Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.
♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for EC-Council 312-50 Real Exam
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
2017 Apr 312-50 Study Guide Questions:
Q181. What does a type 3 code 13 represent?(Choose two.
A. Echo request
B. Destination unreachable
C. Network unreachable
D. Administratively prohibited
E. Port unreachable
F. Time exceeded
Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port.
Q182. Darren is the network administrator for Greyson & Associates, a large law firm in Houston. Darren is responsible for all network functions as well as any digital forensics work that is needed. Darren is examining the firewall logs one morning and notices some unusual activity. He traces the activity target to one of the firm's internal file servers and finds that many documents on that server were destroyed. After performing some calculations, Darren finds the damage to be around $75,000 worth of lost data. Darren decides that this incident should be handled and resolved within the same day of its discovery.
What incident level would this situation be classified as?
A. This situation would be classified as a mid-level incident
B. Since there was over $50,000 worth of loss, this would be considered a high-level incident
C. Because Darren has determined that this issue needs to be addressed in the same day it was discovered, this would be considered a low-level incident
D. This specific incident would be labeled as an immediate-level incident
Q183. What is a sniffing performed on a switched network called?
A. Spoofed sniffing
B. Passive sniffing
C. Direct sniffing
D. Active sniffing
Most recent 312-50 exam topics:
Q184. How does a denial-of-service attack work?
A. A hacker tries to decipher a password by using a system, which subsequently crashes the network
B. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
C. A hacker prevents a legitimate user (or group of users) from accessing a service
D. A hacker uses every character, word, or letter he or she can think of to defeat authentication
Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).
Q185. Attacking well-known system defaults is one of the most common hacker attacks. Most software is shipped with a default configuration that makes it easy to install and setup the application. You should change the default settings to secure the system.
Which of the following is NOT an example of default installation?
A. Many systems come with default user accounts with well-known passwords that administrators forget to change
B. Often, the default location of installation files can be exploited which allows a hacker to retrieve a file from the system
C. Many software packages come with "samples" that can be exploited, such as the sample programs on IIS web services
D. Enabling firewall and anti-virus software on the local system
Q186. Marshall is the information security manager for his company. Marshall was just hired on two months ago after the last information security manager retired. Since the last manager did not implement or even write IT policies, Marshall has begun writing IT security policies to cover every conceivable aspect. Marshall's supervisor has informed him that while most employees will be under one set of policies, ten other employees will be under another since they work on computers in publicly-accessible areas. Per his supervisor, Marshall has written two sets of policies. For the users working on publicly-accessible computers, their policies state that everything is forbidden. They are not allowed to browse the Internet or even use email. The only thing they can use is their work related applications like Word and Excel.
What types of policies has Marshall written for the users working on computers in the publicly-accessible areas?
A. He has implemented Permissive policies for the users working on public computers
B. These types of policies would be considered Promiscuous policies
C. He has written Paranoid policies for these users in public areas
D. Marshall has created Prudent policies for the computer users in publicly-accessible areas
Explanation: It says that everything is forbidden, this means that there is a Paranoid Policy implemented
Vivid 312-50 training materials:
Q187. Which of the following are well know password-cracking programs?(Choose all that apply.
C. Jack the Ripper
E. John the Ripper
Explanation: L0phtcrack and John the Ripper are two well know password-cracking programs. Netcat is considered the Swiss-army knife of hacking tools, but is not used for password cracking
Q188. A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department.
What kind of penetration test would you recommend that would best address the client’s concern?
A. A Black Box test
B. A Black Hat test
C. A Grey Box test
D. A Grey Hat test
E. A White Box test
F. A White Hat test
Q189. Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?
A. SYN scan
B. ACK scan
C. RST scan
D. Connect scan
E. FIN scan
Explanation: The TCP full connect (-sT) scan is the most reliable.
Q190. Identify SQL injection attack from the HTTP requests shown below:
C. http://www.myserver.com/search.asp?lname=smith%27%3bupdate%20usertable%20set%20pass wd%3d%27hAx0r%27%3b–%00
D. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%2fwww.yourser ver.c0m%2fbadscript.js%22% 3e%3c%2fscript%3e
Explantion: The correct answer contains the code to alter the usertable in order to change the password for user smith to hAx0r