★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Want to know Testking 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Actual EC-Council 312-50 answers to Abreast of the times 312-50 questions at Testking. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

2021 Jan ceh exam 312-50 pdf:

Q371. Choose one of the following pseudo codes to describe this statement: 

If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data. 

A. If (I > 200) then exit (1) 

B. If (I < 200) then exit (1) 

C. If (I <= 200) then exit (1) 

D. If (I >= 200) then exit (1) 

Answer: D


Q372. Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error? 

Select the best answer. 

A. archive.org 

B. There is no way to get the changed webpage unless you contact someone at the company 

C. Usenet 

D. Javascript would not be in their html so a service like usenet or archive wouldn't help you 

Answer:

Explanations: 

Archive.org is a website that periodically archives internet content. They have archives of websites over many years. It could be used to go back and look at the javascript as javascript would be in the HTML code. 


Q373. How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network? 

A. Covert Channel 

B. Crafted Channel 

C. Bounce Channel 

D. Deceptive Channel 

Answer:

Explanation: A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." 

Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information. 


Q374. Ethernet switches can be adversely affected by rapidly bombarding them with spoofed ARP responses. He port to MAC Address table (CAM Table) overflows on the switch and rather than failing completely, moves into broadcast mode, then the hacker can sniff all of the packets on the network. 

Which of the following tool achieves this? 

A. ./macof 

B. ./sniffof 

C. ./dnsiff 

D. ./switchsnarf 

Answer: A

Explanation: macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). 


Q375. You have initiated an active operating system fingerprinting attempt with nmap against a target system: 

[root@ceh NG]# /usr/local/bin/nmap -sT -O 10.0.0.1 

Starting nmap 3.28 ( www.insecure.org/nmap/) at 2003-06-18 19:14 IDT Interesting ports on 10.0.0.1: (The 1628 ports scanned but not shown below are in state: closed) Port State Service 21/tcp filtered ftp 22/tcp filtered ssh 25/tcp open smtp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 389/tcp open LDAP 443/tcp open https 465/tcp open smtps 1029/tcp open ms-lsa 1433/tcp open ms-sql-s 2301/tcp open compaqdiag 5555/tcp open freeciv 

5800/tcp open vnc-http 

5900/tcp open vnc 

6000/tcp filtered X11 

Remote operating system guess: Windows XP, Windows 2000, NT4 or 95/98/98SE Nmap run completed -- 1 IP address (1 host up) scanned in 3.334 seconds 

Using its fingerprinting tests nmap is unable to distinguish between different groups of Microsoft based operating systems - Windows XP, Windows 2000, NT4 or 95/98/98SE. 

What operating system is the target host running based on the open ports shown above? 

A. Windows XP 

B. Windows 98 SE 

C. Windows NT4 Server 

D. Windows 2000 Server 

Answer:

Explanation: The system is reachable as an active directory domain controller (port 389, LDAP) 


Improved ceh 312-50 pdf:

Q376. Bob is conducting a password assessment for one of his clients. Bob suspects that password policies are not in place and weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weakness and key loggers. What are the means that Bob can use to get password from his client hosts and servers? 

A. Hardware, Software and Sniffing 

B. Hardware and Software Keyloggers 

C. Software only, they are the most effective 

D. Passwords are always best obtained using Hardware key loggers 

Answer:

Explanation: All loggers will work as long as he has physical access to the computers. 

Topic 8, Denial of Service 

275. The evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is attempting to perform? 

A. Syn flood 

B. Smurf 

C. Ping of death 

D. Fraggle 

Answer:

Reference: http://insecure.org/sploits/ping-o-death.html 


Q377. Exhibit: 

You have captured some packets in Ethereal. You want to view only packets sent from 

10.0.0.22. What filter will you apply? 

A. ip = 10.0.0.22 

B. ip.src == 10.0.0.22 

C. ip.equals 10.0.0.22 

D. ip.address = 10.0.0.22 

Answer:

Explanation: ip.src tells the filter to only show packets with 10.0.0.22 as the source. 


Q378. Which of the following activities will NOT be considered as passive footprinting? 

A. Go through the rubbish to find out any information that might have been discarded. 

B. Search on financial site such as Yahoo Financial to identify assets. 

C. Scan the range of IP address found in the target DNS database. 

D. Perform multiples queries using a search engine. 

Answer: C

Explanation: Passive footprinting is a method in which the attacker never makes contact with the target systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the systems behind the IP addresses that is targeted by the scan. 


Q379. LAN Manager passwords are concatenated to 14 bytes and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always: 

A. 0xAAD3B435B51404EE 

B. 0xAAD3B435B51404AA 

C. 0xAAD3B435B51404BB 

D. 0xAAD3B435B51404CC 

Answer: A

Explanation: A problem with LM stems from the total lack of salting or cipher block chaining in the hashing process. To hash a password the first 7 bytes of it are transformed into an 8 byte odd parity DES key. This key is used to encrypt the 8 byte string "KGS!@". Same thing happens with the second part of the password. This lack of salting creates two interesting consequences. Obviously this means the password is always stored in the same way, and just begs for a typical lookup table attack. The other consequence is that it is easy to tell if a password is bigger than 7 bytes in size. If not, the last 7 bytes will all be null and will result in a constant DES hash of 0xAAD3B435B51404EE. 


Q380. What attack is being depicted here? 

A. Cookie Stealing 

B. Session Hijacking 

C. Cross Site scripting 

D. Parameter Manipulation 

Answer: D

Explanation: Manipulating the data sent between the browser and the web application to an attacker's advantage has long been a simple but effective way to make applications do things in a way the user often shouldn't be able to. In a badly designed and developed web application, malicious users can modify things like prices in web carts, session tokens or values stored in cookies and even HTTP headers. In this case the user has elevated his rights.