Vivid of 312-50 exam question materials and dumps for EC-Council certification for candidates, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!

Q9. To scan a host downstream from a security gateway, Firewalking: 

A. Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets 

B. Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway 

C. Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment. 

D. Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway 

Answer: B

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 


Q10. You want to scan the live machine on the LAN, what type of scan you should use? 

A. Connect 

B. SYN 

C. TCP 

D. UDP 

E. PING 

Answer: E

Explanation: The ping scan is one of the quickest scans that nmap performs, since no actual ports are queried. Unlike a port scan where thousands of packets are transferred between two stations, a ping scan requires only two frames. This scan is useful for locating active devices or determining if ICMP is passing through a firewall. 


Q11. Which of the following is most effective against passwords ? 

Select the Answer: 

A. Dictionary Attack 

B. BruteForce attack 

C. Targeted Attack 

D. Manual password Attack 

Answer: B

Explanation: The most effective means of password attack is brute force, in a brute force attack the program will attempt to use every possible combination of characters. While this takes longer then a dictionary attack, which uses a text file of real words, it is always capable of breaking the password. 


Q12. ou have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming. 

Which command would you execute to extract the Trojan to a standalone file? 

A. c:\> type readme.txt:virus.exe > virus.exe 

B. c:\> more readme.txt | virus.exe > virus.exe 

C. c:\> cat readme.txt:virus.exe > virus.exe 

D. c:\> list redme.txt$virus.exe > virus.exe 

Answer: C

Explanation: cat will concatenate, or write, the alternate data stream to its own file named virus.exe 


Q13. What techniques would you use to evade IDS during a Port Scan? (Select 4 answers) 

A. Use fragmented IP packets 

B. Spoof your IP address when launching attacks and sniff responses from the server 

C. Overload the IDS with Junk traffic to mask your scan 

D. Use source routing (if possible) 

E. Connect to proxy servers or compromised Trojaned machines to launch attacks 

Answer: ABDE


Q14. Eve decides to get her hands dirty and tries out a Denial of Service attack that is relatively new to her. This time she envisages using a different kind of method to attack Brownies Inc. Eve tries to forge the packets and uses the broadcast address. She launches an attack similar to that of fraggle. What is the technique that Eve used in the case above? 

A. Smurf 

B. Bubonic 

C. SYN Flood 

D. Ping of Death 

Answer: A

Explanation: A fraggle attack is a variation of the smurf attack for denial of service in which the attacker sends spoofed UDP packets instead of ICMP echo reply (ping) packets to the broadcast address of a large network. 


Q15. Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.) 

A. Identifies the wireless network 

B. Acts as a password for network access 

C. Should be left at the factory default setting 

D. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools 

Answer: AB


Q16. A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate? 

A. The system has crashed 

B. A buffer overflow attack has been attempted 

C. A buffer overflow attack has already occurred 

D. A firewall has been breached and this is logged 

E. An intrusion detection system has been triggered 

Answer: B

Explanation: Terminator Canaries are based on the observation that most buffer overflows and stack smash attacks are based on certain string operations which end at terminators. The reaction to this observation is that the canaries are built of NULL terminators, CR, LF, and -1. The undesirable result is that the canary is known.