If you are one of the candidates for the pursuing EC-Council EC-Council 312-50 real analyze, Testking.com will be definitely the most effective place for the EC-Council exam preparation. Our customers before you speak highly in the EC-Council EC-Council exam dumps. They deal with all the topics that will appear inside the EC-Council 312-50 actual exam. The actual EC-Council EC-Council practice questions, along with thorough answers, are not simply beneficial towards the EC-Council certification exam but in addition conducive to your place of work work.

2021 Oct 312-50 training

Q101. Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys 

Which step would you perform to detect this type of Trojan? 


A. Scan for suspicious startup programs using msconfig 

B. Scan for suspicious network activities using Wireshark 

C. Scan for suspicious device drivers in c:\windows\system32\drivers 

D. Scan for suspicious open ports using netstat 

Answer: C


Q102. What does a type 3 code 13 represent?(Choose two. 

A. Echo request 

B. Destination unreachable 

C. Network unreachable 

D. Administratively prohibited 

E. Port unreachable 

F. Time exceeded 

Answer: BD

Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port. 


Q103. One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker source IP address. 

You send a ping request to the broadcast address 192.168.5.255. 

[root@ceh/root]# ping -b 192.168.5.255 WARNING: pinging broadcast address PING 192.168.5.255 (192.168.5.255) from 192.168.5.1 : 56(84) bytes of data. 64 bytes from 192.168.5.1: icmp_seq=0 ttl=255 time=4.1 ms 64 bytes from 192.168.5.5: icmp_seq=0 ttl=255 time=5.7 ms 

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why? 

A. You cannot ping a broadcast address. The above scenario is wrong. 

B. You should send a ping request with this command ping 192.168.5.0-255 

C. Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address. 

D. Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address. 

Answer: D

Explanation: As stated in the correct option, Microsoft Windows does not handle pings to a broadcast address correctly and therefore ignores them. 


Q104. Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!'' 

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page: 

H@cker Mess@ge: 

Y0u @re De@d! Fre@ks! 

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. 

How did the attacker accomplish this hack? 

A. ARP spoofing 

B. SQL injection 

C. DNS poisoning 

D. Routing table injection 

Answer: C

Explanation: External calls for the Web site has been redirected to another server by a successful DNS poisoning. 


Q105. Which Type of scan sends a packets with no flags set ? 

Select the Answer 

A. Open Scan 

B. Null Scan 

C. Xmas Scan 

D. Half-Open Scan 

Answer: B 

Explanation: 

The types of port connections supported are: 


312-50 torrent

Regenerate 312-50 real exam:

Q106. Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using? 

A. Henry is executing commands or viewing data outside the intended target path 

B. Henry is using a denial of service attack which is a valid threat used by an attacker 

C. Henry is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege 

D. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands 

Answer: B

Explanation: Henry’s intention is to perform a DoS attack against his target, possibly a DDoS attack. He uses systems other than his own to perform the attack in order to cover the tracks back to him and to get more “punch” in the DoS attack if he uses multiple systems. 


Q107. Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security. 

No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices. 

What type of insider threat would Shayla be considered? 

A. She would be considered an Insider Affiliate 

B. Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate 

C. Shayla is an Insider Associate since she has befriended an actual employee 

D. Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider 

Answer: A


Q108. An attacker runs netcat tool to transfer a secret file between two hosts. 

Machine A: netcat -l -p 1234 < secretfile 

Machine B: netcat 192.168.3.4 > 1234 

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire? 

A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234 

B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234 

C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password 

D. Use cryptcat instead of netcat 

Answer: D

Explanation: Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption. 


Q109. Exhibit: 


Study the following log extract and identify the attack. 

A. Hexcode Attack 

B. Cross Site Scripting 

C. Multiple Domain Traversal Attack 

D. Unicode Directory Traversal Attack 

Answer: D

Explanation: The “Get /msadc/……/……/……/winnt/system32/cmd.exe?” shows that a Unicode Directory Traversal Attack has been performed. 


Q110. Joe the Hacker breaks into company’s Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode. 

Running “ifconfig –a” will produce the following: 

# ifconfig –a 

1o0: flags=848<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 

inet 127.0.0.1 netmask ff000000hme0: 

flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST> mtu inet 192.0.2.99 netmask ffffff00 broadcast 134.5.2.255 ether 

8:0:20:9c:a2:35 

What can Joe do to hide the wiretap program from being detected by ifconfig command? 

A. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu 

B. Run the wiretap program in stealth mode from being detected by the ifconfig command. 

C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console. 

D. You cannot disable Promiscuous mode detection on Linux systems. 

Answer: C

Explanation: The normal way to hide these rogue programs running on systems is the use crafted commands like ifconfig and ls.