we provide Certified EC-Council 312-50 test questions which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!

Q141. ou wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization. 

While some of the methods listed below work, which holds the least risk of detection? 

A. Make some phone calls and attempt to retrieve the information using social engineering. 

B. Use nmap in paranoid mode and scan the web server. 

C. Telnet to the web server and issue commands to illicit a response. 

D. Use the netcraft web site look for the target organization’s web site. 

Answer: D

Explanation: Netcraft is providing research data and analysis on many aspects of the Internet. Netcraft has explored the Internet since 1995 and is a respected authority on the market share of web servers, operating systems, hosting providers, ISPs, encrypted transactions, electronic commerce, scripting languages and content technologies on the internet. 

Q142. What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim? 

A. Fraggle Attack 

B. Man in the Middle Attack 

C. Trojan Horse Attack 

D. Smurf Attack 

E. Back Orifice Attack 

Answer: D

Explanation: Trojan and Back orifice are Trojan horse attacks. Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP's capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address. 

Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf". 

Q143. Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges? 

A. Give users tokens 

B. Give user the least amount of privileges 

C. Give users two passwords 

D. Give users a strong policy document 


Explanation: With less privileges it is harder to increase the privileges. 

Q144. _____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another. 

A. Canonicalization 

B. Character Mapping 

C. Character Encoding 

D. UCS transformation formats 

Answer: A

Explanation: Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a "standard" canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order. 

Q145. Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access. 

Identify the correct statement related to the above Web Server installation? 

A. Lack of proper security policy, procedures and maintenance 

B. Bugs in server software, OS and web applications 

C. Installing the server with default settings 

D. Unpatched security flaws in the server software, OS and applications 

Answer: C

Q146. What sequence of packets is sent during the initial TCP three-way handshake? 





Answer: D

Explanation: This is referred to as a "three way handshake." The "SYN" flags are requests by the TCP stack at one end of a socket to synchronize themselves to the sequence numbering for this new sessions. The ACK flags acknowlege earlier packets in this session. Obviously only the initial packet has no ACK flag, since there are no previous packets to acknowlege. Only the second packet (the first response from a server to a client) has both the SYN and the ACK bits set. 

Q147. Name two software tools used for OS guessing.(Choose two. 

A. Nmap 

B. Snadboy 

C. Queso 

D. UserInfo 

E. NetBus 

Answer: AC

Explanation: Nmap and Queso are the two best-known OS guessing programs. OS guessing software has the ability to look at peculiarities in the way that each vendor implements the RFC's. These differences are compared with its database of known OS fingerprints. Then a best guess of the OS is provided to the user. 

Q148. Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys 

Which step would you perform to detect this type of Trojan? 

A. Scan for suspicious startup programs using msconfig 

B. Scan for suspicious network activities using Wireshark 

C. Scan for suspicious device drivers in c:\\windows\\system32\\drivers 

D. Scan for suspicious open ports using netstat 

Answer: C

Q149. Bob is a Junior Administrator at ABC.com is searching the port number of POP3 in a file. The partial output of the file is look like: 

In which file he is searching? 

A. services 

B. protocols 

C. hosts 

D. resolve.conf 

Answer: A

Explanation: The port numbers on which certain standard services are offered are defined in the RFC 1700 Assigned Numbers. The /etc/services file enables server and client programs to convert service names to these numbers -ports. The list is kept on each host and it is stored in the file /etc/services. 

Q150. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? 

A. Network aliasing 

B. Domain Name Server (DNS) poisoning 

C. Reverse Address Resolution Protocol (ARP) 

D. Port scanning 

Answer: B

This reference is close to the one listed DNS poisoning is the correct answer. 

This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning.