Avant-garde 312-50 Exam Study Guides With New Update Exam Questions

Master the 312-50 Ethical Hacking and Countermeasures (CEHv6) content and be ready for exam day success quickly with this Ucertify 312-50 practice question. We guarantee it!We make it a reality and give you real 312-50 questions in our EC-Council 312-50 braindumps.Latest 100% VALID EC-Council 312-50 Exam Questions Dumps at below page. You can use our EC-Council 312-50 braindumps and pass your exam.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/312-50-exam-dumps.html

Q241. While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points. What would be the easiest way to circumvent and communicate on the WLAN? 

A. Attempt to crack the WEP key using Airsnort. 

B. Attempt to brute force the access point and update or delete the MAC ACL. 

C. Steel a client computer and use it to access the wireless network. 

D. Sniff traffic if the WLAN and spoof your MAC address to one that you captured. 

Answer: D

Explanation: The easiest way to gain access to the WLAN would be to spoof your MAC address to one that already exists on the network. 


Q242. Exhibit: 

Given the following extract from the snort log on a honeypot, what service is being exploited? : 

A. FTP 

B. SSH 

C. Telnet 

D. SMTP 

Answer:

Explanation: The connection is done to 172.16.1.104:21. 


Q243. You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs? 

A. The zombie you are using is not truly idle. 

B. A stateful inspection firewall is resetting your queries. 

C. Hping2 cannot be used for idle scanning. 

D. These ports are actually open on the target system. 

Answer: A

Explanation: If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you. 


Q244. Which of the following is one of the key features found in a worm but not seen in a virus? 

A. The payload is very small, usually below 800 bytes. 

B. It is self replicating without need for user intervention. 

C. It does not have the ability to propagate on its own. 

D. All of them cannot be detected by virus scanners. 

Answer:

Explanation: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. 


Q245. While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan: 

Starting nmap V. 3.10ALPHA9 ( www.insecure.org/nmap/ <http://www.insecure.org/nmap/> ) Interesting ports on 172.121.12.222: (The 1592 ports scanned but not shown below are in state: filtered) Port State Service 21/tcp open ftp 25/tcp open smtp 53/tcp closed domain 80/tcp open http 443/tcp open https Remote operating system guess: Too many signatures match to reliably guess the OS. Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds 

What should be your next step to identify the OS? 

A. Perform a firewalk with that system as the target IP 

B. Perform a tcp traceroute to the system using port 53 

C. Run an nmap scan with the -v-v option to give a better output 

D. Connect to the active services and review the banner information 

Answer: D

Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application. 


Q246. Which of the following encryption is not based on Block Cipher? 

A. DES 

B. Blowfish 

C. AES 

D. RC4 

Answer: D

Explanation: RC4 (also known as ARC4 or ARCFOUR) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). 

Topic 22, Penetration Testing Methodologies 

556. Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate. 

What would you call this kind of activity? 

A. CI Gathering 

B. Scanning 

C. Dumpster Diving 

D. Garbage Scooping 

Answer: C


Q247. Dan is conducting a penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session? 

A. Dan cannot spoof his IP address over TCP network 

B. The server will send replies back to the spoofed IP address 

C. Dan can establish an interactive session only if he uses a NAT 

D. The scenario is incorrect as Dan can spoof his IP and get responses 

Answer:

Explanation: Spoofing your IP address is only effective when there is no need to establish a two way connection as all traffic meant to go to the attacker will end up at the place of the spoofed address. 


Q248. Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack? 

A. SQL Input attack 

B. SQL Piggybacking attack 

C. SQL Select attack 

D. SQL Injection attack 

Answer: D

Explanation: This technique is known as SQL injection attack 


Q249. Bob has set up three web servers on Windows Server 2003 IIS 6.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of this server because of the potential for financial loss. Bob has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. 

Why will this not be possible? 

A. Firewalls can’t inspect traffic coming through port 443 

B. Firewalls can only inspect outbound traffic 

C. Firewalls can’t inspect traffic coming through port 80 

D. Firewalls can’t inspect traffic at all, they can only block or allow certain ports 

Answer:

Explanation: In order to really inspect traffic and traffic patterns you need an IDS. 


Q250. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use? 

A. 443 

B. 139 

C. 179 

D. 445 

Answer: D