How Does Examcollection EC-Council 312-50 free practice questions Work?

Master the 312-50 Ethical Hacking and Countermeasures (CEHv6) content and be ready for exam day success quickly with this Exambible 312-50 practice test. We guarantee it!We make it a reality and give you real 312-50 questions in our EC-Council 312-50 braindumps.Latest 100% VALID EC-Council 312-50 Exam Questions Dumps at below page. You can use our EC-Council 312-50 braindumps and pass your exam.


Free VCE & PDF File for EC-Council 312-50 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:

Q71. Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(?s? str). What attack will his program expose the web application to? 

A. Cross Site Scripting 

B. SQL injection Attack 

C. Format String Attack 

D. Unicode Traversal Attack 

Answer: C

Explanation: Format string attacks are a new class of software vulnerability discovered around 1999, previously thought harmless. Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write back the number of bytes formatted to the same argument to printf(), assuming that the corresponding argument exists, and is of type int * . 

Q72. Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet. 

How can you protect/fix the problem of your application as shown above? 

A. Because the counter starts with 0, we would stop when the counter is less than 200 

B. Because the counter starts with 0, we would stop when the counter is more than 200 

C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it can’t hold any more data 

D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it can’t hold any more data 

Answer: AC

Explanation: I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200. 

Q73. eter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? 

Select the best answers. 

A. SNMPUtil 

B. SNScan 

C. SNMPScan 

D. Solarwinds IP Network Browser 

E. NMap 

Answer: ABD


SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree-view of the remote machine's SNMP data. 

Q74. What is the proper response for a NULL scan if the port is closed? 






F. No response 


Explanation: Closed ports respond to a NULL scan with a reset. 

Q75. What ICMP message types are used by the ping command? 

A. Timestamp request (13) and timestamp reply (14) 

B. Echo request (8) and Echo reply (0) 

C. Echo request (0) and Echo reply (1) 

D. Ping request (1) and Ping reply (2) 

Answer: B

Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo 

Q76. Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference? 

A. Eric network has been penetrated by a firewall breach 

B. The attacker is using the ICMP protocol to have a covert channel 

C. Eric has a Wingate package providing FTP redirection on his network 

D. Somebody is using SOCKS on the network to communicate through the firewall 

Answer: D

Explanation: Port Description: SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \\bounce\\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port — good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only domain hosts. 

Q77. What do you conclude from the nmap results below? 

Staring nmap V. 3.10ALPHA0 ( 

(The 1592 ports scanned but not shown below are in state: closed) 

PortStateService 21/tcpopenftp 25/tcpopensmtp 80/tcpopenhttp 443/tcpopenhttps 

Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed – 1 IP address (1 host up) scanned in 91.66 seconds 

A. The system is a Windows Domain Controller. 

B. The system is not firewalled. 

C. The system is not running Linux or Solaris. 

D. The system is not properly patched. 


Explanation: There is no reports of any ports being filtered. 

Q78. Exhibit: * Missing* 

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet? 

A. Port 1890 (Net-Devil Trojan) 

B. Port 1786 (Net-Devil Trojan) 

C. Port 1909 (Net-Devil Trojan) 

D. Port 6667 (Net-Devil Trojan) 

Answer: D

Explanation: From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's. 

Q79. Why would an ethical hacker use the technique of firewalking? 

A. It is a technique used to discover wireless network on foot. 

B. It is a technique used to map routers on a network link. 

C. It is a technique used to discover the nature of rules configured on a gateway. 

D. It is a technique used to discover interfaces in promiscuous mode. 

Answer: C

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 

Q80. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? 

A. All are hacking tools developed by the legion of doom 

B. All are tools that can be used not only by hackers, but also security personnel 

C. All are DDOS tools 

D. All are tools that are only effective against Windows 

E. All are tools that are only effective against Linux 


Explanation: All are DDOS tools.