
A. Sam Spade
B. NSLookup
C. Traceroute
D. Neotrace
E. Cheops
Correct Answer: ABCD
Explanation
Explanation/Reference:
All of the tools listed are used for footprinting except Cheops.

QUESTION 9
According to the CEH methodology, what is the next step to be performed after footprinting?
A. Enumeration
B. Scanning
C. System Hacking
D. Social Engineering
E. Expanding InfluenceCorrect Answer: B
Explanation
Explanation/Reference:
Once footprinting has been completed, scanning should be attempted next. Scanning should take place on two distinct levels: network and host.

QUESTION 10
NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish? nslookup
> server <ipaddress>
> set type =any
> ls -d <target.com>
A. Enables DNS spoofing
B. Loads bogus entries into the DNS table
C. Verifies zone security
D. Performs a zone transfer
E. Resets the DNS cache
Correct Answer: D
Explanation
Explanation/Reference:
If DNS has not been properly secured, the command sequence displayed above will perform a zone transfer.

QUESTION 11
While footprinting a network, what port/service should you look for to attempt a zone transfer?
A. 53 UDP
B. 53 TCP
C. 25 UDP
D. 25 TCP
E. 161 UDP
F. 22 TCP
G. 60 TCP
Correct Answer: B
Explanation
Explanation/Reference:
IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there.

QUESTION 12
What is a NULL scan?
A. A scan in which all flags are turned off
B. A scan in which certain flags are off
C. A scan in which all flags are on
D. A scan in which the packet size is set to zero
E. A scan with a illegal packet size
Correct Answer: A
Explanation
Explanation/Reference:
A null scan has all flags turned off.

QUESTION 13
What is the proper response for a NULL scan if the port is open?
A. SYN
B. ACK
C. FIN
D. PSH
E. RST
F. No response
Correct Answer: F
Explanation
Explanation/Reference:
A NULL scan will have no response if the port is open.

QUESTION 14
Which of the following statements about a zone transfer correct?(Choose three.
A. A zone transfer is accomplished with the DNS
B. A zone transfer is accomplished with the nslookup service
C. A zone transfer passes all zone information that a DNS server maintains
D. A zone transfer passes all zone information that a nslookup server maintains
E. A zone transfer can be prevented by blocking all inbound TCP port 53 connections
F. Zone transfers cannot occur on the Internet
Correct Answer: ACE
Explanation
Explanation/Reference:Securing DNS servers should be a priority of the organization. Hackers obtaining DNS information can discover a wealth of information about an organization.
This information can be used to further exploit the network.

QUESTION 15
You have the SOA presented below in your Zone. Your secondary servers have not been able to contact your primary server to synchronize information. How long
will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA,cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)
A. One day
B. One hour
C. One week
D. One month
Correct Answer: C
Explanation
Explanation/Reference:
The numbers represents the following values:
200302028; se = serial number
3600; ref = refresh = 1h
3600; ret = update retry = 1h
604800; ex = expiry = 1w
3600; min = minimum TTL = 1h

QUESTION 16
Sara is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records
(delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Sara is trying to accomplish? Select the best
answer.
A. A zone harvesting
B. A zone transfer
C. A zone update
D. A zone estimate
Correct Answer: B
Explanation
Explanation/Reference:
The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized
using a master-slave method where the slaves get updated DNS information from the master DNS. One should configure the master DNS server to allow zone
transfers only from secondary (slave) DNS servers but this is often not implemented. By connecting to a specific DNS server and successfully issuing the ls d
domain-name > file-name you have initiated a zone transfer.

QUESTION 17
A zone file consists of which of the following Resource Records (RRs)?
A. DNS, NS, AXFR, and MX records
B. DNS, NS, PTR, and MX records
C. SOA, NS, AXFR, and MX records
D. SOA, NS, A, and MX records
Correct Answer: D
Explanation
Explanation/Reference:
The zone file typically contains the following records:
SOA Start Of Authority
NS Name Server record
MX Mail eXchange record
A Address record

QUESTION 18
Let’s imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product
that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With
a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select
the Best Answer.)
A. Install DNS logger and track vulnerable packets
B. Disable DNS timeouts
C. Install DNS Anti-spoofing
D. Disable DNS Zone Transfer
Correct Answer: C
Explanation
Explanation/Reference:
Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur.

