Your success in EC-Council 312-50 is our sole target and we develop all our 312-50 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50 study material the best you can find, it is also the most detailed and the most updated. 312-50 Practice Exams for EC-Council 312-50 are written to the highest standards of technical accuracy.

Q441. What port number is used by LDAP protocol? 

A. 110 

B. 389 

C. 445 

D. 464 

Answer:

Explanation: Active Directory and Exchange use LDAP via TCP port 389 for clients. 


Q442. Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage. 

What Google search will accomplish this? 

A. related:intranet allinurl:intranet:"human resources" 

B. cache:"human resources" inurl:intranet(SharePoint) 

C. intitle:intranet inurl:intranet+intext:"human resources" 

D. site:"human resources"+intext:intranet intitle:intranet 

Answer: C


Q443. Vulnerability mapping occurs after which phase of a penetration test? 

A. Host scanning 

B. Passive information gathering 

C. Analysis of host scanning 

D. Network level discovery 

Answer: C

Explanation: The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning. 


Q444. Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers. 

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers. 

A. Hardware, Software, and Sniffing. 

B. Hardware and Software Keyloggers. 

C. Passwords are always best obtained using Hardware key loggers. 

D. Software only, they are the most effective. 

Answer: A

Explanation: Different types of keylogger planted into the environment would retrieve the passwords for Bob.. 


Q445. Bob is conducting a password assessment for one of his clients. Bob suspects that password policies are not in place and weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weakness and key loggers. What are the means that Bob can use to get password from his client hosts and servers? 

A. Hardware, Software and Sniffing 

B. Hardware and Software Keyloggers 

C. Software only, they are the most effective 

D. Passwords are always best obtained using Hardware key loggers 

Answer:

Explanation: All loggers will work as long as he has physical access to the computers. 

Topic 8, Denial of Service 

275. The evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is attempting to perform? 

A. Syn flood 

B. Smurf 

C. Ping of death 

D. Fraggle 

Answer:

Reference: http://insecure.org/sploits/ping-o-death.html 


Q446. What is the default Password Hash Algorithm used by NTLMv2? 

A. MD4 

B. DES 

C. SHA-1 

D. MD5 

Answer: D


Q447. Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks? 

A. Port Security 

B. Switch Mapping 

C. Port Reconfiguring 

D. Multiple Recognition 

Answer: A

Explanation: With Port Security the switch will keep track of which ports are allowed to send traffic on a port. 


Q448. After an attacker has successfully compromised a remote computer, what would be one of the last steps that would be taken to ensure that the compromise is not traced back to the source of the problem? 

A. Install pactehs 

B. Setup a backdoor 

C. Cover your tracks 

D. Install a zombie for DDOS 

Answer:

Explanation: As a hacker you don’t want to leave any traces that could lead back to you. 


Q449. What happens during a SYN flood attack? 

A. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports. 

B. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination. 

C. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field. 

D. A TCP packet is received with both the SYN and the FIN bits set in the flags field. 

Answer: A

Explanation: To a server that requires an exchange of a sequence of messages. The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending a SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message and then data can be exchanged. At the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message, there is a half-open connection. A data structure describing all pending connections is in memory of the server that can be made to overflow by intentionally creating too many partially open connections. Another common attack is the SYN flood, in which a target machine is flooded with TCP connection requests. The source addresses and source TCP ports of the connection request packets are randomized; the purpose is to force the target host to maintain state information for many connections that will never be completed. SYN flood attacks are usually noticed because the target host (frequently an HTTP or SMTP server) becomes extremely slow, crashes, or hangs. It's also possible for the traffic returned from the target host to cause trouble on routers; because this return traffic goes to the randomized source addresses of the original packets, it lacks the locality properties of "real" IP traffic, and may overflow route caches. On Cisco routers, this problem often manifests itself in the router running out of memory.