★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Actualtests 312-50 exam study guides now. We will not let you down with our money-back guarantee.

2021 Mar 312-50 exam question

Q161. What type of session hijacking attack is shown in the exhibit? 

A. Cross-site scripting Attack 

B. SQL Injection Attack 

C. Token sniffing Attack 

D. Session Fixation Attack 

Answer: D


Q162. In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless network. Unfortunately unauthorized users are still able to connect to the wireless network. 

Why do you think this is possible? 

A. Bob forgot to turn off DHCP. 

B. All access points are shipped with a default SSID. 

C. The SSID is still sent inside both client and AP packets. 

D. Bob’s solution only works in ad-hoc mode. 

Answer: B

Explanation: All access points are shipped with a default SSID unique to that manufacturer, for example 3com uses the default ssid comcomcom. 


Q163. What does ICMP (type 11, code 0) denote? 

A. Unknown Type 

B. Time Exceeded 

C. Source Quench 

D. Destination Unreachable 

Answer: B

Explanation: An ICMP Type 11, Code 0 means Time Exceeded [RFC792], Code 0 = Time to Live exceeded in Transit and Code 1 = Fragment Reassembly Time Exceeded. 


Q164. How would you permanently wipe the data in the hard disk? 

A. wipe -fik /dev/hda1 

B. erase -fik /dev/hda1 

C. delete -fik /dev/hda1 

D. secdel -fik /dev/hda1 

Answer: A


Q165. What does the following command in netcat do? 

nc -l -u -p 55555 < /etc/passwd 

A. logs the incoming connections to /etc/passwd file 

B. loads the /etc/passwd file to the UDP port 55555 

C. grabs the /etc/passwd file when connected to UDP port 55555 

D. deletes the /etc/passwd file when connected to the UDP port 55555 

Answer: C

Explanation: -l forces netcat to listen for incoming connections. 

-u tells netcat to use UDP instead of TCP 

-p 5555 tells netcat to use port 5555 

< /etc/passwd tells netcat to grab the /etc/passwd file when connected to. 


Avant-garde 312-50 answers:

Q166. Study the log below and identify the scan type. 

tcpdump -vv host 192.168.1.10 

17:34:45.802163 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 36166) 

17:34:45.802216 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 33796) 

17:34:45.802266 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 47066) 

17:34:46.111982 eth0 < 192.168.1.1 > victim: ip-proto-74 0 (ttl 48, id 35585) 

17:34:46.112039 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 32834) 

17:34:46.112092 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 26292) 

17:34:46.112143 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 51058) 

tcpdump -vv -x host 192.168.1.10 

17:35:06.731739 eth0 < 192.168.1.10 > victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c 0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 

A. nmap -sR 192.168.1.10 

B. nmap -sS 192.168.1.10 

C. nmap -sV 192.168.1.10 

D. nmap -sO -T 192.168.1.10 

Answer: D


Q167. This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive tasks for an IDS to reassemble all fragments itself and on a busy system the packet will slip through the IDS onto the network. 

What is this technique called? 

A. IP Fragmentation or Session Splicing 

B. IP Routing or Packet Dropping 

C. IDS Spoofing or Session Assembly 

D. IP Splicing or Packet Reassembly 

Answer: A

Explanation: The basic premise behind session splicing, or IP Fragmentation, is to deliver the payload over multiple packets thus defeating simple pattern matching without session reconstruction. This payload can be delivered in many different manners and even spread out over a long period of time. Currently, Whisker and Nessus have session splicing capabilities, and other tools exist in the wild. 


Q168. If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False). 

A. True 

B. False 

Answer:

Explanation: When and ACK is sent to an open port, a RST is returned. 


Q169. Which of the following Nmap commands would be used to perform a UDP scan of the lower 1024 ports? 

A. Nmap -h -U 

B. Nmap -hU <host(s.> 

C. Nmap -sU -p 1-1024 <host(s.> 

D. Nmap -u -v -w2 <host> 1-1024 

E. Nmap -sS -O target/1024 

Answer: C

Explanation: Nmap -sU -p 1-1024 <hosts.> is the proper syntax. Learning Nmap and its switches are critical for successful completion of the CEH exam. 


Q170. Which type of hacker represents the highest risk to your network? 

A. script kiddies 

B. grey hat hackers 

C. black hat hackers 

D. disgruntled employees 

Answer: D

Explanation: The disgruntled users have some permission on your database, versus a hacker who might not get into the database. Global Crossings is a good example of how a disgruntled employee -- who took the internal payroll database home on a hard drive -- caused big problems for the telecommunications company. The employee posted the names, Social Security numbers and birthdates of company employees on his Web site. He may have been one of the factors that helped put them out of business.