QUESTION 19
Which DNS resource record can indicate how long any “DNS poisoning” could last?
A. MX
B. SOA
C. NS
D. TIMEOUT
Correct Answer: B
ExplanationExplanation/Reference:
The SOA contains information of secondary servers, update intervals and expiration times.

QUESTION 20
Joseph was the Web site administrator for the Mason Insurance in New York, who’s main Web site was located at www.masonins.com. Joseph uses his laptop
computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason
Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker’s message ”Hacker Message: You are dead!
Freaks!” From his office, which was directly connected to Mason Insurance’s internal network, Joseph surfed to the Web site using his laptop. In his browser, the
Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared
defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web
site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal
network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal
the following web page:
[email protected] [email protected]:
Y0u @re [email protected]! [email protected]!
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web
server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.
How did the attacker accomplish this hack?
A. ARP spoofing
B. SQL injection
C. DNS poisoning
D. Routing table injection
Correct Answer: C
Explanation
Explanation/Reference:
External calls for the Web site has been redirected to another server by a successful DNS poisoning.

QUESTION 21
Which of the following tools are used for enumeration? (Choose three.)
A. SolarWinds
B. USER2SID
C. Cheops
D. SID2USER
E. DumpSec
Correct Answer: BDE
Explanation
Explanation/Reference:
USER2SID, SID2USER, and DumpSec are three of the tools used for system enumeration. Others are tools such as NAT and Enum. Knowing which tools are
used in each step of the hacking methodology is an important goal of the CEH exam. You should spend a portion of your time preparing for the test practicing with
the tools and learning to understand their output.

QUESTION 22
What did the following commands determine?
C : user2sid \earth guest
S-1-5-21-343818398-789336058-1343024091-501
C:sid2user 5 21 343818398 789336058 1343024091 500
Name is Joe
Domain is EARTH
A. That the Joe account has a SID of 500
B. These commands demonstrate that the guest account has NOT been disabled
C. These commands demonstrate that the guest account has been disabled
D. That the true administrator is Joe
E. Issued alone, these commands prove nothing
Correct Answer: D
Explanation
Explanation/Reference:
One important goal of enumeration is to determine who the true administrator is. In the example above, the true administrator is Joe.

QUESTION 23
Which definition among those given below best describes a covert channel?
A. A server program using a port that is not well known.
B. Making use of a protocol in a way it is not intended to be used.
C. It is the multiplexing taking place on a communication link.
D. It is one of the weak channels used by WEP which makes it insecure.
Correct Answer: B
Explanation
Explanation/Reference:
A covert channel is described as: “any communication channel that can be exploited by a process to transfer information in a manner that violates the systems
security policy.” Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users
or system processes that normally would not be allowed access to the information.

QUESTION 24
Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic
destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?A. A sniffing attack
B. A spoofing attack
C. A man in the middle attack
D. A denial of service attack
Correct Answer: C
Explanation
Explanation/Reference:
A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party
knowing that the link between them has been compromised.

QUESTION 25
Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world
exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two
remote ends of the communication never notice that Eric is relaying the information between the two.
What would you call this attack?
A. Interceptor
B. Man-in-the-middle
C. ARP Proxy
D. Poisoning Attack
Correct Answer: B
Explanation
Explanation/Reference:
A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party
knowing that the link between them has been compromised.

QUESTION 26
Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM
tool to enumerate Alice machine. From the command prompt, she types the following command.
For /f “tokens=1 %%a in (hackfile.txt) do net use * \\10.1.2.3\c$ /user:”Administrator” %%a What is Eve trying to do?
A. Eve is trying to connect as an user with Administrator privileges
B. Eve is trying to enumerate all users with Administrative privileges
C. Eve is trying to carry out a password crack for user Administrator
D. Eve is trying to escalate privilege of the null user to that of Administrator
Correct Answer: C
Explanation
Explanation/Reference:
Eve tries to get a successful login using the username Administrator and passwords from the file hackfile.txt.

