★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


We offer you the most upgraded and latest 312-50 training braindumps for EC-Council 312-50 exam whatsoever times. All of us promise that you will have a high score which usually guarantee your success. Should you be unable to get the actual EC-Council certification in the 1st time, you will have another possibility to use our updated EC-Council 312-50 dumps for free. When you purchase each of our EC-Council 312-50 exam questions, we supply you full service with getting your material set up on your system, knowing and becoming able to use it. Should you have just about any questions in the means of using each of our EC-Council EC-Council training analyze, please contact us. All of us will fix them from the shortest time.

2021 Sep ceh exam 312-50 pdf:

Q241. What sequence of packets is sent during the initial TCP three-way handshake? 

A. SYN, URG, ACK 

B. FIN, FIN-ACK, ACK 

C. SYN, ACK, SYN-ACK 

D. SYN, SYN-ACK, ACK 

Answer: D

Explanation: This is referred to as a "three way handshake." The "SYN" flags are requests by the TCP stack at one end of a socket to synchronize themselves to the sequence numbering for this new sessions. The ACK flags acknowlege earlier packets in this session. Obviously only the initial packet has no ACK flag, since there are no previous packets to acknowlege. Only the second packet (the first response from a server to a client) has both the SYN and the ACK bits set. 


Q242. Central Frost Bank was a medium-sized, regional financial institution in New York. The bank recently deployed a new Internet-accessible Web application. Using this application, Central Frost's customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business through a Web browser. John Stevens was in charge of information security at Central Frost Bank. After one month in production, the Internet banking application was the subject of several customer complaints. Mysteriously, the account balances ofmany of Central Frost's customers had been changed! However, moneyhadn't been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries: 

Attempted login of unknown user: johnm Attempted login of unknown user: susaR Attempted login of unknown user: sencat Attempted login of unknown user: pete'' Attempted login of unknown user: ' or 1=1--Attempted login of unknown user: ' drop table logins--Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x9062757944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike 

What type of attack did the Hacker attempt? 

A. Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools. 

B. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability. 

C. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID. 

D. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session. 

Answer: C

Explanation: The 1=1 or drop table logins are attempts at SQL injection. 


Q243. Darren is the network administrator for Greyson & Associates, a large law firm in Houston. Darren is responsible for all network functions as well as any digital forensics work that is needed. Darren is examining the firewall logs one morning and notices some unusual activity. He traces the activity target to one of the firm's internal file servers and finds that many documents on that server were destroyed. After performing some calculations, Darren finds the damage to be around $75,000 worth of lost data. Darren decides that this incident should be handled and resolved within the same day of its discovery. 

What incident level would this situation be classified as? 

A. This situation would be classified as a mid-level incident 

B. Since there was over $50,000 worth of loss, this would be considered a high-level incident 

C. Because Darren has determined that this issue needs to be addressed in the same day it was discovered, this would be considered a low-level incident 

D. This specific incident would be labeled as an immediate-level incident 

Answer: D


Q244. 802.11b is considered a ____________ protocol. 

A. Connectionless 

B. Secure 

C. Unsecure 

D. Token ring based 

E. Unreliable 

Answer: C

Explanation: 802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker. 


Q245. John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame? 

A. 0xFFFFFFFFFFFF 

B. 0xAAAAAAAAAAAA 

C. 0xBBBBBBBBBBBB 

D. 0xDDDDDDDDDDDD 

Answer: A 

Explanation: 0xFFFFFFFFFFFF is the destination MAC address of the broadcast frame. 


312-50 practice

Replace ethical hacking and countermeasures exam 312-50:

Q246. Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. 

But Jess is not picking up hashed from the network. 

Why? 

A. The network protocol is configured to use SMB Signing. 

B. The physical network wire is on fibre optic cable. 

C. The network protocol is configured to use IPSEC. 

D. L0phtCrack SMB filtering only works through Switches and not Hubs. 

Answer: A

Explanation: To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session. 


Q247. In the context of Windows Security, what is a 'null' user? 

A. A user that has no skills 

B. An account that has been suspended by the admin 

C. A pseudo account that has no username and password 

D. A pseudo account that was created for security administration purpose 

Answer: C 

Explanation: NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host:* List of users and groups 

* List of machines * List of shares * Users and host SID' (Security Identifiers) 

NULL sessions exist in windows networking to allow: * Trusted domains to enumerate resources * 

Computers outside the domain to authenticate and enumerate users * The SYSTEM account to authenticate and enumerate resources 

NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow anonymous enumeration of shares, but not SAM accounts. 


Q248. When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device? 

A. ICMP ECHO_REQUEST & TCP SYN 

B. ICMP ECHO_REQUEST & TCP ACK 

C. ICMP ECHO_REPLY & TFP RST 

D. ICMP ECHO_REPLY & TCP FIN 

Answer: B

Explanation: The default behavior of NMAP is to do both an ICMP ping sweep (the usual kind of ping) and a TCP port 80 ACK ping sweep. If an admin is logging these this will be fairly characteristic of NMAP. 


Q249. When working with Windows systems, what is the RID of the true administrator account? 

A. 500 

B. 501 

C. 512 

D. 1001 

E. 1024 

F. 1000 

Answer: A 

Explanation: The built-in administrator account always has a RID of 500. 


Q250. You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks? 

A. System services 

B. EXEC master access 

C. xp_cmdshell 

D. RDC 

Answer: C