Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Ucertify 312-50 exam study guides now. We will not let you down with our money-back guarantee.

Q151. What type of session hijacking attack is shown in the exhibit? 

A. Session Sniffing Attack 

B. Cross-site scripting Attack 

C. SQL Injection Attack 

D. Token sniffing Attack 

Answer: A

Q152. Which of the following is one of the key features found in a worm but not seen in a virus? 

A. The payload is very small, usually below 800 bytes. 

B. It is self replicating without need for user intervention. 

C. It does not have the ability to propagate on its own. 

D. All of them cannot be detected by virus scanners. 


Explanation: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. 

Q153. What is SYSKEY # of bits used for encryption? 

A. 40 

B. 64 

C. 128 

D. 256 

Answer: C

Explanation: System Key hotfix is an optional feature which allows stronger encryption of SAM. Strong encryption protects private account information by encrypting the password data using a 128-bit cryptographically random key, known as a password encryption key. 

Q154. Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city's computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill's primary responsibility is to keep PC's and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network. 

Hampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill's boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill's boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company's building. 

How was Bill able to get Internet access without using an agency laptop? 

A. Bill spoofed the MAC address of Dell laptop 

B. Bill connected to a Rogue access point 

C. Toshiba and Dell laptops share the same hardware address 

D. Bill brute forced the Mac address ACLs 

Answer: B

Q155. You are doing IP spoofing while you scan your target. You find that the target has port 23 open.Anyway you are unable to connect. Why? 

A. A firewall is blocking port 23 

B. You cannot spoof + TCP 

C. You need an automated telnet tool 

D. The OS does not reply to telnet even if port 23 is open 

Answer: A

Explanation: The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of three states – “open”, “closed”, or “filtered” a port can be in an “open” state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for bsd). C and D to make any sense for this question, their bogus, and B, “You cannot spoof + TCP”, well you can spoof + TCP, so we strike that out. 

Q156. Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this? 

A. Jayden can use the command: ip binding set. 

B. Jayden can use the command: no ip spoofing. 

C. She should use the command: no dhcp spoofing. 

D. She can use the command: ip dhcp snooping binding. 

Answer: D

Q157. Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? 

A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. 

B. He can send an IP packet with the SYN bit and the source address of his computer. 

C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. 

D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine. 

Answer: D

Q158. Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well-known signatures for network traffic to identify potentially malicious traffic. The anomaly detection approach utilizes a previous history of network traffic to search for patterns that are abnormal, which would indicate an intrusion. How can an attacker disguise his buffer overflow attack signature such that there is a greater probability of his attack going undetected by the IDS? 

A. He can use a shellcode that will perform a reverse telnet back to his machine 

B. He can use a dynamic return address to overwrite the correct value in the target machine computer memory 

C. He can chain NOOP instructions into a NOOP "sled" that advances the processor's instruction pointer to a random place of choice 

D. He can use polymorphic shell code-with a tool such as ADMmutate - to change the signature of his exploit as seen by a network IDS 

Answer: D

Explanation: ADMmutate is using a polymorphic technique designed to circumvent certain forms of signature based intrusion detection. All network based remote buffer overflow exploits have similarities in how they function. ADMmutate has the ability to emulate the protocol of the service the attacker is attempting to exploit. The data payload (sometimes referred to as an egg) contains the instructions the attacker wants to execute on the target machine. These eggs are generally interchangeable and can be utilized in many different buffer overflow exploits. ADMmutate uses several techniques to randomize the contents of the egg in any given buffer overflow exploit. This randomization effectively changes the content or 'signature' of the exploit without changing the functionality of the exploit. 

Q159. Network Intrusion Detection systems can monitor traffic in real time on networks. 

Which one of the following techniques can be very effective at avoiding proper detection? 

A. Fragmentation of packets. 

B. Use of only TCP based protocols. 

C. Use of only UDP based protocols. 

D. Use of fragmented ICMP traffic only. 

Answer: A

Explanation: If the default fragmentation reassembly timeout is set to higher on the client than on the IDS then the it is possible to send an attack in fragments that will never be reassembled in the IDS but they will be reassembled and read on the client computer acting victim. 

Q160. Your company trainee Sandra asks you which are the four existing Regional Internet Registry (RIR's)? 





Answer: B

Explanation: All other answers include non existing organizations (PICNIC, NANIC, LATNIC). See