Updated 312-50 Exam Study Guides With New Update Exam Questions
Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Pass4sure 312-50 exam study guides now. We will not let you down with our money-back guarantee.
The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.
Q261. More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers - it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A. They convert the shellcode into Unicode, using loader to convert back to machine code then executing them
B. They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode
C. They reverse the working instructions into opposite order by masking the IDS signatures
D. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode
Explanation: In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode
Q262. Which DNS resource record can indicate how long any "DNS poisoning" could last?
Explanation: The SOA contains information of secondary servers, update intervals and expiration times.
Q263. This kind of attack will let you assume a users identity at a dynamically generated web page or site:
A. SQL Injection
B. Cross Site Scripting
C. Session Hijacking
D. Zone Transfer
Explanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
Q264. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived.
B. Prime Detection
Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge
Q265. When writing shellcodes, you must avoid _________________ because these will end the string.
A. Null Bytes
B. Root Bytes
C. Char Bytes
D. Unicode Bytes
Explanation: The null character (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets, and available in nearly all mainstream programming languages. The original meaning of this character was like NOP — when sent to a printer or a terminal, it does nothing (some terminals, however, incorrectly display it as space). Strings ending in a null character are said to be null-terminated.
Q266. What is the proper response for a FIN scan if the port is open?
F. No response
Explanation: Open ports respond to a FIN scan by ignoring the packet in question.
Q267. John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module.
What does this mean in the context of Linux Security?
A. Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation.
B. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel after it has been recompiled and the system rebooted.
C. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation.
D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation.
Explanation: Loadable Kernel Modules, or LKM, are object files that contain code to extend the running kernel, or so-called base kernel, without the need of a kernel recompilation. Operating systems other than Linux, such as BSD systems, also provide support for LKM's. However, the Linux kernel generally makes far greater and more versatile use of LKM's than other systems. LKM's are typically used to add support for new hardware, filesystems or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded, freeing memory.
Q268. When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)
A. Cover his tracks by eradicating the log files and audit trails.
B. Gain access to the remote computer in order to conceal the venue of attacks.
C. Perform a reconnaissance of the remote target for identical of venue of attacks.
D. Always begin with a scan in order to quickly identify venue of attacks.
Explanation: A hacker always starts with a preparatory phase (Reconnaissance) where he seeks to gather as much information as possible about the target of evaluation prior to launching an attack. The reconnaissance can be either passive or active (or both).
Q269. Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless router’s management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop.
What is Paul seeing here?
A. MAC Spoofing
C. ARP Spoofing
D. DNS Spoofing
Explanation: You can fool MAC filtering by spoofing your MAC address and pretending to have some other computers MAC address.
Topic 16, Virus and Worms
423. Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?
A. System integrity verification tools
B. Anti-Virus Software
C. A properly configured gateway
D. There is no way of finding out until a new updated signature file is released
Explanation: Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Q270. DRAG DROP
Drag the application to match with its correct description.