★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Regenerate Ethical Hacking and Countermeasures (CEHv6) practice guides.

2021 Mar 312-50 test questions

Q411. On wireless networks, a SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless network? 

A. The SSID is only 32 bits in length 

B. The SSID is transmitted in clear text 

C. The SSID is to identify a station not a network 

D. The SSID is the same as the MAC address for all vendors 

Answer: B

Explanation: The use of SSIDs is a fairly weak form of security, because most access points broadcast the SSID, in clear text, multiple times per second within the body of each beacon frame. A hacker can easily use an 802.11 analysis tool (e.g., AirMagnet, Netstumbler, or AiroPeek) to identify the SSID. 


Q412. You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assesments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? 

A. Reconfigure the firewall 

B. Conduct a needs analysis 

C. Install a network-based IDS 

D. Enforce the corporate security policy 

Answer: D

Explanation: The security policy is meant to always be followed until changed. If a need rises to perform actions that might violate the security policy you’ll have to find another way to accomplish the task or wait until the policy has been changed. 


Q413. Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three) 

A. Converts passwords to uppercase. 

B. Hashes are sent in clear text over the network. 

C. Makes use of only 32 bit encryption. 

D. Effective length is 7 characters. 

Answer: ABD

Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes them self are sent in clear text over the network instead of sending the password in clear text. 


Q414. According to the CEH methodology, what is the next step to be performed after footprinting? 

A. Enumeration 

B. Scanning 

C. System Hacking 

D. Social Engineering 

E. Expanding Influence 

Answer:

Explanation: Once footprinting has been completed, scanning should be attempted next. 

Scanning should take place on two distinct levels: network and host. 


Q415. You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. 

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results? 

A. Online Attack 

B. Dictionary Attack 

C. Brute Force Attack 

D. Hybrid Attack 

Answer: D

Explanation: A dictionary attack will not work as strong passwords are enforced, also the minimum length of 8 characters in the password makes a brute force attack time consuming. A hybrid attack where you take a word from a dictionary and exchange a number of letters with numbers and special characters will probably be the fastest way to crack the passwords. 


Refresh 312-50 free draindumps:

Q416. Which of the following is the primary objective of a rootkit? 

A. It opens a port to provide an unauthorized service 

B. It creates a buffer overflow 

C. It replaces legitimate programs 

D. It provides an undocumented opening in a program 

Answer: C

Explanation: Actually the objective of the rootkit is more to hide the fact that a system has been compromised and the normal way to do this is by exchanging, for example, ls to a version that doesn’t show the files and process implanted by the attacker. 


Q417. Jack Hacker wants to break into company’s computers and obtain their secret double fudge cookie recipe. Jacks calls Jane, an accountant at company pretending to be an administrator from company. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him “just to double check our records”. Jane does not suspect anything amiss, and parts with her password. Jack can now access company’s computers with a valid user name and password, to steal the cookie recipe. 

What kind of attack is being illustrated here? (Choose the best answer) 

A. Reverse Psychology 

B. Reverse Engineering 

C. Social Engineering 

D. Spoofing Identity 

E. Faking Identity 

Answer: C

Explanation: This is a typical case of pretexting. Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone. 


Q418. While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out. 

What is the most likely cause behind this response? 

A. The firewall is dropping the packets. 

B. An in-line IDS is dropping the packets. 

C. A router is blocking ICMP. 

D. The host does not respond to ICMP packets. 

Answer:

Explanation: Type 3 message = Destination Unreachable [RFC792], Code 13 (cause) = 

Communication Administratively Prohibited [RFC1812] 


Q419. In the context of Trojans, what is the definition of a Wrapper? 

A. An encryption tool to protect the Trojan. 

B. A tool used to bind the Trojan with legitimate file. 

C. A tool used to encapsulated packets within a new header and footer. 

D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan. 

Answer: B

Explanation: These wrappers allow an attacker to take any executable back-door program and combine it with any legitimate executable, creating a Trojan horse without writing a single line of new code. 


Q420. Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply) 

A. CHAT rooms 

B. WHOIS database 

C. News groups 

D. Web sites E. Search engines 

F. Organization’s own web site 

Answer: ABCDEF 

Explanation: A Security tester should search for information everywhere that he/she can access. 

You never know where you find that small piece of information that could penetrate a strong defense.