It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Pass4sure soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Renovate Ethical Hacking and Countermeasures (CEHv6) practice guides.

Q161. What is the command used to create a binary log file using tcpdump? 

A. tcpdump -r log 

B. tcpdump -w ./log 

C. tcpdump -vde -r log 

D. tcpdump -l /var/log/ 

Answer: B

Explanation: tcpdump [ -adeflnNOpqStvx ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ] 

-w Write the raw packets to file rather than parsing and printing them out. 


Q162. During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces? 

A. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses. 

B. Send your attack traffic and look for it to be dropped by the IDS. 

C. Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network. 

D. The sniffing interface cannot be detected. 

Answer: D

Explanation: When a Nic is set to Promiscuous mode it just blindly takes whatever comes through to it network interface and sends it to the Application layer. This is why they are so hard to detect. Actually you could use ARP requests and Send them to every pc and the one which responds to all the requests can be identified as a NIC on Promiscuous mode and there are some very special programs that can do this for you. But considering the alternatives in the question the right answer has to be that the interface cannot be detected. 


Q163. An attacker runs netcat tool to transfer a secret file between two hosts. 

Machine A: netcat -l -p 1234 < secretfile 

Machine B: netcat 192.168.3.4 > 1234 

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire? 

A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234 

B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234 

C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password 

D. Use cryptcat instead of netcat 

Answer: D

Explanation: Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption. 


Q164. After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledge (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen and then opens a second connection from a forget IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP Address is used for authentication, the attacker can use the one-side communication to break into the server. 

What attacks can you successfully launch against a server using the above technique? 

A. Session Hijacking attacks 

B. Denial of Service attacks 

C. Web Page defacement attacks 

D. IP Spoofing Attacks 

Answer: A

Explanation: The term Session Hijacking refers to the exploitation of a valid computer session -sometimes also called a session key - to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. 

Topic 11, Hacking Web Servers 


Q165. What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system? 

A. Blind Port Scanning 

B. Idle Scanning 

C. Bounce Scanning 

D. Stealth Scanning 

E. UDP Scanning 

Answer: B

Explanation: from NMAP:-sI <zombie host[:probeport]> Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable "IP fragmentation ID" sequence generation onthe zombie host to glean information about the open ports on the target. 


Q166. You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. 

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results? 

A. Online Attack 

B. Dictionary Attack 

C. Brute Force Attack 

D. Hybrid Attack 

Answer: D

Explanation: A dictionary attack will not work as strong passwords are enforced, also the minimum length of 8 characters in the password makes a brute force attack time consuming. A hybrid attack where you take a word from a dictionary and exchange a number of letters with numbers and special characters will probably be the fastest way to crack the passwords. 


Q167. Which Type of scan sends a packets with no flags set ? 

Select the Answer 

A. Open Scan 

B. Null Scan 

C. Xmas Scan 

D. Half-Open Scan 

Answer:

Explanation: 

The types of port connections supported are: 


Q168. A Buffer Overflow attack involves: 

A. Using a trojan program to direct data traffic to the target host's memory stack 

B. Flooding the target network buffers with data traffic to reduce the bandwidth available to legitimate users 

C. Using a dictionary to crack password buffers by guessing user names and passwords 

D. Poorly written software that allows an attacker to execute arbitrary code on a target system 

Answer: D

Explanation: B is a denial of service. By flooding the data buffer in an application with trash you could get access to write in the code segment in the application and that way insert your own code. 


Q169. Sandra is the security administrator of ABC.com. One day she notices that the ABC.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. 

Which organization coordinates computer crime investigations throughout the United States? 

A. NDCA 

B. NICP 

C. CIRP 

D. NPC 

E. CIA 

Answer: D


Q170. What is the proper response for a X-MAS scan if the port is open? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: Closed ports respond to a X-MAS scan by ignoring the packet.