What Improve 312-50 Is?

Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/312-50-exam-dumps.html

Q431. A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database? 

A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database 

B. An attacker submits user input that executes an operating system command to compromise a target system 

C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access 

D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database 

Answer: A

Explanation: Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack. 

Q432. Sandra is conducting a penetration test for ABC.com. She knows that ABC.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP. 

What do you think is the reason behind this? 

A. Netstumbler does not work against 802.11g. 

B. You can only pick up 802.11g signals with 802.11a wireless cards. 

C. The access points probably have WEP enabled so they cannot be detected. 

D. The access points probably have disabled broadcasting of the SSID so they cannot be detected. 

E. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal. 

F. Sandra must be doing something wrong, as there is no reason for her to not see the signals. 

Answer: D

Explanation: Netstumbler can not detect networks that do not respond to broadcast requests. 

Q433. Exhibit 

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session. 

What does the first and second column mean? Select two. 

A. The first column reports the sequence number 

B. The second column reports the difference between the current and last sequence number 

C. The second column reports the next sequence number 

D. The first column reports the difference between current and last sequence number 

Answer: AB

Q434. Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response? 

A. These ports are open because they do not illicit a response. 

B. He can tell that these ports are in stealth mode. 

C. If a port does not respond to an XMAS scan using NMAP, that port is closed. 

D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan. 

Answer: A

Q435. In which of the following should be performed first in any penetration test? 

A. System identification 

B. Intrusion Detection System testing 

C. Passive information gathering 

D. Firewall testing 

Answer: C

Q436. Which is the right sequence of packets sent during the initial TCP three way handshake? 

A. FIN, FIN-ACK, ACK 

B. SYN, URG, ACK 

C. SYN, ACK, SYN-ACK 

D. SYN, SYN-ACK, ACK 

Answer: D

Explanation: A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived. 

Q437. Reflective DDoS attacks do not send traffic directly at the targeted host. Instead, they usually spoof the originating IP addresses and send the requests at the reflectors. These reflectors (usually routers or high-powered servers with a large amount of network resources at their disposal) then reply to the spoofed targeted traffic by sending loads and loads of data to the final target. 

How would you detect these reflectors on your network? 

A. Run floodnet tool to detect these reflectors 

B. Look for the banner text by running Zobbie Zappers tools 

C. Run Vulnerability scanner on your network to detect these reflectors 

D. Scan the network using Nmap for the services used by these reflectors 

Answer: A

Explanation: http://www.exterminate-it.com/malpedia/remove-floodnet 

Q438. Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program. However, he is aware that not all inbound ports on the firewall are in the open state. 

From the list given below, identify the port that is most likely to be open and allowed to reach the server that Carl has just compromised. 

A. 53 

B. 110 

C. 25 

D. 69 

Answer: A

Explanation: Port 53 is used by DNS and is almost always open, the problem is often that the port is opened for the hole world and not only for outside DNS servers. 

Q439. Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP? 

Select the best answer. 

A. Stands for Wireless Encryption Protocol 

B. It makes a WLAN as secure as a LAN 

C. Stands for Wired Equivalent Privacy 

D. It offers end to end security 

Answer: C 

Explanations: 

WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired, this makes access much easier. Also, WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network. 

Q440. Which definition among those given below best describes a covert channel? 

A. A server program using a port that is not well known. 

B. Making use of a protocol in a way it is not intended to be used. 

C. It is the multiplexing taking place on a communication link. 

D. It is one of the weak channels used by WEP which makes it insecure. 

Answer: B 

Explanation: A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." 

Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.