Download of 312-50 exam fees materials and cram for EC-Council certification for IT specialist, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!

Q291. What are the six types of social engineering?(Choose six). 

A. Spoofing 

B. Reciprocation 

C. Social Validation 

D. Commitment 

E. Friendship 

F. Scarcity 

G. Authority 

H. Accountability 

Answer: BCDEFG

Explanation: All social engineering is performed by taking advantage of human nature. For in-depth information on the subject review, read Robert Cialdini's book, Influence: Science and Practice. 


Q292. You have initiated an active operating system fingerprinting attempt with nmap against a target system: 

[root@ceh NG]# /usr/local/bin/nmap -sT -O 10.0.0.1 

Starting nmap 3.28 ( www.insecure.org/nmap/) at 2003-06-18 19:14 IDT Interesting ports on 10.0.0.1: (The 1628 ports scanned but not shown below are in state: closed) Port State Service 21/tcp filtered ftp 22/tcp filtered ssh 25/tcp open smtp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 389/tcp open LDAP 443/tcp open https 465/tcp open smtps 1029/tcp open ms-lsa 1433/tcp open ms-sql-s 2301/tcp open compaqdiag 5555/tcp open freeciv 

5800/tcp open vnc-http 

5900/tcp open vnc 

6000/tcp filtered X11 

Remote operating system guess: Windows XP, Windows 2000, NT4 or 95/98/98SE Nmap run completed -- 1 IP address (1 host up) scanned in 3.334 seconds 

Using its fingerprinting tests nmap is unable to distinguish between different groups of Microsoft based operating systems - Windows XP, Windows 2000, NT4 or 95/98/98SE. 

What operating system is the target host running based on the open ports shown above? 

A. Windows XP 

B. Windows 98 SE 

C. Windows NT4 Server 

D. Windows 2000 Server 

Answer:

Explanation: The system is reachable as an active directory domain controller (port 389, LDAP) 


Q293. What techniques would you use to evade IDS during a Port Scan? (Select 4 answers) 

A. Use fragmented IP packets 

B. Spoof your IP address when launching attacks and sniff responses from the server 

C. Overload the IDS with Junk traffic to mask your scan 

D. Use source routing (if possible) 

E. Connect to proxy servers or compromised Trojaned machines to launch attacks 

Answer: ABDE


Q294. You receive an email with the following message: 

Hello Steve, 

We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password. http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services. Sincerely, Technical Support SuperEmailServices 

From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt: 

Ping 0xde.0xad.0xbe.0xef 

You get a response with a valid IP address. 

What is the obstructed IP address in the e-mail URL? 

A. 222.173.190.239 

B. 233.34.45.64 

C. 54.23.56.55 

D. 199.223.23.45 

Answer: A

Explanation: 0x stands for hexadecimal and DE=222, AD=173, BE=190 and EF=239 


Q295. In Linux, the three most common commands that hackers usually attempt to Trojan are: 

A. car, xterm, grep 

B. netstat, ps, top 

C. vmware, sed, less 

D. xterm, ps, nc 

Answer: B

Explanation: The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html 


Q296. _____ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer 

A. Steganography 

B. Merge Streams 

C. NetBIOS vulnerability 

D. Alternate Data Streams 

Answer:

Explanation: ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream. 


Q297. If you perform a port scan with a TCP ACK packet, what should an OPEN port return? 

A. RST 

B. No Reply 

C. SYN/ACK 

D. FIN 

Answer:

Explanation: Open ports return RST to an ACK scan. 


Q298. How do you defend against ARP Poisoning attack? (Select 2 answers) A. Enable DHCP Snooping Binding Table 

B. Restrict ARP Duplicates 

C. Enable Dynamic ARP Inspection 

D. Enable MAC snooping Table 

Answer: AC


Q299. Which Steganography technique uses Whitespace to hide secret messages? 

A. snow 

B. beetle 

C. magnet 

D. cat 

Answer: A


Q300. Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine. 

How would you detect IP spoofing? 

A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet 

B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet 

C. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed 

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet 

Answer: D