You might be proceeding to obtain any significant score which could lead to one to become pass analyze with all the aid involving Testking 312-50 braindumps. Also therefore, you may possibly obtain the complete refund inside bank-account of ones person malfunction from your 312-50 exam along with all the 1st attempt involving employing every single regarding the own merchandise. Regardless of what an person ought to be in a position to attain will be generally to be able to mail the particular current 312-50 transcript and additionally some other pertinent forms to suit the needs to be able to us. Lots of us can easily easily mail the particular current income rear although just before extended probable shortly correct after confirming the particular current info.
2016 Oct intitle index of 312-50 pdf:
Q171. Which of the following nmap command in Linux procedures the above output?
A. sudo nmap –sP 192.168.0.1/24
B. root nmap –sA 192.168.0.1/24
C. run nmap –TX 192.168.0.1/24
D. launch nmap –PP 192.168.0.1/24
Explanation: This is an output from a ping scan. The option –sP will give you a ping scan of the 192.168.0.1/24 network.
Topic 4, Enumeration
129. Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?
Explanation: The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.
Q172. You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges?
D. Whatever account IIS was installed with
Explanation: If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM.
Q173. Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?
alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg: "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) alert
A. The payload of 485 is what this Snort signature will look for.
B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.
C. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.
D. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.
Q174. MX record priority increases as the number increases.(True/False.
Explanation: The highest priority MX record has the lowest number.
Q175. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?
A. All are hacking tools developed by the legion of doom
B. All are tools that can be used not only by hackers, but also security personnel
C. All are DDOS tools
D. All are tools that are only effective against Windows
E. All are tools that are only effective against Linux
Explanation: All are DDOS tools.
Renewal ceh 312-50 dumps:
Q176. Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually in place to secure the company's network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company is lacking in. This report then becomes the basis for all of Charlie's remaining tests.
What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?
A. Charlie has performed a BREACH analysis; showing the company where its weak points are
B. This analysis would be considered a vulnerability analysis
C. This type of analysis is called GAP analysis
D. This initial analysis performed by Charlie is called an Executive Summary
Explanation: In business and economics, gap analysis is a tool that helps a company to compare its actual performance with its potential performance.
At its core are two questions: "Where are we?" and "Where do we want to be?".
Q177. You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:\) for data with the following text “Credit Card” and “password”. It then zips all the scanned files and sends an email to a predefined hotmail address.
You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent?
Explanation: HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted.
Topic 7, Sniffers
ettercap –NCLzs --quiet
What does the command in the exhibit do in “Ettercap”?
A. This command will provide you the entire list of hosts in the LAN
B. This command will check if someone is poisoning you and will report its IP.
C. This command will detach from console and log all the collected passwords from the network to a file.
D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.
Explanation: -N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the
-z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
--quiet = "demonize" ettercap. Useful if you want to log all data in background.
Q178. The United Kingdom (UK) he passed a law that makes hacking into an unauthorized network a felony.
The law states:
Section1 of the Act refers to unauthorized access to computer material. This states that a person commits an offence if he causes a computer to perform any function with intent to secure unauthorized access to any program or data held in any computer. For a successful conviction under this part of the Act, the prosecution must prove that the access secured is unauthorized and that the suspect knew that this was the case. This section is designed to deal with common-or-graden hacking.
Section 2 of the deals with unauthorized access with intent to commit or facilitate the commission of further offences. An offence is committed under Section 2 if a Section 1 offence has been committed and there is the intention of committing or facilitating a further offense (any offence which attacks a custodial sentence of more than five years, not necessarily one covered but the Act). Even if it is not possible to prove the intent to commit the further offence, the Section 1 offence is still committed.
Section 3 Offences cover unauthorized modification of computer material, which generally means the creation and distribution of viruses. For conviction to succeed there must have been the intent to cause the modifications and knowledge that the modification had not been authorized
What is the law called?
A. Computer Misuse Act 1990
B. Computer incident Act 2000
C. Cyber Crime Law Act 2003
D. Cyber Space Crime Act 1995
Explanation: Computer Misuse Act (1990) creates three criminal offences:
Q179. Microsoft Authenticode technology is used for:
A. Digital Signing Activex controls
B. Digitally signing SSL Certificates
D. Digitally Signing Java Applets
Explanation: Authenticode identifies the publisher of signed software and verifies that it hasn't been tampered with, before users download software to their PCs. As a result, end users can make a more informed decision as to whether or not to download code. Authenticode relies on digital certificates and is based on specifications that have been used successfully in the industry for some time, including Public Key Cryptography Standards (PKCS) #7 (encrypted key specification), PKCS #10 (certificate request formats), X.509 (certificate specification), and Secure Hash Algorithm (SHA) and MD5 hash algorithms.
Q180. Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet.
What could be the most likely cause?
A. Someone has spoofed Clive’s IP address while doing a smurf attack.
B. Someone has spoofed Clive’s IP address while doing a land attack.
C. Someone has spoofed Clive’s IP address while doing a fraggle attack.
D. Someone has spoofed Clive’s IP address while doing a DoS attack.
Explanation: The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.
see more 312-50 dumps