A Review Of Download 312-50 testing software

It is more faster and easier to pass the EC-Council 312-50 exam by using Free EC-Council Ethical Hacking and Countermeasures (CEHv6) questuins and answers. Immediate access to the Replace 312-50 Exam and find the same core area 312-50 questions with professionally verified answers, then PASS your exam with a high score now.


The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

2021 Apr 312-50 free practice exam

Q361. Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox? 

A. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access 

B. By changing the mailbox's name in the URL, Kevin is attempting directory transversal 

C. Kevin is trying to utilize query string manipulation to gain access to her email account 

D. He is attempting a path-string attack to gain access to her mailbox 

Answer: C


Q362. Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that can’t be easily guessed but there remain people who attempt to compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed? 

A. The attacker guessed the new name 

B. The attacker used the user2sid program 

C. The attacker used to sid2user program 

D. The attacker used NMAP with the V option 

Answer: C

Explanation: User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection. 


Q363. Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password? 

A. Dictionary attack 

B. Brute forcing attack 

C. Hybrid attack 

D. Syllable attack 

E. Rule-based attack 

Answer: C


Q364. Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys 

Which step would you perform to detect this type of Trojan? 

A. Scan for suspicious startup programs using msconfig 

B. Scan for suspicious network activities using Wireshark 

C. Scan for suspicious device drivers in c:windowssystem32drivers 

D. Scan for suspicious open ports using netstat 

Answer: C


Q365. Which FTP transfer mode is required for FTP bounce attack? 

A. Active Mode 

B. Passive Mode 

C. User Mode 

D. Anonymous Mode 

Answer: B

Explanation: FTP bounce attack needs the server the support passive connections and the client program needs to use PORT command instead of the PASV command. 


Avant-garde 312-50 practice exam:

Q366. Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain. 

What is the probable cause of Bill’s problem? 

A. The system is a honeypot. 

B. There is a problem with the shell and he needs to run the attack again. 

C. You cannot use a buffer overflow to deface a web page. 

D. The HTML file has permissions of ready only. 

Answer: D

Explanation: The question states that Bill had been able to spawn an interactive shell. By this statement we can tell that the buffer overflow and its corresponding code was enough to spawn a shell. Any shell should make it possible to change the webpage. So we either don’t have sufficient privilege to change the webpage (answer D) or it’s a honeypot (answer A). We think the preferred answer is D 


Q367. What is the key advantage of Session Hijacking? 

A. It can be easily done and does not require sophisticated skills. 

B. You can take advantage of an authenticated connection. 

C. You can successfully predict the sequence number generation. 

D. You cannot be traced in case the hijack is detected. 

Answer: B

Explanation: As an attacker you don’t have to steal an account and password in order to take advantage of an authenticated connection. 


Q368. In an attempt to secure his 802.11b wireless network, Bob decides to use strategic antenna positioning. He places the antenna for the access point near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the buildings center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Bob figures that with this and his placement of antennas, his wireless network will be safe from attack. Which of he following statements is true? 

A. Bob’s network will not be safe until he also enables WEP 

B. With the 300-foot limit of a wireless signal, Bob’s network is safe 

C. Bob’s network will be sage but only if he doesn’t switch to 802.11a 

D. Wireless signals can be detected from miles away; Bob’s network is not safe 

Answer: D

Explanation: It’s all depending on the capacity of the antenna that a potential hacker will use in order to gain access to the wireless net. 


Q369. Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine. 

How would you detect IP spoofing? 

A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet 

B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet 

C. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed 

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet 

Answer: D


Q370. Which of the following commands runs snort in packet logger mode? 

A. ./snort -dev -h ./log 

B. ./snort -dev -l ./log 

C. ./snort -dev -o ./log 

D. ./snort -dev -p ./log 

Answer: B

Explanation: Note: If you want to store the packages in binary mode for later analysis use ./snort -l ./log -b