312-50 ebook(351 to 360) for consumer: Mar 2021 Edition

The EC-Council 312-50 practice questions as well as answers contain the comprehensive and comprehensive information points. The actual EC-Council 312-50 exam dumps are summarized as well as compiled by Pass4sures professional team. What you need to complete is simply sit at home as well as download our EC-Council EC-Council examination engine. Review the total EC-Council 312-50 practice materials very carefully and diligently. That they must be a fantastic help to the EC-Council 312-50 exam preparation. Start previously and get certified previously and less complicated.

2021 Mar 312-50 book

Q351. What are two things that are possible when scanning UDP ports? (Choose two. 

A. A reset will be returned 

B. An ICMP message will be returned 

C. The four-way handshake will not be completed 

D. An RFC 1294 message will be returned 

E. Nothing 

Answer: BE

Explanation: Closed UDP ports can return an ICMP type 3 code 3 message. No response can mean the port is open or the packet was silently dropped. 


Q352. Under what conditions does a secondary name server request a zone transfer from a primary name server? 

A. When a primary SOA is higher that a secondary SOA 

B. When a secondary SOA is higher that a primary SOA 

C. When a primary name server has had its service restarted 

D. When a secondary name server has had its service restarted 

E. When the TTL falls to zero 

Answer: A

Explanation: Understanding DNS is critical to meeting the requirements of the CEH. When the serial number that is within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place. 


Q353. There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot? 

Select the best answers. 

A. Emulators of vulnerable programs 

B. More likely to be penetrated 

C. Easier to deploy and maintain 

D. Tend to be used for production 

E. More detectable 

F. Tend to be used for research 

Answer: ACDE

Explanations: 

A low interaction honeypot would have emulators of vulnerable programs, not the real programs. 

A high interaction honeypot is more likely to be penetrated as it is running the real program and is more vulnerable than an emulator. 

Low interaction honeypots are easier to deploy and maintain. Usually you would just use a program that is already available for download and install it. Hackers don't usually crash or destroy these types of programs and it would require little maintenance. 

A low interaction honeypot tends to be used for production. 

Low interaction honeypots are more detectable because you are using emulators of the real programs. Many hackers will see this and realize that they are in a honeypot. 

A low interaction honeypot tends to be used for production. A high interaction honeypot tends to be used for research. 


Q354. You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which command will you run to disable auditing from the cmd? 

A. stoplog stoplog ? 

B. EnterPol /nolog 

C. EventViewer o service 

D. auditpol.exe /disable 

Answer: D


Q355. Study the log below and identify the scan type. 

tcpdump -vv host 192.168.1.10 

17:34:45.802163 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 36166) 

17:34:45.802216 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 33796) 

17:34:45.802266 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 47066) 

17:34:46.111982 eth0 < 192.168.1.1 > victim: ip-proto-74 0 (ttl 48, id 35585) 

17:34:46.112039 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 32834) 

17:34:46.112092 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 26292) 

17:34:46.112143 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 51058) 

tcpdump -vv -x host 192.168.1.10 

17:35:06.731739 eth0 < 192.168.1.10 > victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c 0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 

A. nmap -sR 192.168.1.10 

B. nmap -sS 192.168.1.10 

C. nmap -sV 192.168.1.10 

D. nmap -sO -T 192.168.1.10 

Answer: D


Updated 312-50 torrent:

Q356. In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. 

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack? 

A. Full Blown 

B. Thorough 

C. Hybrid 

D. BruteDics 

Answer: C

Explanation: A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack. 


Q357. To scan a host downstream from a security gateway, Firewalking: 

A. Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets 

B. Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway 

C. Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment. 

D. Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway 

Answer: B

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 


Q358. What type of port scan is shown below? 

A. Idle Scan 

B. Windows Scan 

C. XMAS Scan 

D. SYN Stealth Scan 

Answer: C

Explanation: An Xmas port scan is variant of TCP port scan. This type of scan tries to obtain information about the state of a target port by sending a packet which has multiple TCP flags set to 1 - "lit as an Xmas tree". The flags set for Xmas scan are FIN, URG and PSH. The purpose is to confuse and bypass simple firewalls. Some stateless firewalls only check against security policy those packets which have the SYN flag set (that is, packets that initiate connection according to the standards). Since Xmas scan packets are different, they can pass through these simple systems and reach the target host. 


Q359. An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. 

Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer) 

A. Create a network tunnel. 

B. Create a multiple false positives. 

C. Create a SYN flood. 

D. Create a ping flood. 

Answer: A

Explanation: Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted. 


Q360. What type of Virus is shown here? 

A. Cavity Virus 

B. Macro Virus 

C. Boot Sector Virus 

D. Metamorphic Virus 

E. Sparse Infector Virus 

Answer: E