★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Ucertify 312-50 exam study guides now. We will not let you down with our money-back guarantee.

2021 Aug ec-council certified ethical hacker exam 312-50 cost:

Q201. Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host's TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload? 

A. Defrag 

B. Tcpfrag 

C. Tcpdump 

D. Fragroute 

Answer: D

Explanation: fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. 


Q202. Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called? 

A. Information Audit Policy (IAP) 

B. Information Security Policy (ISP) 

C. Penetration Testing Policy (PTP) 

D. Company Compliance Policy (CCP) 

Answer: B


Q203. One of your team members has asked you to analyze the following SOA record. What is the version? 

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400. 

A. 200303028 

B. 3600 

C. 604800 

D. 2400 

E. 60 

F. 4800 

Answer: A 

Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version. 


Q204. This is an example of whois record. 


Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers) 

A. Search engines like Google, Bing will expose information listed on the WHOIS record 

B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record 

C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record 

D. IRS Agents will use this information to track individuals using the WHOIS record information 

Answer: BC


Q205. TCP SYN Flood attack uses the three-way handshake mechanism. 

1. An attacker at system A sends a SYN packet to victim at system B. 

2. System B sends a SYN/ACK packet to victim A. 

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. 

This status of client B is called _________________ 

A. "half-closed" 

B. "half open" 

C. "full-open" 

D. "xmas-open" 

Answer: B


312-50 exam fees

Refresh ceh 312-50 exam price:

Q206. Daryl is a network administrator working for Dayton Technologies. Since Daryl’s background is in web application development, many of the programs and applications his company uses are web-based. Daryl sets up a simple forms-based logon screen for all the applications he creates so they are secure. 

The problem Daryl is having is that his users are forgetting their passwords quite often and sometimes he does not have the time to get into his applications and change the passwords for them. Daryl wants a tool or program that can monitor web-based passwords and notify him when a password has been changed so he can use that tool whenever a user calls him and he can give them their password right then. 

What tool would work best for Daryl’s needs? 

A. Password sniffer 

B. L0phtcrack 

C. John the Ripper 

D. WinHttrack 

Answer: A 

Explanation: L0phtCrack is a password auditing and recovery application (now called LC5), originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords. John the Ripper is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customisable cracker. It can be run against various encrypted password formats including several crypt password hash types WinHttrack is a offline browser. A password sniffer would give Daryl the passwords when they are changed as it is a web based authentication over a simple form but still it would be more correct to give the users new passwords instead of keeping a copy of the passwords in clear text. 


Q207. Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using? 

A. Henry is executing commands or viewing data outside the intended target path 

B. Henry is using a denial of service attack which is a valid threat used by an attacker 

C. Henry is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege 

D. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands 

Answer: B

Explanation: Henry’s intention is to perform a DoS attack against his target, possibly a DDoS attack. He uses systems other than his own to perform the attack in order to cover the tracks back to him and to get more “punch” in the DoS attack if he uses multiple systems. 


Q208. John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool? 

A. hping2 

B. nessus 

C. nmap 

D. make 

Answer: B


Q209. Study the snort rule given below and interpret the rule. 

alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msg: "mountd access";) 

A. An alert is generated when a TCP packet is originated from port 111 of any IP address to the 

192.168.1.0 subnet 

B. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet 

C. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111 

D. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111 

Answer: D

Explanation: Refer to the online documentation on creating Snort rules at http://snort.org/docs/snort_htmanuals/htmanual_261/node147.html 


Q210. Bob has been hired to do a web application security test. Bob notices that the site is dynamic and infers that they mist be making use of a database at the application back end. Bob wants to validate whether SQL Injection would be possible. 

What is the first character that Bob should use to attempt breaking valid SQL requests? 

A. Semi Column 

B. Double Quote 

C. Single Quote 

D. Exclamation Mark 

Answer: C

Explanation: In SQL single quotes are used around values in queries, by entering another single quote Bob tests if the application will submit a null value and probably returning an error.