★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


By generating the utmost involving our EC-Council 312-50 goods which contain 312-50 exam question and answers, you are bond to obtain through the EC-Council actual test. All of us guarantee your current success together with the help involving EC-Council 312-50 professionally written practice questions and answers at Actualtests. Each of our EC-Council practice materials gives you comprehensive education for the 312-50 exam syllabus. Cracking the particular EC-Council EC-Council exam is no issue with each of our precise, accurate and logical dumps. The feedback and high passing ratio may prove each of our promise. All of us offer you the money-back policy just in case you fail in the initial attempt after utilizing EC-Council 312-50 products.

2021 Sep 312-50 exam cost:

Q271. To see how some of the hosts on your network react, Winston sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established he sends RST packets to those hosts to stop the session. Winston has done this to see how his intrusion detection system will log the traffic. What type of scan is Winston attempting here? 

A. Winston is attempting to find live hosts on your company's network by using an XMAS scan. 

B. He is utilizing a SYN scan to find live hosts that are listening on your network. 

C. This type of scan he is using is called a NULL scan. 

D. He is using a half-open scan to find live hosts on your network. 

Answer: D


Q272. If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response? 

A. 31400 

B. 31402 

C. The zombie will not send a response 

D. 31401 

Answer: D


Q273. Sniffing is considered an active attack. 

A. True 

B. False 

Answer: B 

Explanation: Sniffing is considered a passive attack. 


Q274. Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.) 

A. Install DNS logger and track vulnerable packets 

B. Disable DNS timeouts 

C. Install DNS Anti-spoofing 

D. Disable DNS Zone Transfer 

Answer: C

Explanation: Explantion: Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur. 


Q275. Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges? 

A. Give users tokens 

B. Give user the least amount of privileges 

C. Give users two passwords 

D. Give users a strong policy document 

Answer: B 

Explanation: With less privileges it is harder to increase the privileges. 


312-50 test

Refresh intitle index of 312-50 pdf:

Q276. RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured. 

What is the most likely cause behind this? 

A. There are some flaws in the implementation. 

B. There is no key management. 

C. The IV range is too small. 

D. All of the above. 

E. None of the above. 

Answer: D

Explanation: Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets. Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed. 


Q277. What does an ICMP (Code 13) message normally indicates? 

A. It indicates that the destination host is unreachable 

B. It indicates to the host that the datagram which triggered the source quench message will need to be re-sent 

C. It indicates that the packet has been administratively dropped in transit 

D. It is a request to the host to cut back the rate at which it is sending traffic to the Internet destination 

Answer: C

Explanation: CODE 13 and type 3 is destination unreachable due to communication administratively prohibited by filtering hence maybe they meant "code 13", therefore would be C). 

Note:A - Type 3B - Type 4C - Type 3 Code 13D - Typ4 4 


Q278. ou are footprinting the www.xsecurity.com domain using the Google Search Engine. You would like to determine what sites link to www.xsecurity .com at the first level of revelance. 

Which of the following operator in Google search will you use to achieve this? 

A. Link: www.xsecurity.com 

B. serch?l:www.xsecurity.com 

C. level1.www.security.com 

D. pagerank:www.xsecurity.com 

Answer: A

Explanation: The query [link:] will list webpages that have links to the specified webpage. For instance, [link:www.google.com] will list webpages that have links pointing to the Google homepage. Note there can be no space between the "link:" and the web page url. 


Topic 3, Scanning 

35. Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4. 

A. UDP is filtered by a gateway 

B. The packet TTL value is too low and cannot reach the target 

C. The host might be down 

D. The destination network might be down 

E. The TCP windows size does not match 

F. ICMP is filtered by a gateway 

Answer: ABCF

Explanation: If the destination host or the destination network is down there is no way to get an answer and if TTL (Time To Live) is set too low the UDP packets will “die” before reaching the host because of too many hops between the scanning computer and the target. The TCP receive window size is the amount of received data (in bytes) that can be buffered during a connection. The sending host can send only that amount of data before it must wait for an acknowledgment and window update from the receiving host and ICMP is mainly used for echo requests and not in port scans. 


Q279. Exhibit: 


Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal? 

A. har.txt 

B. SAM file 

C. wwwroot 

D. Repair file 

Answer: B 

Explanation: He is actually trying to get the file har.txt but this file contains a copy of the SAM file. 


Q280. Lyle is a systems security analyst for Gusteffson & Sons, a large law firm in Beverly Hills. Lyle's responsibilities include network vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a user in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the hard drive is almost full. Lyle runs a scan on the computer with the company antivirus software and finds nothing. Lyle downloads another free antivirus application and scans the computer again. This time a virus is found on the computer. The infected files appear to be Microsoft Office files since they are in the same directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer? 

A. This type of virus that Lyle has found is called a cavity virus. 

B. Lyle has discovered a camouflage virus on the computer. 

C. By using the free antivirus software, Lyle has found a tunneling virus on the computer. 

D. Lyle has found a polymorphic virus on this computer 

Answer: C