★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Want to know Actualtests 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Top Quality EC-Council 312-50 answers to Updated 312-50 questions at Actualtests. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

Q91. Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security. 

Maintaining the security of a Web server will usually involve the following steps: 

1. Configuring, protecting, and analyzing log files 

2. Backing up critical information frequently 

3. Maintaining a protected authoritative copy of the organization's Web content 

4. Establishing and following procedures for recovering from compromise 

5. Testing and applying patches in a timely manner 

6. Testing security periodically. 

In which step would you engage a forensic investigator? 

A. 1 

B. 2 

C. 3 

D. 4 

E. 5 

F. 6 

Answer: D


Q92. Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses? 

A. Only Windows systems will reply to this scan. 

B. A switched network will not respond to packets sent to the broadcast address. 

C. Only Linux and Unix-like (Non-Windows) systems will reply to this scan. 

D. Only servers will reply to this scan. 

Answer: C


Q93. Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet. 

How can you protect/fix the problem of your application as shown above? 

A. Because the counter starts with 0, we would stop when the counter is less than 200 

B. Because the counter starts with 0, we would stop when the counter is more than 200 

C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it can’t hold any more data 

D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it can’t hold any more data 

Answer: AC

Explanation: I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200. 


Q94. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? 

Select the best answers. 

A. Use port security on his switches. 

B. Use a tool like ARPwatch to monitor for strange ARP activity. 

C. Use a firewall between all LAN segments. 

D. If you have a small network, use static ARP entries. 

E. Use only static IP addresses on all PC's. 

Answer: ABD

Explanations: 

By using port security on his switches, the switches will only allow the first MAC address that is connected to the switch to use that port, thus preventing ARP spoofing. ARPWatch is a tool that monitors for strange ARP activity. This may help identify ARP spoofing when it happens. Using firewalls between all LAN segments is possible and may help, but is usually pretty unrealistic. On a very small network, static ARP entries are a possibility. However, on a large network, this is not an realistic option. ARP spoofing doesn't have anything to do with static or dynamic IP addresses. Thus, this option won't help you. 


Q95. Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. 

What would you call this attack? 

A. Interceptor 

B. Man-in-the-middle 

C. ARP Proxy 

D. Poisoning Attack 

Answer: B

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. 


Q96. Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this? 

A. The services are protected by TCP wrappers 

B. There is a honeypot running on the scanned machine 

C. An attacker has replaced the services with trojaned ones 

D. This indicates that the telnet and SMTP server have crashed 

Answer: A

Explanation: TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes. 


Q97. In Linux, the three most common commands that hackers usually attempt to Trojan are: 

A. car, xterm, grep 

B. netstat, ps, top 

C. vmware, sed, less 

D. xterm, ps, nc 

Answer: B

Explanation: The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html 


Q98. Peter has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the External Gateway interface. Further inspection reveals they are not responses from internal hosts request but simply responses coming from the Internet. What could be the likely cause of this? 

A. Someone Spoofed Peter’s IP Address while doing a land attack 

B. Someone Spoofed Peter’s IP Address while doing a DoS attack 

C. Someone Spoofed Peter’s IP Address while doing a smurf Attack 

D. Someone Spoofed Peter’s IP address while doing a fraggle attack 

Answer:

Explanation: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target. 


Q99. Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports? 

A. Netcat -h -U 

B. Netcat -hU <host(s.> 

C. Netcat -sU -p 1-1024 <host(s.> 

D. Netcat -u -v -w2 <host> 1-1024 

E. Netcat -sS -O target/1024 

Answer:

Explanation: The proper syntax for a UDP scan using Netcat is "Netcat -u -v -w2 <host> 1-1024". 

Netcat is considered the Swiss-army knife of hacking tools because it is so versatile. 


Q100. DRAG DROP 

A Successfully Attack by a malicious hacker can divide into five phases, Match the order: 

Answer: