Up to date EC-Council 312-50 – An Overview 101 to 110

Your success in EC-Council 312-50 is our sole target and we develop all our 312-50 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50 study material the best you can find, it is also the most detailed and the most updated. 312-50 Practice Exams for EC-Council 312-50 are written to the highest standards of technical accuracy.


Free VCE & PDF File for EC-Council 312-50 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:

Q101. Leonard is a systems administrator who has been tasked by his supervisor to slow down or lessen the amount of SPAM their company receives on a regular basis. SPAM being sent to company email addresses has become a large problem within the last year for them. Leonard starts by adding SPAM prevention software at the perimeter of the network. He then builds a black list, white list, turns on MX callbacks, and uses heuristics to stop the incoming SPAM. While these techniques help some, they do not prevent much of the SPAM from coming in. Leonard decides to use a technique where his mail server responds very slowly to outside connected mail servers by using multi-line SMTP responses. By responding slowly to SMTP connections, he hopes that SPAMMERS will see this and move on to easier and faster targets. 

What technique is Leonard trying to employ here to stop SPAM? 

A. To stop SPAM, Leonard is using the technique called Bayesian Content Filtering 

B. Leonard is trying to use the Transparent SMTP Proxy technique to stop incoming SPAM 

C. This technique that Leonard is trying is referred to as using a Sender Policy Framework to aid in SPAM prevention 

D. He is using the technique called teergrubing to delay SMTP responses and hopefully stop SPAM 

Answer: D

Explanation: Teergrubing FAQ 

What does a UBE sender really need? What does he sell? 

A certain amount of sent E-Mails per minute. This product is called Unsolicited Bulk E-Mail. 

How can anyone hit an UBE sender? 

By destroying his working tools. 


E-Mail is sent using SMTP. For this purpose a TCP/IP connection to the MX host of the recipient is established. Usually a computer is able to hold about 65500 TCP/IP connections from/to a certain port. But in most cases it's a lot less due to limited resources. 

If it is possible to hold a mail connection open (i.e. several hours), the productivity of the UBE sending equipment is dramatically reduced. SMTP offers continuation lines to hold a connection open without running into timeouts. 

A teergrube is a modified MTA (mail transport agent) able to do this to specified senders. 

Incorrect answer: 

Sender Policy Framework (SPF) deals with allowing an organization to publish “Authorized” SMTP servers for their organization through DNS records. 

Q102. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived. 

A. Factorization 

B. Prime Detection 

C. Hashing 

D. Brute-forcing 

Answer: A

Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge 

Q103. John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool? 

A. hping2 

B. nessus 

C. nmap 

D. make 

Answer: B

Q104. Sandra is conducting a penetration test for ABC.com. She knows that ABC.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP. 

What do you think is the reason behind this? 

A. Netstumbler does not work against 802.11g. 

B. You can only pick up 802.11g signals with 802.11a wireless cards. 

C. The access points probably have WEP enabled so they cannot be detected. 

D. The access points probably have disabled broadcasting of the SSID so they cannot be detected. 

E. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal. 

F. Sandra must be doing something wrong, as there is no reason for her to not see the signals. 

Answer: D

Explanation: Netstumbler can not detect networks that do not respond to broadcast requests. 

Q105. What is the goal of a Denial of Service Attack? 

A. Capture files from a remote computer. 

B. Render a network or computer incapable of providing normal service. 

C. Exploit a weakness in the TCP stack. 

D. Execute service at PS 1009. 

Answer: B

Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB). 

Q106. After studying the following log entries, how many user IDs can you identify that the attacker has tampered with? 

1. mkdir -p /etc/X11/applnk/Internet/.etc 

2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd 

3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd 

4. touch -acmr /etc /etc/X11/applnk/Internet/.etc 

5. passwd nobody -d 

6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash 

7. passwd dns -d 

8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd 

9. touch -acmr /etc/X11/applnk/Internet/.etc /etc 


B. acmr, dns 

C. nobody, dns 

D. nobody, IUSR_ 

Answer: C

Explanation: Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns. 

Q107. Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless router’s management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop. 

What is Paul seeing here? 

A. MAC Spoofing 

B. Macof 

C. ARP Spoofing 

D. DNS Spoofing 

Answer: A

Explanation: You can fool MAC filtering by spoofing your MAC address and pretending to have some other computers MAC address. 

Topic 16, Virus and Worms 

423. Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware? 

A. System integrity verification tools 

B. Anti-Virus Software 

C. A properly configured gateway 

D. There is no way of finding out until a new updated signature file is released 

Answer: A

Explanation: Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. 

Q108. _____ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer 

A. Steganography 

B. Merge Streams 

C. NetBIOS vulnerability 

D. Alternate Data Streams 


Explanation: ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream. 

Q109. Which of the following is NOT a valid NetWare access level? 

A. Not Logged in 

B. Logged in 

C. Console Access 

D. Administrator 


Explanation: Administrator is an account not a access level. 

Q110. In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this? 

A. Rouge access point attack 

B. Unauthorized access point attack 

C. War Chalking 

D. WEP attack 

Answer: A

Explanation: The definition of a Rogue access point is:1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world.2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an "evil twin," the rogue AP picks up beacons (signals that advertise its presence) from the company's legitimate AP and transmits identical beacons, which some client machines inside the building associate with.