★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Transferring EC-Council 312-50 test is difficult. 312-50 good results is able to only end up being certain with proper training. There are many options so that you can transferring during Actualtests.The particular EC-Council 312-50 research components this Actualtests provides depend on the particular substantial research along with real-world suffers from from your on the net coaches. 312-50 research components, 312-50, together with 312-50 answers and questions nourish directly into all of our more substantial item platform.

2021 Apr 312-50 exam question

Q381. SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. 

The signature for SYN Flood attack is: 

A. The source and destination address having the same value. 

B. The source and destination port numbers having the same value. 

C. A large number of SYN packets appearing on a network without the corresponding reply packets. 

D. A large number of SYN packets appearing on a network with the corresponding reply packets. 

Answer: C

Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process" queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. 


Q382. Justine is the systems administrator for her company, an international shipping company with offices all over the world. Recent US regulations have forced the company to implement stronger and more secure means of communication. Justine and other administrators have been put in charge of securing the company's digital communication lines. After implementing email encryption, Justine now needs to implement robust digital signatures to ensure data authenticity and reliability. Justine has decided to implement digital signatures which are a variant of DSA and that operate on elliptical curve groups. These signatures are more efficient than DSA and are not vulnerable to a number field sieve attacks. 

What type of signature has Justine decided to implement? 

A. She has decided to implement ElGamal signatures since they offer more reliability than the typical DSA signatures 

B. Justine has decided to use ECDSA signatures since they are more efficient than DSA signatures 

C. Justine is now utilizing SHA-1 with RSA signatures to help ensure data reliability 

D. These types of signatures that Justine has decided to use are called RSA-PSS signatures 

Answer: B

Explanation: The Elliptic Curve Digital Signature Algorithm (ECDSA) is a variant of the Digital Signature Algorithm (DSA) which uses Elliptic curve cryptography. http://en.wikipedia.org/wiki/Elliptic_Curve_DSA 


Q383. While reviewing the results of a scan run against a target network you come across the following: 

What was used to obtain this output? 

A. An SNMP Walk 

B. Hping2 diagnosis 

C. A Bo2K System query 

D. Nmap protocol/port scan 

Answer: A

Explanation: The snmpwalk command is designed to perform a sequence of chained GETNEXT requests automatically, rather than having to issue the necessary snmpgetnext requests by hand. The command takes a single OID, and will display a list of all the results which lie within the subtree rooted on this OID. 


Q384. After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledge (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen and then opens a second connection from a forget IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP Address is used for authentication, the attacker can use the one-side communication to break into the server. 

What attacks can you successfully launch against a server using the above technique? 

A. Session Hijacking attacks 

B. Denial of Service attacks 

C. Web Page defacement attacks 

D. IP Spoofing Attacks 

Answer: A

Explanation: The term Session Hijacking refers to the exploitation of a valid computer session -sometimes also called a session key - to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. 

Topic 11, Hacking Web Servers 


Q385. Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm? 

Select the best answer. 

A. There are two external DNS Servers for Internet domains. Both are AD integrated. 

B. All external DNS is done by an ISP. 

C. Internal AD Integrated DNS servers are using private DNS names that are 

D. unregistered. 

E. Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server. 

Answer:

Explanations: 

A. There are two external DNS Servers for Internet domains. Both are AD integrated. This is the correct answer. Having an AD integrated DNS external server is a serious cause for alarm. There is no need for this and it causes vulnerability on the network. 

B. All external DNS is done by an ISP. 

This is not the correct answer. This would not be a cause for alarm. This would actually reduce the company's network risk as it is offloaded onto the ISP. 

C. Internal AD Integrated DNS servers are using private DNS names that are unregistered. This is not the correct answer. This would not be a cause for alarm. This would actually reduce the company's network risk. 

D. Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server. 

This is not the correct answer. This would not be a cause for alarm. This would actually reduce the company's network risk. 


Abreast of the times 312-50 exams:

Q386. ou have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming. 

Which command would you execute to extract the Trojan to a standalone file? 

A. c:\> type readme.txt:virus.exe > virus.exe 

B. c:\> more readme.txt | virus.exe > virus.exe 

C. c:\> cat readme.txt:virus.exe > virus.exe 

D. c:\> list redme.txt$virus.exe > virus.exe 

Answer: C

Explanation: cat will concatenate, or write, the alternate data stream to its own file named virus.exe 


Q387. Which of the following tools are used for footprinting?(Choose four. 

A. Sam Spade 

B. NSLookup 

C. Traceroute 

D. Neotrace 

E. Cheops 

Answer: ABCD 

Explanation: All of the tools listed are used for footprinting except Cheops. 


Q388. Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error? 

Select the best answer. 

A. archive.org 

B. There is no way to get the changed webpage unless you contact someone at the company 

C. Usenet 

D. Javascript would not be in their html so a service like usenet or archive wouldn't help you 

Answer:

Explanations: 

Archive.org is a website that periodically archives internet content. They have archives of websites over many years. It could be used to go back and look at the javascript as javascript would be in the HTML code. 


Q389. Study the log below and identify the scan type. 

tcpdump –w host 192.168.1.10 

A. nmap R 192.168.1.10 

B. nmap S 192.168.1.10 

C. nmap V 192.168.1.10 

D. nmap –sO –T 192.168.1.10 

Answer: D

Explanation: -sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. 


Q390. You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs? 

A. The zombie you are using is not truly idle. 

B. A stateful inspection firewall is resetting your queries. 

C. Hping2 cannot be used for idle scanning. 

D. These ports are actually open on the target system. 

Answer: A

Explanation: If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you.