we provide Free EC-Council 312-50 exam fees which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!

Q231. Lyle is a systems security analyst for Gusteffson & Sons, a large law firm in Beverly Hills. Lyle's responsibilities include network vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a user in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the hard drive is almost full. Lyle runs a scan on the computer with the company antivirus software and finds nothing. Lyle downloads another free antivirus application and scans the computer again. This time a virus is found on the computer. The infected files appear to be Microsoft Office files since they are in the same directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer? 

A. This type of virus that Lyle has found is called a cavity virus. 

B. Lyle has discovered a camouflage virus on the computer. 

C. By using the free antivirus software, Lyle has found a tunneling virus on the computer. 

D. Lyle has found a polymorphic virus on this computer 

Answer: C


Q232. Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets? 

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg: "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) alert 

A. The payload of 485 is what this Snort signature will look for. 

B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload. 

C. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged. 

D. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged. 

Answer: B


Q233. This is an example of whois record. 

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers) 

A. Search engines like Google, Bing will expose information listed on the WHOIS record 

B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record 

C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record 

D. IRS Agents will use this information to track individuals using the WHOIS record information 

Answer: BC


Q234. A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database? 

A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database 

B. An attacker submits user input that executes an operating system command to compromise a target system 

C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access 

D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database 

Answer: A

Explanation: Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack. 


Q235. Jim’s Organization just completed a major Linux roll out and now all of the organization’s systems are running Linux 2.5 Kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ, which built-in functionality of Linux can achieve this? 

A. IP ICMP 

B. IP Sniffer 

C. IP tables 

D. IP Chains 

Answer: C

Explanation: iptables is the name of the user space tool by which administrators create rules for the packet filtering and NAT modules. While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself. iptables is a standard part of all modern Linux distributions. 


Q236. Which type of attack is port scanning? 

A. Web server attack 

B. Information gathering 

C. Unauthorized access 

D. Denial of service attack 

Answer: B


Q237. Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment. Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it. What kind of Denial of Service attack was best illustrated in the scenario above? 

A. DOS attacks which involves flooding a network or system 

B. DOS attacks which involves crashing a network or system 

C. DOS attacks which is done accidentally or deliberately 

D. Simple DDOS attack 

Answer: B

Explanation: This is not a DDOS, there is only one person involved as attacker 


Q238. You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this? 

GET /scripts/root.exe?/c+dir GET /MSADC/root.exe?/c+dir GET /c/winnt/system32/cmd.exe?/c+dir GET /d/winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /msadc/..%5c../..%5c../..%5c/..xc1x1c../..xc1x1c../..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc0/../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc0xaf../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x9c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir 

A. The Morris worm 

B. The PIF virus 

C. Trinoo 

D. Nimda 

E. Code Red 

F. Ping of Death 

Answer: D

Explanation: The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS. 


Q239. An attacker runs netcat tool to transfer a secret file between two hosts. 

Machine A: netcat -1 –p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234 

He is worried about information being sniffed on the network. 

How would the attacker use netcat to encrypt information before transmitting it on the wire? 

A. Machine A: netcat -1 –p –s password 1234 < testfile Machine B: netcat <machine A IP> 1234 

B. Machine A: netcat -1 –e magickey –p 1234 < testfile Machine B: netcat <machine A IP> 1234 

C. Machine A: netcat -1 –p 1234 < testfile –pw password Machine B: netcat <machine A IP> 1234 –pw password 

D. Use cryptcat instead of netcat. 

Answer: D

Explanation: Cryptcat is the standard netcat enhanced with twofish encryption with ports for WIndows NT, BSD and Linux. Twofish is courtesy of counterpane, and cryptix. A default netcat installation does not contain any cryptography support. 


Q240. Which is the right sequence of packets sent during the initial TCP three way handshake? 

A. FIN, FIN-ACK, ACK 

B. SYN, URG, ACK 

C. SYN, ACK, SYN-ACK 

D. SYN, SYN-ACK, ACK 

Answer: D

Explanation: A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.