QUESTION 27
LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will
attack the weaker protocol. A successful attack can compromise the user’s password. How do you disable LM authentication in Windows XP?
A. Stop the LM service in Windows XP
B. Disable LSASS service in Windows XP
C. Disable LM authentication in the registry
D. Download and install LMSHUT.EXE tool from Microsoft website
Correct Answer: C
Explanation
Explanation/Reference:
http://support.microsoft.com/kb/299656

QUESTION 28
How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating
simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.
A. Session Splicing
B. Session Stealing
C. Session Hijacking
D. Session Fragmentation
Correct Answer: A
Explanation

QUESTION 29
Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
A. Covert keylogger
B. Stealth keylogger
C. Software keylogger
D. Hardware keylogger
Correct Answer: D
Explanation
Explanation/Reference:As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products.

QUESTION 30
_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to
another.
A. Canonicalization
B. Character Mapping
C. Character Encoding
D. UCS transformation formats
Correct Answer: A
Explanation
Explanation/Reference:
Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a “standard” canonical representation.
This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the
efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.

QUESTION 31
You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where? Select the best
answer.
A. %windir%\\etc\\services
B. system32\\drivers\\etc\\services
C. %windir%\\system32\\drivers\\etc\\services
D. /etc/services
E. %windir%/system32/drivers/etc/services
Correct Answer: C
Explanation
Explanation/Reference:
%windir%\\system32\\drivers\\etc\\services is the correct place to look for this information.

QUESTION 32
One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true
statements that you would point out? Select the best answers.
A. John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn’t show if the password is upper or lower case.
B. BY using NTLMV1, you have implemented an effective countermeasure to password cracking.
C. SYSKEY is an effective countermeasure.
D. If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899.
E. Enforcing Windows complex passwords is an effective countermeasure.
Correct Answer: ACE
Explanation
Explanation/Reference:
John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn’t show if the password is upper or lower case. John the
Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output
doesn’t show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version
2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to “send NTLMv2
responses only”. SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7
characters or less, the has will be passed with the following characters:
0xAAD3B435B51404EE
Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3
of the following 4 items: upper case, lower case, special characters, and numbers.

QUESTION 33
In the following example, which of these is the “exploit”? Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the
Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting.
Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial
websites.
Select the best answer.
A. Microsoft Corporation is the exploit.
B. The security “hole” in the product is the exploit.
C. Windows 2003 Server
D. The exploit is the hacker that would use this vulnerability.
E. The documented method of how to use the vulnerability to gain unprivileged access.
Correct Answer: E
Explanation
Explanation/Reference:
Microsoft is not the exploit, but if Microsoft documents how the vulnerability can be used to gain unprivileged access, they are creating the exploit. If they just say
that there is a hole in the product, then it is only a vulnerability. The security “hole” in the product is called the “vulnerability”. It is documented in a way that shows
how to use the vulnerability to gain unprivileged access, and it then becomes an “exploit”. In the example given, Windows 2003 Server is the TOE (Target of
Evaluation). A TOE is an IT System, product or component that requires security evaluation or is being identified. The hacker that would use this vulnerability is
exploiting it, but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged access is the correct answer.

QUESTION 34
Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He
enables blocking the intruder’s IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his
network hackers on the Internet.
But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that
the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as notto get caught by the firewall use.
Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return
to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that
will be prepared to accept from a particular IP address. This action will slow the intruder’s attempts.
Samuel wants to completely block hackers brute force attempts on his network.
What are the alternatives to defending against possible brute-force password attacks on his site?
A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users
B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually
C. Enforce complex password policy on your network so that passwords are more difficult to brute force
D. You can’t completely block the intruders attempt if they constantly switch proxies
Correct Answer: D
Explanation
Explanation/Reference:
Without knowing from where the next attack will come there is no way of proactively block the attack. This is becoming a increasing problem with the growth of
large bot nets using ordinary workstations and home computers in large numbers.

QUESTION 35
What do you conclude from the nmap results below?
Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/)
(The 1592 ports scanned but not shown below are in state: closed)
PortStateService
21/tcpopenftp
25/tcpopensmtp
80/tcpopenhttp
443/tcpopenhttps
Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed 1 IP address (1 host up) scanned in 91.66
seconds
A. The system is a Windows Domain Controller.
B. The system is not firewalled.
C. The system is not running Linux or Solaris.
D. The system is not properly patched.
Correct Answer: B
Explanation
Explanation/Reference:
There is no reports of any ports being filtered.

