The Secret of ceh exam 312-50 pdf

Want to know Pass4sure 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Highest Quality EC-Council 312-50 answers to Most recent 312-50 questions at Pass4sure. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

2016 Jul 312-50 exam cost:

Q421. Clive has been hired to perform a Black-Box test by one of his clients. 

How much information will Clive obtain from the client before commencing his test? 

A. IP Range, OS, and patches installed. 

B. Only the IP address range. 

C. Nothing but corporate name. 

D. All that is available from the client site. 

Answer: C

Explanation: Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box (with complete knowledge of the infrastructure to be tested). As you might expect, there are conflicting opinions about this choice and the value that either approach will bring to a project. 


Q422. One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out? 

Select the best answers. 

A. John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. 

B. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. 

C. SYSKEY is an effective countermeasure. 

D. If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899. 

E. Enforcing Windows complex passwords is an effective countermeasure. 

Answer: ACE

Explanations: 

John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. John the Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output doesn't show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to "send NTLMv2 responses only". SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7 characters or less, the has will be passed with the following characters: 0xAAD3B435B51404EE Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case, lower case, special characters, and numbers. 


Q423. Dave has been assigned to test the network security of Acme Corp. The test was announced to the employees. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a sand clock to mark the progress of the test. Dave successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond? 

A. The attack did not fall through as the firewall blocked the traffic 

B. The attack was social engineering and the firewall did not detect it 

C. The attack was deception and security was not directly compromised 

D. Security was not compromised as the webpage was hosted internally 

Answer: B

Explanation: This was just another way to trick the information out of the users without the need to hack into any systems. All traffic is outgoing and initiated by the user so the firewall will not react. 


Q424. StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks. 

A. Canary 

B. Hex editing 

C. Format checking 

D. Non-executing stack 

Answer: A

Explanation: Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system. 


Q425. eter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? 

Select the best answers. 

A. SNMPUtil 

B. SNScan 

C. SNMPScan 

D. Solarwinds IP Network Browser 

E. NMap 

Answer: ABD

Explanations: 

SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree-view of the remote machine's SNMP data. 


312-50 exams

Renovate 312-50 vce:

Q426. Which of the following Exclusive OR transforms bits is NOT correct? 

A. 0 xor 0 = 0 

B. 1 xor 0 = 1 

C. 1 xor 1 = 1 

D. 0 xor 1 = 1 

Answer: C


Q427. Choose one of the following pseudo codes to describe this statement: 

If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data. 

A. If (I > 200) then exit (1) 

B. If (I < 200) then exit (1) 

C. If (I <= 200) then exit (1) 

D. If (I >= 200) then exit (1) 

Answer: D


Q428. You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place. 


-DNS query is sent to the DNS server to resolve www.google.com 

-DNS server replies with the IP address for Google? 

-SYN packet is sent to Google. 

-Google sends back a SYN/ACK packet 

-Your computer completes the handshake by sending an ACK 

-The connection is established and the transfer of data commences 

Which of the following packets represent completion of the 3-way handshake? 

A. 4th packet 

B. 3rdpacket 

C. 6th packet 

D. 5th packet 

Answer: D


Q429. What is the best means of prevention against viruses? 

A. Assign read only permission to all files on your system. 

B. Remove any external devices such as floppy and USB connectors. 

C. Install a rootkit detection tool. 

D. Install and update anti-virus scanner. 

Answer: D

Explanation: Although virus scanners only can find already known viruses this is still the best defense, together with users that are informed about risks with the internet. 


Q430. Bank of Timbuktu was a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently, using which customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser. 

John Stevens was in charge of information security at Bank of Timbuktu. After one month in production, several customers complained about the Internet enabled banking application. Strangely, the account balances of many bank’s customers has been changed! 

However, money hadn’t been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application’s logs and found the following entries: 

Attempted login of unknown user: John Attempted login of unknown user: sysaR Attempted login of unknown user: sencat Attempted login of unknown user: pete ‘’; Attempted login of unknown user: ‘ or 1=1--Attempted login of unknown user: ‘; drop table logins--Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x90627579944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike 

What kind of attack did the Hacker attempt to carry out at the bank? (Choose the best answer) 

A. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID. 

B. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason’s session. 

C. The Hacker attempted a brute force attack to guess login ID and password using password cracking tools. 

D. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability. 

Answer: A

Explanation: The following part: Attempted login of unknown user: pete ‘’; Attempted login of unknown user: ‘ or 1=1--Attempted login of unknown user: ‘; drop table logins--Clearly shows a hacker trying to perform a SQL injection by bypassing the login with the statement 1=1 and then dumping the logins table. 



see more 312-50 dumps