Shortcuts To 312-50(241 to 250)

Your success in EC-Council 312-50 is our sole target and we develop all our 312-50 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50 study material the best you can find, it is also the most detailed and the most updated. 312-50 Practice Exams for EC-Council 312-50 are written to the highest standards of technical accuracy.


The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q241. In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same. 

Why does this happen in the VPN over wireless implementation? 

A. The stronger encryption used by the VPN slows down the network. 

B. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications. 

C. VPNs use larger packets then wireless networks normally do. 

D. Using a VPN on wireless automatically enables WEP, which causes additional overhead. 

Answer: B

Explanation: By applying VPN the access point will have to recalculate all headers destined for client and from clients twice. 


Q242. Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill's problem? 

A. You cannot use a buffer overflow to deface a web page 

B. There is a problem with the shell and he needs to run the attack again 

C. The HTML file has permissions of read only 

D. The system is a honeypot 

Answer: C


Q243. Which of the following tools are used for footprinting?(Choose four. 

A. Sam Spade 

B. NSLookup 

C. Traceroute 

D. Neotrace 

E. Cheops 

Answer: ABCD 

Explanation: All of the tools listed are used for footprinting except Cheops. 


Q244. You are sniffing as unprotected WiFi network located in a JonDonalds Cybercafe with Ethereal to capture hotmail e-mail traffic. You see lots of people using their laptops browsing the web while snipping brewed coffee from JonDonalds. You want to sniff their email message traversing the unprotected WiFi network. 

Which of the following ethereal filters will you configure to display only the packets with the hotmail messages? 

A. (http contains “hotmail”) && ( http contains “Reply-To”) 

B. (http contains “e-mail” ) && (http contains “hotmail”) 

C. (http = “login.passport.com” ) && (http contains “SMTP”) 

D. (http = “login.passport.com” ) && (http contains “POP3”) 

Answer: A

Explanation: Each Hotmail message contains the tag Reply-To:<sender address> and “xxxx-xxx-xxx.xxxx.hotmail.com” in the received tag. 


Q245. How would you prevent session hijacking attacks? 

A. Using biometrics access tokens secures sessions against hijacking 

B. Using non-Internet protocols like http secures sessions against hijacking 

C. Using hardware-based authentication secures sessions against hijacking 

D. Using unpredictable sequence numbers secures sessions against hijacking 

Answer: D

Explanation: Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try. 


Q246. Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1? 

A. ip == 192.168.0.1 and tcp.syn 

B. ip.addr = 192.168.0.1 and syn = 1 

C. ip.addr==192.168.0.1 and tcp.flags.syn 

D. ip.equals 192.168.0.1 and syn.equals on 

Answer: C


Q247. What are the two basic types of attacks?(Choose two. 

A. DoS 

B. Passive 

C. Sniffing 

D. Active 

E. Cracking 

Answer: BD 

Explanation: Passive and active attacks are the two basic types of attacks. 


Q248. You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network. 

How can you achieve this? 

A. Block ICMP at the firewall. 

B. Block UDP at the firewall. 

C. Both A and B. 

D. There is no way to completely block doing a trace route into this area. 

Answer: D

Explanation: When you run a traceroute to a target network address, you send a UDP packet with one time to live (TTL) to the target address. The first router this packet hits decreases the TTL to 0 and rejects the packet. Now the TTL for the packet is expired. The router sends back an ICMP message type 11 (Exceeded) code 0 (TTL--Exceeded) packet to your system with a source address. Your system displays the round-trip time for that first hop and sends out the next UDP packet with a TTL of 2.This process continues until you receive an ICMP message type 3 (Unreachable) code 3 (Port--Unreachable) from the destination system. Traceroute is completed when your machine receives a Port-Unreachable message.If you receive a message with three asterisks [* * *] during the traceroute, a router in the path doesn't return ICMP messages. Traceroute will continue to send UDP packets until the destination is reached or the maximum number of hops is exceeded. 


Q249. Which of the following LM hashes represent a password of less than 8 characters? (Select 2) 

A. BA810DBA98995F1817306D272A9441BB 

B. 44EFCE164AB921CQAAD3B435B51404EE 

C. 0182BD0BD4444BF836077A718CCDF409 

D. CEC52EB9C8E3455DC2265B23734E0DAC 

E. B757BF5C0D87772FAAD3B435B51404EE 

F. E52CAC67419A9A224A3B108F3FA6CB6D 

Answer: BE

Explanation: Notice the last 8 characters are the same 


Q250. Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. 

What would you call this attack? 

A. Interceptor 

B. Man-in-the-middle 

C. ARP Proxy 

D. Poisoning Attack 

Answer: B

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.