★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Many That aspirants are eager to acquire the EC-Council EC-Council certification. It is a threshold in direction of a well-paid job. If you carry a EC-Council certification, you are going to hold the advantage over other candidates in the job market. Nevertheless, passing the EC-Council 312-50 exam will be never a good easy job without just about any help. Taking advantage of the EC-Council EC-Council exam questions and answers which usually reflect the real exam at Examcollection, you are going to be all set for the EC-Council true test. It is a more rapidly and less complicated approach to prepare for the EC-Council 312-50 exam by having the Examcollections education course. We guarantee the success with first attempt.

2021 Dec 312-50 vce:

Q131. Paula works as the primary help desk contact for her company. Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he ca no longer work. Paula walks over to the user’s computer and sees the Blue Screen of Death screen. The user’s computer is running Windows XP, but the Blue screen looks like a familiar one that Paula had seen a Windows 2000 Computers periodically. 

The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there. Paula also noticed that the hard drive activity light was flashing meaning that the computer was processing some thing. Paula knew this should not be the case since the computer should be completely frozen during a Blue screen. She checks the network IDS live log entries and notices numerous nmap scan alerts. 

What is Paula seeing happen on this computer? 

A. Paula’s Network was scanned using FloppyScan 

B. Paula’s Netwrok was scanned using Dumpsec 

C. There was IRQ conflict in Paula’s PC 

D. Tool like Nessus will cause BSOD 

Answer: A

Explanation: Floppyscan is a dangerous hacking tool which can be used to portscan a system using a floppy disk Bootsup mini Linux Displays Blue screen of death screen Port scans the network using NMAP Send the results by e-mail to a remote server. 


Q132. Which of the following snort rules look for FTP root login attempts? 

A. alert tcp -> any port 21 (msg:"user root";) 

B. alert tcp -> any port 21 (message:"user root";) 

C. alert ftp -> ftp (content:"user password root";) 

D. alert tcp any any -> any any 21 (content:"user root";) 

Answer: D

Explanation: The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:”user root”;) 


Q133. Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist's computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software? 

A. Steganography 

B. Wrapping 

C. ADS 

D. Hidden Channels 

Answer: A


Q134. Steven works as a security consultant and frequently performs penetration tests for Fortune 500 companies. Steven runs external and internal tests and then creates reports to show the companies where their weak areas are. Steven always signs a non-disclosure agreement before performing his tests. What would Steven be considered? 

A. Whitehat Hacker 

B. BlackHat Hacker 

C. Grayhat Hacker 

D. Bluehat Hacker 

Answer: A

Explanation: A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them. 


Q135. System Administrators sometimes post questions to newsgroups when they run into technical challenges. As an ethical hacker, you could use the information in newsgroup posting to glean insight into the makeup of a target network. How would you search for these posting using Google search? 

A. Search in Google using the key strings “the target company” and “newsgroups” 

B. Search for the target company name at http://groups.google.com 

C. Use NNTP websites to search for these postings 

D. Search in Google using the key search strings “the target company” and “forums” 

Answer: B

Explanation: Using http://groups.google.com is the easiest way to access various newsgroups today. Before http://groups.google.com you had to use special NNTP clients or subscribe to some nntp to web services. 


Latest ceh 312-50 exam price:

Q136. You have the SOA presented below in your Zone. Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries? 

collegae.edu.SOA,cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600) 

A. One day 

B. One hour 

C. One week 

D. One month 

Answer: C

Explanation: The numbers represents the following values: 200302028; se = serial number 3600; ref = refresh = 1h 3600; ret = update retry = 1h 604800; ex = expiry = 1w 3600; min = minimum TTL = 1h 


Q137. You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this? 

GET /scripts/root.exe?/c+dir GET /MSADC/root.exe?/c+dir GET /c/winnt/system32/cmd.exe?/c+dir GET /d/winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /msadc/..%5c../..%5c../..%5c/..xc1x1c../..xc1x1c../..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc0/../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc0xaf../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x9c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir 

A. The Morris worm 

B. The PIF virus 

C. Trinoo 

D. Nimda 

E. Code Red 

F. Ping of Death 

Answer: D

Explanation: The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS. 


Q138. This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker. 

A. Unique SQL Injection 

B. Blind SQL Injection 

C. Generic SQL Injection 

D. Double SQL Injection 

Answer: B


Q139. What port number is used by LDAP protocol? 

A. 110 

B. 389 

C. 445 

D. 464 

Answer:

Explanation: Active Directory and Exchange use LDAP via TCP port 389 for clients. 


Q140. Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a technique called Search Engine Optimization. 

Once the Fake AV is downloaded into the user's computer, the software will scare them into believing their system is infected with threats that do not really exist, and then push users to purchase services to clean up the non-existent threats. 

The Fake AntiVirus will continue to send these annoying and intrusive alerts until a payment is made. 

What is the risk of installing Fake AntiVirus? 

A. Victim's Operating System versions, services running and applications installed will be published on Blogs and Forums 

B. Victim's personally identifiable information such as billing address and credit card details, may be extracted and exploited by the attacker 

C. Once infected, the computer will be unable to boot and the Trojan will attempt to format the hard disk 

D. Denial of Service attack will be launched against the infected computer crashing other machines on the connected network 

Answer: B