Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Far out EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.

2021 Mar 312-50 free exam

Q411. You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as? 

A. Footprinting 

B. Firewalking 

C. Enumeration 

D. Idle scanning 

Answer: B

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 


Q412. You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this? 

A. copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt 

B. copy secret.txt c:\windows\system32\tcpip.dll:secret.txt 

C. copy secret.txt c:\windows\system32\tcpip.dll |secret.txt 

D. copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt 

Answer: B


Q413. Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field: 

SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%' 

What will the SQL statement accomplish? 

A. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin 

B. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com 

C. This Select SQL statement will log James in if there are any users with NULL passwords 

D. James will be able to see if there are any default user accounts in the SQL database 

Answer: A


Q414. This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do. 

A. UDP Scanning 

B. IP Fragment Scanning 

C. Inverse TCP flag scanning 

D. ACK flag scanning 

Answer: B


Q415. LAN Manager passwords are concatenated to 14 bytes and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always: 

A. 0xAAD3B435B51404EE 

B. 0xAAD3B435B51404AA 

C. 0xAAD3B435B51404BB 

D. 0xAAD3B435B51404CC 

Answer: A

Explanation: A problem with LM stems from the total lack of salting or cipher block chaining in the hashing process. To hash a password the first 7 bytes of it are transformed into an 8 byte odd parity DES key. This key is used to encrypt the 8 byte string "KGS!@". Same thing happens with the second part of the password. This lack of salting creates two interesting consequences. Obviously this means the password is always stored in the same way, and just begs for a typical lookup table attack. The other consequence is that it is easy to tell if a password is bigger than 7 bytes in size. If not, the last 7 bytes will all be null and will result in a constant DES hash of 0xAAD3B435B51404EE. 


Abreast of the times 312-50 torrent:

Q416. What type of session hijacking attack is shown in the exhibit? 

A. Session Sniffing Attack 

B. Cross-site scripting Attack 

C. SQL Injection Attack 

D. Token sniffing Attack 

Answer: A


Q417. How do you defend against ARP spoofing? 

A. Place static ARP entries on servers, workstation and routers 

B. True IDS Sensors to look for large amount of ARP traffic on local subnets 

C. Use private VLANS 

D. Use ARPWALL system and block ARP spoofing attacks 

Answer: ABC 

Explanation: ARPWALL is a opensource tools will give early warning when arp attack occurs. 

This tool is still under construction. 


Q418. RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured. 

What is the most likely cause behind this? 

A. There are some flaws in the implementation. 

B. There is no key management. 

C. The IV range is too small. 

D. All of the above. 

E. None of the above. 

Answer: D

Explanation: Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets. Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed. 


Q419. Central Frost Bank was a medium-sized, regional financial institution in New York. The bank recently deployed a new Internet-accessible Web application. Using this application, Central Frost's customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business through a Web browser. John Stevens was in charge of information security at Central Frost Bank. After one month in production, the Internet banking application was the subject of several customer complaints. Mysteriously, the account balances ofmany of Central Frost's customers had been changed! However, moneyhadn't been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries: 

Attempted login of unknown user: johnm Attempted login of unknown user: susaR Attempted login of unknown user: sencat Attempted login of unknown user: pete'' Attempted login of unknown user: ' or 1=1--Attempted login of unknown user: ' drop table logins--Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x9062757944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike 

What type of attack did the Hacker attempt? 

A. Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools. 

B. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability. 

C. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID. 

D. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session. 

Answer: C

Explanation: The 1=1 or drop table logins are attempts at SQL injection. 


Q420. You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address. 

What can be inferred from this output? 

1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv.cox.net 

(68.100.0.1) 16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 12.933 ms 20.938 ms 

5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms 6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms 8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0-gar1.NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 17.938 ms 10 so-4-0-0.edge1.NewYork1.Level3.net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-oc48.NewYork1.Level3.net (209.244.160.12) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78) 21.203 ms 22.670 ms 20.11 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms 23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 38.894 ms 33.244 33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms 49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.NET (152.63.101.41) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 53.647 ms 18 example-gwl.customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 56.855 ms 19 www.ABC.com (65.195.239.22) 52.191 ms 52.571 ms 56.855 ms 20 www.ABC.com (65.195.239.22) 53.561 ms 54.121 ms 58.333 ms 

A. An application proxy firewall 

B. A stateful inspection firewall 

C. A host based IDS 

D. A Honeypot 

Answer: B