The Only Tip You Need: ceh official certified ethical hacker review guide exam 312-50 pdf

Want to know Actualtests 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Guaranteed EC-Council 312-50 answers to Latest 312-50 questions at Actualtests. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

2016 Sep intitle index of 312-50 pdf:

Q31. Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host? 

A. Honeypot 

B. DMZ host 

C. DWZ host 

D. Bastion Host 

Answer: D

Explanation: A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. Depending on a network's complexity and configuration, a single bastion host may stand guard by itself, or be part of a larger security system with different layers of protection. 


Q32. Which of the following tools are used for footprinting?(Choose four. 

A. Sam Spade 

B. NSLookup 

C. Traceroute 

D. Neotrace 

E. Cheops 

Answer: ABCD 

Explanation: All of the tools listed are used for footprinting except Cheops. 


Q33. Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three) 

A. Converts passwords to uppercase. 

B. Hashes are sent in clear text over the network. 

C. Makes use of only 32 bit encryption. 

D. Effective length is 7 characters. 

Answer: ABD

Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes them self are sent in clear text over the network instead of sending the password in clear text. 


Q34. James is an IT security consultant as well as a certified ethical hacker. James has been asked to audit the network security of Yerta Manufacturing, a tool manufacturing company in Phoenix. James performs some initial external tests and then begins testing the security from inside the company's network. 

James finds some big problems right away; a number of users that are working on Windows XP computers have saved their usernames and passwords used to connect to servers on the network. This way, those users do not have to type in their credentials every time they want access to a server. James tells the IT manager of Yerta Manufacturing about this, and the manager does not believe this is possible on Windows XP. To prove his point, James has a user logon to a computer and then James types in a command that brings up a window that says "Stored User Names and Passwords". 

What command did James type in to get this window to come up? 

A. To bring up this stored user names and passwords window, James typed in "rundll32.exe storedpwd.dll, ShowWindow" 

B. James had to type in "rundll32.exe keymgr.dll, KRShowKeyMgr" to get the window to pop up 

C. James typed in the command "rundll32.exe storedpwd.dll" to get the Stored User Names and Passwords window to come up 

D. The command to bring up this window is "KRShowKeyMgr" 

Answer: B

Explanation: The Stored User Names and Passwords applet lets you assign user names and passwords to use when needing to authenticate yourself to services in domains other than the one you are currently logged into. The normal way of running this applet can be difficult to find quickly, so here is a way to launch it using a desktop shortcut using the rundll32.exe program: 

Click on START - RUN and type the following (follwed by ENTER): rundll32.exe 

keymgr.dll,KRShowKeyMgr 

http://www.tweakxp.com/article37352.aspx 


Q35. If you send a SYN to an open port, what is the correct response?(Choose all correct answers. 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

Answer: AB

Explanation: The proper response is a SYN / ACK. This technique is also known as half-open scanning. 


312-50 practice

Up to the minute 312-50 exam cost:

Q36. Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here? 

A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan 

B. She is utilizing a SYN scan to find live hosts that are listening on her network 

C. The type of scan, she is using is called a NULL scan 

D. Hayden is using a half-open scan to find live hosts on her network 

Answer: D


Q37. Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. 

What would you call this attack? 

A. Interceptor 

B. Man-in-the-middle 

C. ARP Proxy 

D. Poisoning Attack 

Answer: B

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. 


Q38. Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position. 

Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around but the program he is using does not seem to be capturing anything. He pours through the sniffer’s manual but can’t find anything that directly relates to his problem. Harold decides to ask the network administrator if the has any thoughts on the problem. Harold is told that the sniffer was not working because the agency’s network is a switched network, which can’t be sniffed by some programs without some tweaking. 

What technique could Harold use to sniff agency’s switched network? 

A. ARP spoof the default gateway 

B. Conduct MiTM against the switch 

C. Launch smurf attack against the switch 

D. Flood switch with ICMP packets 

Answer: A

Explanation: ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack). The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). 


Q39. Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless router’s management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop. 

What is Paul seeing here? 

A. MAC Spoofing 

B. Macof 

C. ARP Spoofing 

D. DNS Spoofing 

Answer: A

Explanation: You can fool MAC filtering by spoofing your MAC address and pretending to have some other computers MAC address. 


Topic 16, Virus and Worms 

423. Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware? 

A. System integrity verification tools 

B. Anti-Virus Software 

C. A properly configured gateway 

D. There is no way of finding out until a new updated signature file is released 

Answer: A

Explanation: Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. 


Q40. Which of the following are well know password-cracking programs?(Choose all that apply. 

A. L0phtcrack 

B. NetCat 

C. Jack the Ripper 

D. Netbus 

E. John the Ripper 

Answer: AE

Explanation: L0phtcrack and John the Ripper are two well know password-cracking programs. Netcat is considered the Swiss-army knife of hacking tools, but is not used for password cracking 



see more 312-50 dumps