Want to know Pass4sure 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Virtual EC-Council 312-50 answers to Refresh 312-50 questions at Pass4sure. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/312-50-exam-dumps.html
Q91. Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack?
A. Phishing
B. Denial of Service
C. Cross Site Scripting
D. Backdoor installation
Answer: C
Explanation: This is a typical Type-1 Cross Site Scripting attack. This kind of cross-site scripting hole is also referred to as a non-persistent or reflected vulnerability, and is by far the most common type. These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. If unvalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. A classic example of this is in site search engines: if one searches for a string which includes some HTML special characters, often the search string will be redisplayed on the result page to indicate what was searched for, or will at least include the search terms in the text box for easier editing. If all occurrences of the search terms are not HTML entity encoded, an XSS hole will result.
Q92. You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c
What is the hexadecimal value of NOP instruction?
A. 0x60
B. 0x80
C. 0x70
D. 0x90
Answer: D
Q93. War dialing is one of the oldest methods of gaining unauthorized access to the target systems, it is one of the dangers most commonly forgotten by network engineers and system administrators. A hacker can sneak past all the expensive firewalls and IDS and connect easily into the network. Through wardialing an attacker searches for the devices located in the target network infrastructure that are also accessible through the telephone line.
‘Dial backup’ in routers is most frequently found in networks where redundancy is required. Dial-on-demand routing(DDR) is commonly used to establish connectivity as a backup.
As a security testers, how would you discover what telephone numbers to dial-in to the router?
A. Search the Internet for leakage for target company’s telephone number to dial-in
B. Run a war-dialing tool with range of phone numbers and look for CONNECT Response
C. Connect using ISP’s remote-dial in number since the company’s router has a leased line connection established with them
D. Brute force the company’s PABX system to retrieve the range of telephone numbers to dial-in
Answer: B
Explanation: Use a program like Toneloc to scan the company’s range of phone numbers.
Q94. A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.
What do you think is the most likely reason behind this?
A. There is a NIDS present on that segment.
B. Kerberos is preventing it.
C. Windows logons cannot be sniffed.
D. L0phtcrack only sniffs logons to web servers.
Answer: B
Explanation: In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed.
Q95. Under what conditions does a secondary name server request a zone transfer from a primary name server?
A. When a primary SOA is higher that a secondary SOA
B. When a secondary SOA is higher that a primary SOA
C. When a primary name server has had its service restarted
D. When a secondary name server has had its service restarted
E. When the TTL falls to zero
Answer: A
Explanation: Understanding DNS is critical to meeting the requirements of the CEH. When the serial number that is within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place.
Q96. You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before. How can you retrieve information from the outdated website?
A. Through Google searching cached files
B. Through Archive.org
C. Download the website and crawl it
D. Visit customers' and prtners' websites
Answer: B
Explanation: Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that's the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org
Q97. Dan is conducting a penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?
A. Dan cannot spoof his IP address over TCP network
B. The server will send replies back to the spoofed IP address
C. Dan can establish an interactive session only if he uses a NAT
D. The scenario is incorrect as Dan can spoof his IP and get responses
Answer: B
Explanation: Spoofing your IP address is only effective when there is no need to establish a two way connection as all traffic meant to go to the attacker will end up at the place of the spoofed address.
Q98. How do you defend against ARP Poisoning attack? (Select 2 answers) A. Enable DHCP Snooping Binding Table
B. Restrict ARP Duplicates
C. Enable Dynamic ARP Inspection
D. Enable MAC snooping Table
Answer: AC
Q99. Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
A. Dictionary attack
B. Brute forcing attack
C. Hybrid attack
D. Syllable attack
E. Rule-based attack
Answer: C
Q100. What is the proper response for a X-MAS scan if the port is closed?
A. SYN
B. ACK
C. FIN
D. PSH
E. RST
F. No response
Answer: E
Explanation: Closed ports respond to a X-MAS scan with a RST.
