Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Renewal EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/312-50-exam-dumps.html

2021 Apr 312-50 free practice test

Q191. Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of company, he went through a few scanners that are currently available. Here are the scanners that he uses: 

-Axent’s NetRecon (http://www.axent.com) 

-SARA, by Advanced Research Organization (http://www-arc.com/sara) 

-VLAD the Scanner, by Razor (http://razor.bindview.com/tools/) 

However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob. 

What would be the best method to accurately identify the services running on a victim host? 

A. Using Cheops-ng to identify the devices of company. 

B. Using the manual method of telnet to each of the open ports of company. 

C. Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for company. 

D. Using the default port and OS to make a best guess of what services are running on each port for company. 

Answer: B

Explanation: By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port. 


Q192. Which of the following Nmap commands would be used to perform a stack fingerprinting? 

A. Nmap -O -p80 <host(s.> 

B. Nmap -hU -Q<host(s.> 

C. Nmap -sT -p <host(s.> 

D. Nmap -u -o -w2 <host> 

E. Nmap -sS -0p target 

Answer: A

Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file. to decide what type of system you are scanning. 


Q193. Which of the following keyloggers can’t be detected by anti-virus or anti-spyware products? 

A. Hardware keylogger 

B. Software Keylogger 

C. Stealth Keylogger 

D. Convert Keylogger 

Answer: A

Explanation: A hardware keylogger will never interact with the operating system and therefore it will never be detected by any security programs running in the operating system. 


Q194. What is the following command used for? 

net use targetipc$ "" /u:"" 

A. Grabbing the etc/passwd file 

B. Grabbing the SAM 

C. Connecting to a Linux computer through Samba. 

D. This command is used to connect as a null session 

E. Enumeration of Cisco routers 

Answer:

Explanation: The null session is one of the most debilitating vulnerabilities faced by Windows. 

Null sessions can be established through port 135, 139, and 445. 


Q195. You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion? 

A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account 

B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer 

C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques 

D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account 

Answer: C


Updated 312-50 practice exam:

Q196. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived. 

A. Factorization 

B. Prime Detection 

C. Hashing 

D. Brute-forcing 

Answer: A

Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge 


Q197. Mark works as a contractor for the Department of Defense and is in charge of network security. He has spent the last month securing access to his network from all possible entry points. He has segmented his network into several subnets and has installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Mark is fairly confident of his perimeter defense, but is still worried about programs like Hping2 that can get into a network through convert channels. 

How should mark protect his network from an attacker using Hping2 to scan his internal network? 

A. Blocking ICMP type 13 messages 

B. Block All Incoming traffic on port 53 

C. Block All outgoing traffic on port 53 

D. Use stateful inspection on the firewalls 

Answer: A

Explanation: An ICMP type 13 message is an ICMP timestamp request and waits for an ICMP timestamp reply. The remote node is right to do, still it would not be necessary as it is optional and thus many ip stacks ignore such packets. Nevertheless, nmap again achived to make its packets unique by setting the originating timestamp field in the packet to 0. 


Q198. On wireless networks, a SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless network? 

A. The SSID is only 32 bits in length 

B. The SSID is transmitted in clear text 

C. The SSID is to identify a station not a network 

D. The SSID is the same as the MAC address for all vendors 

Answer: B

Explanation: The use of SSIDs is a fairly weak form of security, because most access points broadcast the SSID, in clear text, multiple times per second within the body of each beacon frame. A hacker can easily use an 802.11 analysis tool (e.g., AirMagnet, Netstumbler, or AiroPeek) to identify the SSID. 


Q199. Attackers target HINFO record types stored on a DNS server to enumerate information. These are information records and potential source for reconnaissance. A network administrator has the option of entering host information specifically the CPU type and operating system when creating a new DNS record. An attacker can extract this type of information easily from a DNS server. 

Which of the following commands extracts the HINFO record? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: A


Q200. Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company's firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. 

Why will this not be possible? 

A. Firewalls cannot inspect traffic coming through port 443 

B. Firewalls can only inspect outbound traffic 

C. Firewalls cannot inspect traffic at all, they can only block or allow certain ports 

D. Firewalls cannot inspect traffic coming through port 80 

Answer: C