★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Ucertify soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Improve Ethical Hacking and Countermeasures (CEHv6) practice guides.

2021 Sep intitle index of 312-50 pdf:

Q401. How does traceroute map the route a packet travels from point A to point B? 

A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message 

B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message 

C. Uses a protocol that will be rejected by gateways on its way to the destination 

D. Manipulates the flags within packets to force gateways into generating error messages 

Answer: B


Q402. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common? 

A. All are hacking tools developed by the legion of doom 

B. All are tools that can be used not only by hackers, but also security personnel 

C. All are DDOS tools 

D. All are tools that are only effective against Windows 

E. All are tools that are only effective against Linux 

Answer: C 

Explanation: All are DDOS tools. 


Q403. A POP3 client contacts the POP3 server: 

A. To send mail 

B. To receive mail 

C. to send and receive mail 

D. to get the address to send mail to 

E. initiate a UDP SMTP connection to read mail 

Answer: B 

Explanation: POP is used to receive e-mail.SMTP is used to send e-mail. 


Q404. Identify SQL injection attack from the HTTP requests shown below: 

A. http://www.victim.com/example?accountnumber=67891&creditamount=999999999 

B. http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al 

C. http://www.myserver.com/search.asp?lname=smith%27%3bupdate%20usertable%20set%20pass wd%3d%27hAx0r%27%3b--%00 

D. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%2fwww.yourser ver.c0m%2fbadscript.js%22% 3e%3c%2fscript%3e 

Answer: C

Explantion: The correct answer contains the code to alter the usertable in order to change the password for user smith to hAx0r 


Q405. Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder’s IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his network hackers on the Internet. 

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall use. 

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder’s attempts. 

Samuel wants to completely block hackers brute force attempts on his network. 

What are the alternatives to defending against possible brute-force password attacks on his site? 

A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users 

B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually 

C. Enforce complex password policy on your network so that passwords are more difficult to brute force 

D. You can’t completely block the intruders attempt if they constantly switch proxies 

Answer: D

Explanation: Without knowing from where the next attack will come there is no way of proactively block the attack. This is becoming a increasing problem with the growth of large bot nets using ordinary workstations and home computers in large numbers. 


312-50 exam answers

Improve intitle index of 312-50 pdf:

Q406. Joe the Hacker breaks into company’s Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode. 

Running “ifconfig –a” will produce the following: 

# ifconfig –a 

1o0: flags=848<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 

inet 127.0.0.1 netmask ff000000hme0: 

flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST> mtu inet 192.0.2.99 netmask ffffff00 broadcast 134.5.2.255 ether 

8:0:20:9c:a2:35 

What can Joe do to hide the wiretap program from being detected by ifconfig command? 

A. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu 

B. Run the wiretap program in stealth mode from being detected by the ifconfig command. 

C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console. 

D. You cannot disable Promiscuous mode detection on Linux systems. 

Answer: C

Explanation: The normal way to hide these rogue programs running on systems is the use crafted commands like ifconfig and ls. 


Q407. Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password 'just to double check our records'. Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.'s computers, to find the cookie recipe. This is an example of what kind of attack? 

A. Reverse Psychology 

B. Social Engineering 

C. Reverse Engineering 

D. Spoofing Identity 

E. Faking Identity 

Answer: B

Explanation: This is a typical case of pretexting. Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone. 


Q408. DRAG DROP 

Drag the application to match with its correct description. 

Exhibit: 


Answer: 



Q409. The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds. 

What kind of attack is this program susceptible to? 

A. Buffer of Overflow 

B. Denial of Service 

C. Shatter Attack 

D. Password Attack 

Answer: A

Explanation: C users must avoid using dangerous functions that do not check bounds unless they've ensured that the bounds will never get exceeded. A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer's boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program. 


Q410. Which of the following commands runs snort in packet logger mode? 

A. ./snort -dev -h ./log 

B. ./snort -dev -l ./log 

C. ./snort -dev -o ./log 

D. ./snort -dev -p ./log 

Answer: B

Explanation: Note: If you want to store the packages in binary mode for later analysis use ./snort -l ./log -b