Proper study guides for Improve EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the 100% Guarantee 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.

2021 Oct 312-50 practice question

Q271. A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service. 

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus. 


Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments. 

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail. 

How do you ensure if the e-mail is authentic and sent from fedex.com? 

A. Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all 

B. Check the Sender ID against the National Spam Database (NSD) 

C. Fake mail will have spelling/grammatical errors 

D. Fake mail uses extensive images, animation and flash content 

Answer: A


Q272. What are twp types of ICMP code used when using the ping command? 

A. It uses types 0 and 8. 

B. It uses types 13 and 14. 

C. It uses types 15 and 17. 

D. The ping command does not use ICMP but uses UDP. 

Answer: A

Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo 


Q273. Which of the following activities will NOT be considered as passive footprinting? 

A. Go through the rubbish to find out any information that might have been discarded. 

B. Search on financial site such as Yahoo Financial to identify assets. 

C. Scan the range of IP address found in the target DNS database. 

D. Perform multiples queries using a search engine. 

Answer: C

Explanation: Passive footprinting is a method in which the attacker never makes contact with the target systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the systems behind the IP addresses that is targeted by the scan. 


Q274. You just purchased the latest DELL computer, which comes pre-installed with Windows XP, McAfee antivirus software and a host of other applications. You want to connect Ethernet wire to your cable modem and start using the computer immediately. 

Windows is dangerously insecure when unpacked from the box, and there are a few things that you must do before you use it. 

A. New Installation of Windows Should be patched by installation the latest service packs and hotfixes 

B. Enable “guest” account 

C. Install a personal firewall and lock down unused ports from connecting to your computer 

D. Install the latest signatures for Antivirus software 

E. Configure “Windows Update” to automatic 

F. Create a non-admin user with a complex password and login to this account 

Answer: ACDEF

Explanation: The guest account is a possible vulnerability to your system so you should not enable it unless needed. Otherwise you should perform all other actions mentioned in order to have a secure system. 


Topic 23, Mixed Questions 

566. One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3. 

In the list below which of the choices represent the level that forces NetWare to sign all packets? 

A. 0 (zero) 

B. 1 

C. 2 

D. 3 

Answer: D

Explanation: 0Server does not sign packets (regardless of the client level). 

1Server signs packets if the client is capable of signing (client level is 2 or higher). 

2Server signs packets if the client is capable of signing (client level is 1 or higher). 

3Server signs packets and requires all clients to sign packets or logging in will fail. 


Q275. Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices, which would otherwise be unable to communicate a means to notify administrators of problems or performance. 


What default port Syslog daemon listens on? 

A. 242 

B. 312 

C. 416 

D. 514 

Answer: D


312-50 pdf exam

Leading 312-50 free practice questions:

Q276. Which of the following snort rules look for FTP root login attempts? 

A. alert tcp -> any port 21 (msg:"user root";) 

B. alert tcp -> any port 21 (message:"user root";) 

C. alert ftp -> ftp (content:"user password root";) 

D. alert tcp any any -> any any 21 (content:"user root";) 

Answer: D

Explanation: The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:”user root”;) 


Q277. On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner? 

A. Use "Is" 

B. Use "lsof" 

C. Use "echo" 

D. Use "netstat" 

Answer: B

Explanation: lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several UNIX flavors. 


Q278. Which of the following best describes Vulnerability? 

A. The loss potential of a threat 

B. An action or event that might prejudice security 

C. An agent that could take advantage of a weakness 

D. A weakness or error that can lead to compromise 

Answer: D

Explanation: A vulnerability is a flaw or weakness in system security procedures, design or implementation that could be exercised (accidentally triggered or intentionally exploited) and result in a harm to an IT system or activity. 


Q279. This TCP flag instructs the sending system to transmit all buffered data immediately. 

A. SYN 

B. RST 

C. PSH 

D. URG 

E. FIN 

Answer: C


Q280. Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database? 

A. Jimmy can submit user input that executes an operating system command to compromise a target system 

B. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system 

C. Jimmy can utilize an incorrect configuration that leads to access with higher-than-expected privilege of the database 

D. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access 

Answer: B

Explanation: SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.