QUESTION 36
Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main
web page. He first attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and
achieves no progress. Finally, he tries to overwrite it with another page again in vain.
What is the probable cause of Bill’s problem?
A. The system is a honeypot.
B. There is a problem with the shell and he needs to run the attack again.
C. You cannot use a buffer overflow to deface a web page.
D. The HTML file has permissions of ready only.
Correct Answer: D
Explanation
Explanation/Reference:
The question states that Bill had been able to spawn an interactive shell. By this statement we can tell that the buffer overflow and its corresponding code was
enough to spawn a shell. Any shell should make it possible to change the webpage. So we either don’t have sufficient privilege to change the webpage (answer D)
or it’s a honeypot (answer A). We think the preferred answer is D

QUESTION 37
Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.
Which of the choices below indicate the other features offered by Snort?
A. IDS, Packet Logger, Sniffer
B. IDS, Firewall, Sniffer
C. IDS, Sniffer, Proxy
D. IDS, Sniffer, content inspector
Correct Answer: A
Explanation
Explanation/Reference:
Snort is a free software network intrusion detection and prevention system capable of performing packet logging & real-time traffic analysis, on IP networks. Snort
was written by Martin Roesch but is now owned and developed by Sourcefire

QUESTION 38
The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are
successful. From the options given below choose the one best interprets the following entry:Apr 26 06:43:05 [6282] IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)
pass4itsure question
Interpret the following entry:
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107.53
A. An IDS evasion technique
B. A buffer overflow attempt
C. A DNS zone transfer
D. Data being retrieved from 63.226.81.13.
Correct Answer: B
Explanation
Explanation/Reference:
The IDS log file is depicting numerous attacks, however, most of them are from different attackers, in reference to the attack in question, he is trying to mask his
activity by trying to act legitimate, during his session on the honeypot, he changes users two times by using the “su” command, but never triess to attempt
anything to severe.

QUESTION 39
When referring to the Domain Name Service, what is denoted by a `zone’?
A. It is the first domain that belongs to a company.
B. It is a collection of resource records.
C. It is the first resource record type in the SOA.
D. It is a collection of domains.
Correct Answer: B
Explanation
Explanation/Reference:
A reasonable definition of a zone would be a portion of the DNS namespace where responsibility has been delegated.

QUESTION 40
Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against
companies.
What do you think is the main reason behind the significant increase in hacking attempts over the past years?
A. It is getting more challenging and harder to hack for non technical people.
B. There is a phenomenal increase in processing power.
C. New TCP/IP stack features are constantly being added.
D. The ease with which hacker tools are available on the Internet.
Correct Answer: D
Explanation
Explanation/Reference:
Today you don’t need to be a good hacker in order to break in to various systems, all you need is the knowledge to use search engines on the internet.

QUESTION 41
You are doing IP spoofing while you scan your target. You find that the target has port 23 open.Anyway you are unable to connect. Why?
A. A firewall is blocking port 23
B. You cannot spoof + TCP
C. You need an automated telnet tool
D. The OS does not reply to telnet even if port 23 is open
Correct Answer: A
Explanation
Explanation/Reference:
The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of
three states “open”, “closed”, or “filtered” a port can be in an “open” state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for
bsd). C and D to make any sense for this question, their bogus, and B, “You cannot spoof + TCP”, well you can spoof + TCP, so we strike that out.

