Download of 312-50 exam question materials and braindumps for EC-Council certification for IT learners, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!
2017 Mar 312-50 Study Guide Questions:
Q191. Jack Hacker wants to break into company’s computers and obtain their secret double fudge cookie recipe. Jacks calls Jane, an accountant at company pretending to be an administrator from company. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him “just to double check our records”. Jane does not suspect anything amiss, and parts with her password. Jack can now access company’s computers with a valid user name and password, to steal the cookie recipe.
What kind of attack is being illustrated here? (Choose the best answer)
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity
Explanation: This is a typical case of pretexting. Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone.
Q192. Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search, visits a site using AdSense etc. The information stored in Google's database, identified by the cookie, includes
-Everything you search for using Google -Every web page you visit that has Google Adsense ads
How would you prevent Google from storing your search keywords?
A. Block Google Cookie by applying Privacy and Security settings in your web browser
B. Disable the Google cookie using Google Advanced Search settings on Google Search page
C. Do not use Google but use another search engine Bing which will not collect and store your search keywords
D. Use MAC OS X instead of Windows 7. Mac OS has higher level of privacy controls by default.
Q193. There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption?
Select the best answers.
A. PKI provides data with encryption, compression, and restorability.
B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman.
C. When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption.
D. RSA is a type of encryption.
Explanation: PKI provides confidentiality, integrity, and authenticity of the messages exchanged between these two types of systems. The 3rd party provides the public key and the receiver verifies the message with a combination of the private and public key. Public-key encryption WAS invented in 1976 by Whitfield Diffie and Martin Hellman. The famous hashing algorithm Diffie-Hellman was named after them. The RSA Algorithm is created by the RSA Security company that also has created other widely used encryption algorithms.
Latest 312-50 free question:
Q194. Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?
A. RSA, LSA, POP
B. SSID, WEP, Kerberos
C. SMB, SMTP, Smart card
D. Kerberos, Smart card, Stanford SRP
Explanation: Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer.
Q195. Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?
A. A hidden form field value.
B. A hidden price value.
C. An integer variable.
D. A page cannot be changed locally, as it is served by a web server.
Q196. John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?
Explanation: Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations world-wide. Nmap is mostly used for scanning, not for detecting vulnerabilities. Hping is a free packet generator and analyzer for the TCP/IP protocol and make is used to automatically build large applications on the *nix plattform.
Exact 312-50 :
Q197. Bob is conducting a password assessment for one of his clients. Bob suspects that password policies are not in place and weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weakness and key loggers. What are the means that Bob can use to get password from his client hosts and servers?
A. Hardware, Software and Sniffing
B. Hardware and Software Keyloggers
C. Software only, they are the most effective
D. Passwords are always best obtained using Hardware key loggers
Explanation: All loggers will work as long as he has physical access to the computers.
Topic 8, Denial of Service
275. The evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is attempting to perform?
A. Syn flood
C. Ping of death
Q198. What does the this symbol mean?
A. Open Access Point
B. WPA Encrypted Access Point
C. WEP Encrypted Access Point
D. Closed Access Point
Explanation: This symbol is a “warchalking” symbol for a open node (open circle) with the SSID tsunami and the bandwidth 2.0 Mb/s
Q199. Jim’s Organization just completed a major Linux roll out and now all of the organization’s systems are running Linux 2.5 Kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ, which built-in functionality of Linux can achieve this?
A. IP ICMP
B. IP Sniffer
C. IP tables
D. IP Chains
Explanation: iptables is the name of the user space tool by which administrators create rules for the packet filtering and NAT modules. While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself. iptables is a standard part of all modern Linux distributions.
Q200. Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?
A. Henry is executing commands or viewing data outside the intended target path
B. Henry is using a denial of service attack which is a valid threat used by an attacker
C. Henry is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege
D. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands
Explanation: Henry’s intention is to perform a DoS attack against his target, possibly a DDoS attack. He uses systems other than his own to perform the attack in order to cover the tracks back to him and to get more “punch” in the DoS attack if he uses multiple systems.