Tips to Pass 312-50 Exam (401 to 410)

we provide Download EC-Council 312-50 study guide which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!


Free VCE & PDF File for EC-Council 312-50 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:

Q401. Which of the following commands runs snort in packet logger mode? 

A. ./snort -dev -h ./log 

B. ./snort -dev -l ./log 

C. ./snort -dev -o ./log 

D. ./snort -dev -p ./log 

Answer: B

Explanation: Note: If you want to store the packages in binary mode for later analysis use ./snort -l ./log -b 

Q402. Exhibit 

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session. 

What does the first and second column mean? Select two. 

A. The first column reports the sequence number 

B. The second column reports the difference between the current and last sequence number 

C. The second column reports the next sequence number 

D. The first column reports the difference between current and last sequence number 

Answer: AB

Q403. You receive an e-mail with the following text message. 

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible." 

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service". 

What category of virus is this? 

A. Virus hoax 

B. Spooky Virus 

C. Stealth Virus 

D. Polymorphic Virus 

Answer: A

Q404. Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder’s IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his network hackers on the Internet. 

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall use. 

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder’s attempts. 

Samuel wants to completely block hackers brute force attempts on his network. 

What are the alternatives to defending against possible brute-force password attacks on his site? 

A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users 

B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually 

C. Enforce complex password policy on your network so that passwords are more difficult to brute force 

D. You can’t completely block the intruders attempt if they constantly switch proxies 

Answer: D

Explanation: Without knowing from where the next attack will come there is no way of proactively block the attack. This is becoming a increasing problem with the growth of large bot nets using ordinary workstations and home computers in large numbers. 

Q405. You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as? 

A. Footprinting 

B. Firewalking 

C. Enumeration 

D. Idle scanning 

Answer: B

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 

Q406. You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by: 

A. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers 

B. Examining the SMTP header information generated by using the –mx command parameter of DIG 

C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address 

D. Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers 

Answer: C

Q407. What is the disadvantage of an automated vulnerability assessment tool? 

A. Ineffective 

B. Slow C. Prone to false positives 

D. Prone to false negatives 

E. Noisy 


Explanation: Vulnerability assessment tools perform a good analysis of system vulnerabilities; however, they are noisy and will quickly trip IDS systems. 

Q408. Nathalie would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. Which of the following type of scans would be the most accurate and reliable? 

A. A FIN Scan 

B. A Half Scan 

C. A UDP Scan 

D. The TCP Connect Scan 

Answer: D

Explanation: The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. This is the fastest scanning method supported by nmap, and is available with the -t (TCP) option. The big downside is that this sort of scan is easily detectable and filterable. 

Q409. Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company's firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. 

Why will this not be possible? 

A. Firewalls cannot inspect traffic coming through port 443 

B. Firewalls can only inspect outbound traffic 

C. Firewalls cannot inspect traffic at all, they can only block or allow certain ports 

D. Firewalls cannot inspect traffic coming through port 80 

Answer: C


Drag the term to match with it’s description