Actualtests 312-50 Questions are updated and all 312-50 answers are verified by experts. Once you have completely prepared with our 312-50 exam prep kits you will be ready for the real 312-50 exam without a problem. We have Improve EC-Council 312-50 dumps study guide. PASSED 312-50 First attempt! Here What I Did.

Q1. Ethereal works best on ____________. 

A. Switched networks 

B. Linux platforms 

C. Networks using hubs 

D. Windows platforms 

E. LAN's 

Answer: C

Explanation: Ethereal is used for sniffing traffic. It will return the best results when used on an unswitched (i.e. hub. network. 


Q2. In this attack, a victim receives an e-mail claiming from PayPal stating that their account has been disabled and confirmation is required before activation. The attackers then scam to collect not one but two credit card numbers, ATM PIN number and other personal details. 

Ignorant users usually fall prey to this scam. Which of the following statement is incorrect related to this attack? 

A. Do not reply to email messages or popup ads asking for personal or financial information 

B. Do not trust telephone numbers in e-mails or popup ads 

C. Review credit card and bank account statements regularly 

D. Antivirus, anti-spyware, and firewall software can very easily detect these type of attacks 

E. Do not send credit card numbers, and personal or financial information via e-mail 

Answer: A


Q3. An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news. 

This is another great example that some people do not know what URL's are. Real website: Fake website: http://www.zuckerjournals.com 

The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com 

How would you verify if a website is authentic or not? 

A. Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity 

B. Navigate to the site by visiting various blogs and forums for authentic links 

C. Enable Cache on your browser and lookout for error message warning on the screen 

D. Visit the site by clicking on a link from Google search engine 

Answer: D


Q4. Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing. 

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two) 

A. Ethernet Zapping 

B. MAC Flooding 

C. Sniffing in promiscuous mode 

D. ARP Spoofing 

Answer: BD

Explanation: In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). 


Q5. What is the proper response for a NULL scan if the port is closed? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: Closed ports respond to a NULL scan with a reset. 


Q6. You have been using the msadc.pl attack script to execute arbitrary commands on an NT4 web server. While it is effective, you find it tedious to perform extended functions. On further research you come across a perl script that runs the following msadc functions: 

What kind of exploit is indicated by this script? 

A. A buffer overflow exploit. 

B. A SUID exploit. 

C. A SQL injection exploit. 

D. A chained exploit. 

E. A buffer under run exploit. 

Answer: D


Q7. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? 

A. Network aliasing 

B. Domain Name Server (DNS) poisoning 

C. Reverse Address Resolution Protocol (ARP) 

D. Port scanning 

Answer: B

This reference is close to the one listed DNS poisoning is the correct answer. 

This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning. 


Q8. ou are gathering competitive intelligence on ABC.com. You notice that they have jobs 

listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization? 

A. The IP range used by the target network 

B. An understanding of the number of employees in the company 

C. How strong the corporate security policy is 

D. The types of operating systems and applications being used. 

Answer: D

Explanation: From job posting descriptions one can see which is the set of skills, technical knowledge, system experience required, hence it is possible to argue what kind of operating systems and applications the target organization is using.