What Does 312-50 download Mean?


The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q131. You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet? 

[ceh]# ping 10.2.3.4 

PING 10.2.3.4 (10.2.3.4) from 10.2.3.80 : 56(84) bytes of data. 

--- 10.2.3.4 ping statistics ---

3 packets transmitted, 0 packets received, 100% packet loss 

[ceh]# ./hping2 -c 4 -n -i 2 10.2.3.4 

HPING 10.2.3.4 (eth0 10.2.3.4): NO FLAGS are set, 40 headers + 

0 data bytes 

len=46 ip=10.2.3.4 flags=RA seq=0 ttl=128 id=54167 win=0 rtt=0.8 ms 

len=46 ip=10.2.3.4 flags=RA seq=1 ttl=128 id=54935 win=0 rtt=0.7 ms 

len=46 ip=10.2.3.4 flags=RA seq=2 ttl=128 id=55447 win=0 rtt=0.7 ms 

len=46 ip=10.2.3.4 flags=RA seq=3 ttl=128 id=55959 win=0 rtt=0.7 ms 

--- 10.2.3.4 hping statistic ---

4 packets tramitted, 4 packets received, 0% packet loss 

round-trip min/avg/max = 0.7/0.8/0.8 ms 

A. ping packets cannot bypass firewalls 

B. you must use ping 10.2.3.4 switch 

C. hping2 uses TCP instead of ICMP by default 

D. hping2 uses stealth TCP packets to connect 

Answer: C

Explanation: Default protocol is TCP, by default hping2 will send tcp headers to target host's port 0 with a winsize of 64 without any tcp flag on. Often this is the best way to do an 'hide ping', useful when target is behind a firewall that drop ICMP. Moreover a tcp null-flag to port 0 has a good probability of not being logged. 


Q132. This kind of password cracking method uses word lists in combination with numbers and special characters: 

A. Hybrid 

B. Linear 

C. Symmetric 

D. Brute Force 

Answer: A

Explanation: A Hybrid (or Hybrid Dictionary) Attack uses a word list that it modifies slightly to find passwords that are almost from a dictionary (like St0pid) 


Q133. Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer? 

A. IRC (Internet Relay Chat) 

B. Legitimate "shrink-wrapped" software packaged by a disgruntled employee 

C. NetBIOS (File Sharing) 

D. Downloading files, games and screensavers from Internet sites 

Answer: B


Q134. Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of these servers because of the potential for financial loss. Bob has asked his company's firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. 

Why will this not be possible? 

A. Firewalls cannot inspect traffic coming through port 443 

B. Firewalls can only inspect outbound traffic 

C. Firewalls cannot inspect traffic at all, they can only block or allow certain ports 

D. Firewalls cannot inspect traffic coming through port 80 

Answer: C


Q135. Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security. 

Maintaining the security of a Web server will usually involve the following steps: 

1. Configuring, protecting, and analyzing log files 

2. Backing up critical information frequently 

3. Maintaining a protected authoritative copy of the organization's Web content 

4. Establishing and following procedures for recovering from compromise 

5. Testing and applying patches in a timely manner 

6. Testing security periodically. 

In which step would you engage a forensic investigator? 

A. 1 

B. 2 

C. 3 

D. 4 

E. 5 

F. 6 

Answer: D


Q136. What do you call a pre-computed hash? 

A. Sun tables 

B. Apple tables 

C. Rainbow tables 

D. Moon tables 

Answer: C


Q137. Which of the following systems would not respond correctly to an nmap XMAS scan? 

A. Windows 2000 Server running IIS 5 

B. Any Solaris version running SAMBA Server 

C. Any version of IRIX 

D. RedHat Linux 8.0 running Apache Web Server 

Answer: A

Explanation: When running a XMAS Scan, if a RST packet is received, the port is considered closed, while no response means it is open|filtered. The big downside is that not all systems follow RFC 793 to the letter. A number of systems send RST responses to the probes regardless of whether the port is open or not. This causes all of the ports to be labeled closed. Major operating systems that do this are Microsoft Windows, many Cisco devices, BSDI, and IBM OS/400. 


Q138. John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately. 

What would you suggest to John to help identify the OS that is being used on the remote web server? 

A. Connect to the web server with a browser and look at the web page. 

B. Connect to the web server with an FTP client. 

C. Telnet to port 8080 on the web server and look at the default page code. 

D. Telnet to an open port and grab the banner. 

Answer: D

Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application. 


Q139. An attacker runs netcat tool to transfer a secret file between two hosts. 

Machine A: netcat -l -p 1234 < secretfile 

Machine B: netcat 192.168.3.4 > 1234 

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire? 

A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234 

B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234 

C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password 

D. Use cryptcat instead of netcat 

Answer: D

Explanation: Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption. 


Q140. Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports? 

A. SMB 

B. FTP 

C. SAMBA 

D. FINGER 

Answer: A

Explanation: Port 135 is for RPC and 136-139 is for NetBIOS traffic. SMB is an upper layer service that runs on top of the Session Service and the Datagram service of NetBIOS.