Pass4sure 312-50 Questions are updated and all 312-50 answers are verified by experts. Once you have completely prepared with our 312-50 exam prep kits you will be ready for the real 312-50 exam without a problem. We have Up to the minute EC-Council 312-50 dumps study guide. PASSED 312-50 First attempt! Here What I Did.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/312-50-exam-dumps.html
Q291. When working with Windows systems, what is the RID of the true administrator account?
A. 500
B. 501
C. 1000
D. 1001
E. 1024
F. 512
Answer: A
Explanation: Because of the way in which Windows functions, the true administrator account always has a RID of 500.
Q292. Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?
A. Yancey would be considered a Suicide Hacker
B. Since he does not care about going to jail, he would be considered a Black Hat
C. Because Yancey works for the company currently; he would be a White Hat
D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing
Answer: A
Q293. Gerald is a Certified Ethical Hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit of the company's network. One of the company's primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company's home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses a session hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client's session; he simply monitors the traffic that passes between it and the server.
What type of session attack is Gerald employing here?
A. He is utilizing a passive network level hijack to see the session traffic used to communicate between the two devices
B. Gerald is using a passive application level hijack to monitor the client and server traffic
C. This type of attack would be considered an active application attack since he is actively monitoring the traffic
D. This type of hijacking attack is called an active network attack
Answer: C
Explanation: Session Hijacking is an active attack
Q294. You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack?
A. Configure routers to restrict the responses to Footprinting requests
B. Configure Web Servers to avoid information leakage and disable unwanted protocols
C. Lock the ports with suitable Firewall configuration
D. Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns
E. Evaluate the information before publishing it on the Website/Intranet
F. Monitor every employee computer with Spy cameras, keyloggers and spy on them
G. Perform Footprinting techniques and remove any sensitive information found on DMZ sites
H. Prevent search engines from caching a Webpage and use anonymous registration services
I. Disable directory and use split-DNS
Answer: F
Q295. Samuel is high school teenager who lives in Modesto California. Samuel is a straight ‘A’ student who really likes tinkering around with computers and other types of electronic devices. Samuel just received a new laptop for his birthday and has been configuring it ever since. While tweaking the registry, Samuel notices a pop up at the bottom of his screen stating that his computer was now connected to a wireless network. All of a sudden, he was able to get online and surf the Internet.
Samuel did some quick research and was able to gain access to the wireless router he was connecting to and see al of its settings? Being able to hop onto someone else’s wireless network so easily fascinated Samuel so he began doing more and more research on wireless technologies and how to exploit them. The next day Samuel’s fried said that he could drive around all over town and pick up hundred of wireless networks. This really excited Samuel so they got into his friend’s car and drove around the city seeing which networks they could connect to and which ones they could not.
What has Samuel and his friend just performed?
A. Wardriving
B. Warwalking
C. Warchalking
D. Webdriving
Answer: A
Explanation: Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect the networks. It was also known (as of 2002) as "WiLDing" (Wireless Lan Driving, although this term never gained any popularity and is no longer used), originating in the San Francisco Bay Area with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio.
Topic 18, Linux Hacking
437. Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.
What is the name of this library?
A. NTPCAP
B. LibPCAP
C. WinPCAP
D. PCAP
Answer: C
Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.
Q296. Study the following exploit code taken from a Linux machine and answer the questions below:
echo “ingreslock stream tcp nowait root /bin/sh sh –I" > /tmp/x;
/usr/sbin/inetd –s /tmp/x;
sleep 10;
/bin/ rm –f /tmp/x AAAA…AAA
In the above exploit code, the command “/bin/sh sh –I" is given.
What is the purpose, and why is ‘sh’ shown twice?
A. The command /bin/sh sh –i appearing in the exploit code is actually part of an inetd configuration file.
B. The length of such a buffer overflow exploit makes it prohibitive for user to enter manually. The second ‘sh’ automates this function.
C. It checks for the presence of a codeword (setting the environment variable) among the environment variables.
D. It is a giveaway by the attacker that he is a script kiddy.
Answer: A
Explanation: What's going on in the above question is the attacker is trying to write to the unix filed /tm/x (his inetd.conf replacement config) -- he is attempting to add a service called ingresslock (which doesnt exist), which is "apparently" suppose to spawn a shell the given port specified by /etc/services for the service "ingresslock", ingresslock is a non-existant service, and if an attempt were made to respawn inetd, the service would error out on that line. (he would have to add the service to /etc/services to suppress the error). Now the question is asking about /bin/sh sh -i which produces an error that should read "sh: /bin/sh: cannot execute binary file", the -i option places the shell in interactive mode and cannot be used to respawn itself.
Q297. Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?
alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg: "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) alert
A. The payload of 485 is what this Snort signature will look for.
B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.
C. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.
D. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.
Answer: B
Q298. Peter has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the External Gateway interface. Further inspection reveals they are not responses from internal hosts request but simply responses coming from the Internet. What could be the likely cause of this?
A. Someone Spoofed Peter’s IP Address while doing a land attack
B. Someone Spoofed Peter’s IP Address while doing a DoS attack
C. Someone Spoofed Peter’s IP Address while doing a smurf Attack
D. Someone Spoofed Peter’s IP address while doing a fraggle attack
Answer: C
Explanation: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target.
Q299. What did the following commands determine?
C : user2sid earth guest S-1-5-21-343818398-789336058-1343024091-501
C:sid2user 5 21 343818398 789336058 1343024091 500 Name is Joe Domain is EARTH
A. That the Joe account has a SID of 500
B. These commands demonstrate that the guest account has NOT been disabled
C. These commands demonstrate that the guest account has been disabled
D. That the true administrator is Joe
E. Issued alone, these commands prove nothing
Answer: D
Explanation: One important goal of enumeration is to determine who the true administrator is. In the example above, the true administrator is Joe.
Q300. The terrorist organizations are increasingly blocking all traffic from North America or from Internet Protocol addresses that point to users who rely on the English Language.
Hackers sometimes set a number of criteria for accessing their website. This information is shared among the co-hackers. For example if you are using a machine with the Linux Operating System and the Netscape browser then you will have access to their website in a convert way. When federal investigators using PCs running windows and using Internet Explorer visited the hacker’s shared site, the hacker’s system immediately mounted a distributed denial-of-service attack against the federal system.
Companies today are engaging in tracking competitor’s through reverse IP address lookup sites like whois.com, which provide an IP address’s domain. When the competitor visits the companies website they are directed to a products page without discount and prices are marked higher for their product. When normal users visit the website they are directed to a page with full-blown product details along with attractive discounts. This is based on IP-based blocking, where certain addresses are barred from accessing a site.
What is this masking technique called?
A. Website Cloaking
B. Website Filtering
C. IP Access Blockade
D. Mirrored WebSite
Answer: A
Explanation: Website Cloaking travels under a variety of alias including Stealth, Stealth scripts, IP delivery, Food Script, and Phantom page technology. It’s hot- due to its ability to manipulate those elusive top-ranking results from spider search engines.
