★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/312-50-dumps.html
We get pleasure from the highest standing for a very long time in that all of us offer the most up-to-date and correct EC-Council EC-Council 312-50 exam questions and answers. It is possible to easily get through the EC-Council 312-50 real test with our precise as well as logical EC-Council 312-50 practice questions. Trust in our EC-Council items and pass the particular EC-Council exam with ease. You will get 100% good results assurance on your initial try in case you preview and evaluate our EC-Council 312-50 review materials.
2021 Dec ethical hacking and countermeasures exam 312-50:
Q291. Leonard is a systems administrator who has been tasked by his supervisor to slow down or lessen the amount of SPAM their company receives on a regular basis. SPAM being sent to company email addresses has become a large problem within the last year for them. Leonard starts by adding SPAM prevention software at the perimeter of the network. He then builds a black list, white list, turns on MX callbacks, and uses heuristics to stop the incoming SPAM. While these techniques help some, they do not prevent much of the SPAM from coming in. Leonard decides to use a technique where his mail server responds very slowly to outside connected mail servers by using multi-line SMTP responses. By responding slowly to SMTP connections, he hopes that SPAMMERS will see this and move on to easier and faster targets.
What technique is Leonard trying to employ here to stop SPAM?
A. To stop SPAM, Leonard is using the technique called Bayesian Content Filtering
B. Leonard is trying to use the Transparent SMTP Proxy technique to stop incoming SPAM
C. This technique that Leonard is trying is referred to as using a Sender Policy Framework to aid in SPAM prevention
D. He is using the technique called teergrubing to delay SMTP responses and hopefully stop SPAM
Answer: D
Explanation: Teergrubing FAQ
What does a UBE sender really need? What does he sell?
A certain amount of sent E-Mails per minute. This product is called Unsolicited Bulk E-Mail.
How can anyone hit an UBE sender?
By destroying his working tools.
What?
E-Mail is sent using SMTP. For this purpose a TCP/IP connection to the MX host of the recipient is established. Usually a computer is able to hold about 65500 TCP/IP connections from/to a certain port. But in most cases it's a lot less due to limited resources.
If it is possible to hold a mail connection open (i.e. several hours), the productivity of the UBE sending equipment is dramatically reduced. SMTP offers continuation lines to hold a connection open without running into timeouts.
A teergrube is a modified MTA (mail transport agent) able to do this to specified senders.
Incorrect answer:
Sender Policy Framework (SPF) deals with allowing an organization to publish “Authorized” SMTP servers for their organization through DNS records.
Q292. Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses?
A. Only Windows systems will reply to this scan.
B. A switched network will not respond to packets sent to the broadcast address.
C. Only Linux and Unix-like (Non-Windows) systems will reply to this scan.
D. Only servers will reply to this scan.
Answer: C
Q293. Your boss is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What would you call such an attack?
A. SQL Input attack
B. SQL Piggybacking attack
C. SQL Select attack
D. SQL Injection attack
Answer: D
Explanation: This technique is known as SQL injection attack
Q294. Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com'. The application displays server error. What is wrong with the web application?
A. The email is not valid
B. User input is not sanitized
C. The web server may be down
D. The ISP connection is not reliable
Answer: B
Explanation: All input from web browsers, such as user data from HTML forms and cookies, must be stripped of special characters and HTML tags as described in the following CERT advisories: http://www.cert.org/advisories/CA-1997-25.html http://www.cert.org/advisories/CA-2000-02.html
Q295. While reviewing the results of a scan run against a target network you come across the following:
What was used to obtain this output?
A. An SNMP Walk
B. Hping2 diagnosis
C. A Bo2K System query
D. Nmap protocol/port scan
Answer: A
Explanation: The snmpwalk command is designed to perform a sequence of chained GETNEXT requests automatically, rather than having to issue the necessary snmpgetnext requests by hand. The command takes a single OID, and will display a list of all the results which lie within the subtree rooted on this OID.
Up to the immediate present 312-50 vce:
Q296. Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage. How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?
A. Ensure all files have at least a 755 or more restrictive permissions.
B. Configure rules using ipchains.
C. Configure and enable portsentry on his server.
D. Install an intrusion detection system on her computer such as Snort.
Answer: B
Explanation: ipchains is a free software based firewall for Linux. It is a rewrite of Linux's previous IPv4 firewalling code, ipfwadm. In Linux 2.2, ipchains is required to administer the IP packet filters. ipchains was written because the older IPv4 firewall code used in Linux 2.0 did not work with IP fragments and didn't allow for specification of protocols other than TCP, UDP, and ICMP.
Q297. On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner?
A. Use "Is"
B. Use "lsof"
C. Use "echo"
D. Use "netstat"
Answer: B
Explanation: lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several UNIX flavors.
Q298. Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack?
A. Phishing
B. Denial of Service
C. Cross Site Scripting
D. Backdoor installation
Answer: C
Explanation: This is a typical Type-1 Cross Site Scripting attack. This kind of cross-site scripting hole is also referred to as a non-persistent or reflected vulnerability, and is by far the most common type. These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. If unvalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. A classic example of this is in site search engines: if one searches for a string which includes some HTML special characters, often the search string will be redisplayed on the result page to indicate what was searched for, or will at least include the search terms in the text box for easier editing. If all occurrences of the search terms are not HTML entity encoded, an XSS hole will result.
Q299. Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?
A. Timestamps
B. SMB Signing
C. File permissions
D. Sequence numbers monitoring
Answer: ABD
Q300. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?
A. Charlie can use the command: ping -l 56550 172.16.0.45 -t.
B. Charlie can try using the command: ping 56550 172.16.0.45.
C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router
D. He could use the command: ping -4 56550 172.16.0.45.
Answer: A