Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.

2021 Apr 312-50 free download

Q91. What are the differences between SSL and S-HTTP? 

A. SSL operates at the network layer and S-HTTP operates at the application layer 

B. SSL operates at the application layer and S-HTTP operates at the network layer 

C. SSL operates at the transport layer and S-HTTP operates at the application layer 

D. SSL operates at the application layer and S-HTTP operates at the transport layer 

Answer: C

Explanation: The main difference between the protocols is the layer at which they operate. SSL operates at the transport layer and mimics the "socket library," while S-HTTP operates at the application layer. Encryption of the transport layer allows SSL to be application-independent, while S-HTTP is limited to the specific software implementing it. The protocols adopt different philosophies towards encryption as well, with SSL encrypting the entire communications channel and S-HTTP encrypting each message independently. 


Q92. John has a proxy server on his network which caches and filters web access. He shuts down all unnecessary ports and services. Additionally, he has installed a firewall (Cisco PIX) that will not allow users to connect to any outbound ports. Jack, a network user has successfully connected to a remote server on port 80 using netcat. He could in turn drop a shell from the remote machine. Assuming an attacker wants to penetrate John's network, which of the following options is he likely to choose? 

A. Use ClosedVPN 

B. Use Monkey shell 

C. Use reverse shell using FTP protocol 

D. Use HTTPTunnel or Stunnel on port 80 and 443 

Answer: D

Explanation: As long as you allow http or https traffic attacks can be tunneled over those protocols with Stunnel or HTTPTunnel. 


Q93. Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored. 

Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it. 

What should Stephanie use so that she does not get in trouble for surfing the Internet? 

A. Cookie Disabler 

B. Stealth Anonymizer 

C. Stealth Firefox 

D. Stealth IE 

Answer: C

Explanation: Stealth Firefox If there are times you want to surf the web without leaving a trace in your local computer, then this is the right extension for you. https://addons.mozilla.org/en-US/firefox/addon/1306 


Q94. Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database? 

A. Jimmy can submit user input that executes an operating system command to compromise a target system 

B. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system 

C. Jimmy can utilize an incorrect configuration that leads to access with higher-than-expected privilege of the database 

D. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access 

Answer: B

Explanation: SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. 


Q95. What does the following command achieve? 

Telnet <IP Address> <Port 80> 

HEAD /HTTP/1.0 

<Return> 

<Return> 

A. This command returns the home page for the IP address specified 

B. This command opens a backdoor Telnet session to the IP address specified 

C. This command returns the banner of the website specified by IP address 

D. This command allows a hacker to determine the sites security 

E. This command is bogus and will accomplish nothing 

Answer: C

Explanation: This command is used for banner grabbing. Banner grabbing helps identify the service and version of web server running. 


Updated 312-50 download:

Q96. What is the following command used for? 

net use \targetipc$ "" /u:"" 

A. Grabbing the etc/passwd file 

B. Grabbing the SAM 

C. Connecting to a Linux computer through Samba. 

D. This command is used to connect as a null session 

E. Enumeration of Cisco routers 

Answer:

Explanation: The null session is one of the most debilitating vulnerabilities faced by Windows. 

Null sessions can be established through port 135, 139, and 445. 


Q97. All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ? 

A. They are all Windows based webserver 

B. They are all Unix based webserver 

C. The company is not using IDS 

D. The company is not using a stateful firewall 

Answer: D

Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK. 


Q98. Attackers target HINFO record types stored on a DNS server to enumerate information. These are information records and potential source for reconnaissance. A network administrator has the option of entering host information specifically the CPU type and operating system when creating a new DNS record. An attacker can extract this type of information easily from a DNS server. 

Which of the following commands extracts the HINFO record? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: A


Q99. XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities. 

What is the correct code when converted to html entities? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: D


Q100. Annie has just succeeded is stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible? 

A. Any Cookie can be replayed irrespective of the session status 

B. The scenario is invalid as a secure cookie can’t be replayed 

C. It works because encryption is performed at the network layer (layer 1 encryption) 

D. It works because encryption is performed at the application layer (Single Encryption Key) 

Answer: D

Explanation: Single key encryption (conventional cryptography) uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible.