It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Renewal Ethical Hacking and Countermeasures (CEHv6) practice guides.

2021 Mar 312-50 real exam

Q101. You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123. 

Here is the output of your scan results: 

Which of the following nmap command did you run? 

A. nmap -A -sV -p21,110,123 10.0.0.5 

B. nmap -F -sV -p21,110,123 10.0.0.5 

C. nmap -O -sV -p21,110,123 10.0.0.5 

D. nmap -T -sV -p21,110,123 10.0.0.5 

Answer: C


Q102. An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. 

What is the most probable reason? 

A. The firewall is blocking port 23 to that system. 

B. He cannot spoof his IP and successfully use TCP. 

C. He needs to use an automated tool to telnet in. 

D. He is attacking an operating system that does not reply to telnet even when open. 

Answer:

Explanation: Spoofing your IP will only work if you don’t need to get an answer from the target system. In this case the answer (login prompt) from the telnet session will be sent to the “real” location of the IP address that you are showing as the connection initiator. 


Q103. Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data? 

A. Spoof Attack 

B. Smurf Attack 

C. Man in the Middle Attack 

D. Trojan Horse Attack 

E. Back Orifice Attack 

Answer: DE

Explanation: To compromise the data, the attack would need to be executed before the encryption takes place at either end of the tunnel. Trojan Horse and Back Orifice attacks both allow for potential data manipulation on host computers. In both cases, the data would be compromised either before encryption or after decryption, so IPsec is not preventing the attack. 


Q104. Consider the following code: 

If an attacker can trick a victim user to click a link like this and the web application does not validate input, then the victim’s browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page or redirecting the user to another web site. 

What is the countermeasure against XSS scripting? 

A. Create an IP access list and restrict connections based on port number 

B. Replace “<” and “>” characters with ?lt; and ?gt; using server scripts 

C. Disable Javascript in IE and Firefox browsers 

D. Connect to the server using HTTPS protocol instead of HTTP 

Answer: B

Explanation: The correct answer contains a string which is an HTML-quoted version of the original script. The quoted versions of these characters will appear as literals in a browser, rather than with their special meaning as HTML tags. This prevents any script from being injected into HTML output, but it also prevents any user-supplied input from being formatted with benign HTML. 

Topic 13, Web Based Password Cracking Techniques 


Q105. You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible. 

Which kind of scan would you use to achieve this? (Choose the best answer) 

A. Nessus scan with TCP based pings. 

B. Nmap scan with the –sP (Ping scan) switch. 

C. Netcat scan with the –u –e switches. 

D. Nmap with the –sO (Raw IP packets) switch. 

Answer: D

Explanation: Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified. 


Renewal 312-50 test:

Q106. The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination. 

The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination. 

How would you overcome the Firewall restriction on ICMP ECHO packets? 

A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters. 

B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters. 

C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters. 

D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command 

E. \> JOHNTHETRACER www.eccouncil.org -F -evade 

Answer: A


Q107. Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. 

He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out any vulnerabilities. What are some common vulnerabilities in web applications that he should be concerned about? 

A. Non-validated parameters, broken access control, broken account and session management, cross-side scripting and buffer overflows are just a few common vulnerabilities 

B. No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities 

C. Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities 

D. No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities 

Answer: A


Q108. This TCP flag instructs the sending system to transmit all buffered data immediately. 

A. SYN 

B. RST 

C. PSH 

D. URG 

E. FIN 

Answer: C


Q109. What is the proper response for a FIN scan if the port is closed? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

Answer:

Explanation: Closed ports respond to a FIN scan with a RST. 


Q110. Which of the following are potential attacks on cryptography? (Select 3) 

A. One-Time-Pad Attack 

B. Chosen-Ciphertext Attack 

C. Man-in-the-Middle Attack 

D. Known-Ciphertext Attack 

E. Replay Attack 

Answer: BCE

Explanation: A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed "lunchtime" or "midnight" attacks, referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).