QUESTION 42
While examining a log report you find out that an intrusion has been attempted by a machine whose IP address is displayed as 0xde.0xad.0xbe.0xef. It looks toyou like a hexadecimal number. You perform a ping 0xde.0xad.0xbe.0xef. Which of the following IP addresses will respond to the ping and hence will likely be
responsible for the the intrusion ?
A. 192.10.25.9
B. 10.0.3.4
C. 203.20.4.5
D. 222.273.290.239
E. 222.173.290.239
Correct Answer: E
Explanation
Explanation/Reference:
Convert the hex number to binary and then to decimal.
0xde.0xad.0xbe.0xef translates to 222.173.190.239 and not 222.273.290.239
0xef =
15*1 = 15
14*16 = 224
______
= 239
0xbe =
14*1 = 14
11*16 = 176
______
= 190
0xad =
13*1 = 13
10*16 = 160
______
= 173
0xde =
14*1 = 14
13*16 = 208
______
= 222

QUESTION 43
All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?
A. They are all Windows based webserver
B. They are all Unix based webserver
C. The company is not using IDS
D. The company is not using a stateful firewall
Correct Answer: D
Explanation
Explanation/Reference:
If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.

QUESTION 44
What is a sheepdip?
A. It is another name for Honeynet
B. It is a machine used to coordinate honeynets
C. It is the process of checking physical media for virus before they are used in a computer
D. None of the above
Correct Answer: C
Explanation
Explanation/Reference:
Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a
computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not
connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

QUESTION 45
If you come across a sheepdip machine at your client’s site, what should you do?
A. A sheepdip computer is used only for virus-checking.
B. A sheepdip computer is another name for a honeypot
C. A sheepdip coordinates several honeypots.
D. A sheepdip computers defers a denial of service attack.
Correct Answer: A
Explanation
Explanation/Reference:
Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a
computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not
connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

QUESTION 46
A Successfully Attack by a malicious hacker can divide into five phases, Match the order:
pass4itsure question

pass4itsure question

Explanation
Explanation/Reference:
So, Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to
launching an attack

QUESTION 47
Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is
unaware that their actions are being monitored.
pass4itsure question
pass4itsure question
How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)
A. Alternate between typing the login credentials and typing characters somewhere else in the focus window
B. Type a wrong password first, later type the correct password on the login page defeating the keylogger recording
C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
D. The next key typed replaces selected text portion. E.g. if the password is “secret”, one could type “s”, then some dummy keys “asdfsd”.Then these dummies
could be selected with mouse, and next character from the password “e” is typed, which replaces the dummies”asdfsd”
E. The next key typed replaces selected text portion. E.g. if the password is “secret”, one could type “s”, then some dummy keys “asdfsd”.Then these dummies
could be selected with mouse, and next character from the password “e” is typed, which replaces the dummies”asdfsd”
Correct Answer: ACDE
Explanation
Explanation/Reference:

QUESTION 48
Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by
sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few
responses?
A. Only Windows systems will reply to this scan.
B. A switched network will not respond to packets sent to the broadcast address.
C. Only Linux and Unix-like (Non-Windows) systems will reply to this scan.
D. Only servers will reply to this scan.
Correct Answer: C
Explanation

QUESTION 49
Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds
some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this
computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?
A. The initial traffic from 192.168.12.35 was being spoofed.
B. The traffic from 192.168.12.25 is from a Linux computer.
C. The TTL of 21 means that the client computer is on wireless.
D. The client computer at 192.168.12.35 is a zombie computer.
Correct Answer: A
Explanation

QUESTION 50
Here is the ASCII Sheet.You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection technique.
What is the correct syntax?
pass4itsure 312-50 exam question
A. Option A
B. Option B
C. Option C
D. Option D
Correct Answer: A
Explanation

QUESTION 51
How do you defend against ARP Poisoning attack? (Select 2 answers)
pass4itsure 312-50 exam question
A. Enable DHCP Snooping Binding Table
B. Restrict ARP Duplicates
C. Enable Dynamic ARP Inspection
D. Enable MAC snooping Table
Correct Answer: AC
Explanation
Explanation/Reference:

QUESTION 52
Neil is an IT security consultant working on contract for Davidson Avionics. Neil has been hired to audit the network of Davidson Avionics. He has been given
permission to perform any tests necessary. Neil has created a fake company ID badge and uniform. Neil waits by one of the company’s entrance doors and
follows an employee into the office after they use their valid access card to gain entrance. What type of social engineering attack has Neil employed here?
A. Neil has used a tailgating social engineering attack to gain access to the offices
B. He has used a piggybacking technique to gain unauthorized access
C. This type of social engineering attack is called man trapping
D. Neil is using the technique of reverse social engineering to gain access to the offices of Davidson Avionics
Correct Answer: A
Explanation

