★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/312-50-dumps.html
It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Rebirth Ethical Hacking and Countermeasures (CEHv6) practice guides.
2021 Mar 312-50 exam fees
Q431. Which FTP transfer mode is required for FTP bounce attack?
A. Active Mode
B. Passive Mode
C. User Mode
D. Anonymous Mode
Answer: B
Explanation: FTP bounce attack needs the server the support passive connections and the client program needs to use PORT command instead of the PASV command.
Q432. An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire?
A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234
B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234
C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password
D. Use cryptcat instead of netcat
Answer: D
Explanation: Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption.
Q433. Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?
A. RSA, LSA, POP
B. SSID, WEP, Kerberos
C. SMB, SMTP, Smart card
D. Kerberos, Smart card, Stanford SRP
Answer: D
Explanation: Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer.
Q434. Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency’s network. The firm first sets up a sniffer on the agency’s wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency’s wireless network to capture the same amount of traffic. This capture only takes about 30 minutes to get 10 GB of data.
Why did capturing of traffic take much less time on the wireless network?
A. Because wireless access points act like hubs on a network
B. Because all traffic is clear text, even when encrypted
C. Because wireless traffic uses only UDP which is easier to sniff
D. Because wireless networks can’t enable encryption
Answer: A
Explanation: You can not have directed radio transfers over a WLAN. Every packet will be broadcasted as far as possible with no concerns about who might hear it.
Q435. Study the snort rule given below and interpret the rule.
alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msg: "mountd access";)
A. An alert is generated when a TCP packet is originated from port 111 of any IP address to the
192.168.1.0 subnet
B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet
C. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111
D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111
Answer: D
Explanation: Refer to the online documentation on creating Snort rules at http://snort.org/docs/snort_htmanuals/htmanual_261/node147.html
Leading 312-50 exam prep:
Q436. Which of the following Nmap commands would be used to perform a stack fingerprinting?
A. Nmap -O -p80 <host(s.>
B. Nmap -hU -Q<host(s.>
C. Nmap -sT -p <host(s.>
D. Nmap -u -o -w2 <host>
E. Nmap -sS -0p target
Answer: A
Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file. to decide what type of system you are scanning.
Q437. You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open.
Which one of the following statements is probably true?
A. The systems have all ports open.
B. The systems are running a host based IDS.
C. The systems are web servers.
D. The systems are running Windows.
Answer: D
Explanation: The null scan turns off all flags, creating a lack of TCP flags that should never occur in the real world. If the port is closed, a RST frame should be returned and a null scan to an open port results in no response. Unfortunately Microsoft (like usual) decided to completely ignore the standard and do things their own way. Thus this scan type will not work against systems running Windows as they choose not to response at all. This is a good way to distinguish that the system being scanned is running Microsoft Windows.
Q438. What are the main drawbacks for anti-virus software?
A. AV software is difficult to keep up to the current revisions.
B. AV software can detect viruses but can take no action.
C. AV software is signature driven so new exploits are not detected.
D. It’s relatively easy for an attacker to change the anatomy of an attack to bypass AV systems
E. AV software isn’t available on all major operating systems platforms.
F. AV software is very machine (hardware) dependent.
Answer: C
Explanation: Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses.
Q439. Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
A. Covert keylogger
B. Stealth keylogger
C. Software keylogger
D. Hardware keylogger
Answer: D
Explanation: As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products.
Q440. MX record priority increases as the number increases.(True/False.
A. True
B. False
Answer: B
Explanation: The highest priority MX record has the lowest number.