There is a great interactive forum at Pass4sure.org, you can visit this and chat with other candidates. There are in addition valuable paperwork or guidelines given by the former candidates who have handed the exam. Some of them have summarized the particular key points and feasible questions that you may encounter throughout the preparation. Make entire use of these great valued preparation materials. Take activities right currently and you can get access for your desired result shortly. Then you can via away the particular usefulness books and concentrate about the original EC-Council EC-Council exam demos through Pass4sure. Just continue to be at home and acquire your EC-Council certification since easy since possible.
2021 Oct 312-50 free draindumps
Q251. Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?
A. RSA, LSA, POP
B. SSID, WEP, Kerberos
C. SMB, SMTP, Smart card
D. Kerberos, Smart card, Stanford SRP
Answer: D
Explanation: Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer.
Q252. Which of the following encryption is not based on Block Cipher?
A. DES
B. Blowfish
C. AES
D. RC4
Answer: D
Explanation: RC4 (also known as ARC4 or ARCFOUR) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).
Topic 22, Penetration Testing Methodologies
556. Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate.
What would you call this kind of activity?
A. CI Gathering
B. Scanning
C. Dumpster Diving
D. Garbage Scooping
Answer: C
Q253. You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250.
Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?
A. 200-250
B. 121-371
C. 120-321
D. 121-231
E. 120-370
Answer: B
Explanation: Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121+250).
Q254. Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?
A. Use any ARP requests found in the capture
B. Derek can use a session replay on the packets captured
C. Derek can use KisMAC as it needs two USB devices to generate traffic
D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic
Answer: D
Explanation: By forcing the network to answer to a lot of ICMP messages you can gather enough packets to crack the WEP key.
Q255. Jim was having no luck performing a penetration test on his company’s network. He was running the test from home and had downloaded every security scanner he could lay his hands on. Despite knowing the IP range of all of the systems and the exact network configuration, Jim was unable to get any useful results. Why is Jim having these problems?
A. Security scanners can’t perform vulnerability linkage
B. Security Scanners are not designed to do testing through a firewall
C. Security Scanners are only as smart as their database and can’t find unpublished vulnerabilities
D. All of the above
Answer: D
Explanation: Security scanners are designed to find vulnerabilities but not to use them, also they will only find well known vulnerabilities that and no zero day exploits. Therefore you can’t use a security scanner for penetration testing but need a more powerful program.
Renew 312-50 pdf exam:
Q256. Which of the following is not an effective countermeasure against replay attacks?
A. Digital signatures
B. Time Stamps
C. System identification
D. Sequence numbers
Answer: C
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)
Q257. Vulnerability mapping occurs after which phase of a penetration test?
A. Host scanning
B. Passive information gathering
C. Analysis of host scanning
D. Network level discovery
Answer: C
Explanation: The order should be Passive information gathering, Network level discovery, Host scanning and Analysis of host scanning.
Q258. Exhibit:
Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?
A. har.txt
B. SAM file
C. wwwroot
D. Repair file
Answer: B
Explanation: He is actually trying to get the file har.txt but this file contains a copy of the SAM file.
Q259. Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox?
A. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access
B. By changing the mailbox's name in the URL, Kevin is attempting directory transversal
C. Kevin is trying to utilize query string manipulation to gain access to her email account
D. He is attempting a path-string attack to gain access to her mailbox
Answer: C
Q260. Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dumo.)
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400 . . .
05/20-17:06:58.685879 192.160.13.4:31337 -> 172.16.1.101:1024 TCP TTL:44 TOS:0x10 ID:242 ***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally valid.
D. There packets were created by a tool; they were not created by a standard IP stack.
Answer: B
Explanation: Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of ‘elite’, meaning ‘elite hackers’.