QUESTION 53
Which of the following represent weak password? (Select 2 answers)
A. Passwords that contain letters, special characters, and numbers Example: ap1$%##[email protected]
B. Passwords that contain only numbers Example: 23698217
C. Passwords that contain only special characters Example: &*#@!(%)
D. Passwords that contain letters and numbers Example: meerdfget123
E. Passwords that contain only letters Example: QWERTYKLRTY
F. Passwords that contain only special characters and numbers Example: [email protected]$45
G. Passwords that contain only letters and special characters Example: [email protected]&ba
H. Passwords that contain Uppercase/Lowercase from a dictionary list Example: OrAnGe
Correct Answer: EH
Explanation

QUESTION 54
Harold just got home from working at Henderson LLC where he works as an IT technician. He was able to get off early because they were not too busy. When he
walks into his home office, he notices his teenage daughter on the computer, apparently chatting with someone online. As soon as she hears Harold enter the
room, she closes all her windows and tries to act like she was playing a game. When Harold asks her what she was doing, she acts very nervous and does not
give him a straight answer. Harold is very concerned because he does not want his daughter to fall victim to online predators and the sort. Harold doesn’t
necessarily want to install any programs that will restrict the sites his daughter goes to, because he doesn’t want to alert her to his trying to figure out what she is
doing. Harold wants to use some kind of program that will track her activities online, and send Harold an email of her activity once a day so he can see what she
has been up to. What kind of software could Harold use to accomplish this?
A. Install hardware Keylogger on her computer
B. Install screen capturing Spyware on her computer
C. Enable Remote Desktop on her computer
D. Install VNC on her computer
Correct Answer: BExplanation

QUESTION 55
Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client but he wants to know if the email is forwarded on to any other
recipients. The client is explicitly asked not to re-send the email since that would be a violation of the lawyer’s and client’s agreement for this particular case. What
can Blane use to accomplish this?
A. He can use a split-DNS service to ensure the email is not forwarded on.
B. A service such as HTTrack would accomplish this.
C. Blane could use MetaGoofil tracking tool.
D. Blane can use a service such as ReadNotify tracking tool.
Correct Answer: D
Explanation

QUESTION 56
You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be
enabled in SQL Server to launch these attacks?
A. System services
B. EXEC master access
C. xp_cmdshell
D. RDC
Correct Answer: C
Explanation

QUESTION 57
Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a
big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an
account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/
mail.asp? mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp? mailbox=Katy&Sanchez=121%22 Kevin is trying to
access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy’s mailbox?
A. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access
B. By changing the mailbox’s name in the URL, Kevin is attempting directory transversal
C. Kevin is trying to utilize query string manipulation to gain access to her email account
D. He is attempting a path-string attack to gain access to her mailbox
Correct Answer: C
Explanation

QUESTION 58
Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy’s
first task is to scan all the company’s external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the
website. James types in the following statement in the username field:
SELECT * from Users where username=’admin’ ?AND password=” AND email like ‘%@testers.com%’
What will the SQL statement accomplish?
A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin
B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com
C. This Select SQL statement will log James in if there are any users with NULL passwords
D. James will be able to see if there are any default user accounts in the SQL database
Correct Answer: A
Explanation

Free Download latest EC-Council 312-50 PDF and EC-Council 312-50 exam dumps online practice from pass4itsure.
All content is from the actual exam questions provided by the Pass4itsure experts.
Pass4itsure is now here to help you with your 312-50 exam certification problems. Because we are the best 312-50 exam
questions training material providing vendor, all of our candidates get through 312-50 exam without any problem.

[PDF] Free EC-Council 312-50 dumps download from Google Drive:
https://drive.google.com/open?id=1za6PhjZusQGmQzyonhaGbeQY0QWU_6tb

[PDF] Free All EC-Council dumps download from Google Drive:
https://drive.google.com/open?id=10v4eiGHFoVEcWKyPY50kwI9R7HuKL9Rr

Pass4itsure Promo Code 15% Off

pass4itsure coupon

related: https://www.braindumpscity.com/real-latest-ccna-data-center-200-155-dumps.html

Comments are closed.