The Avant-garde Guide To 312-50 pack Jun 2021

Verified of 312-50 dumps materials and rapidshare for EC-Council certification for IT candidates, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!


The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q81. Reflective DDoS attacks do not send traffic directly at the targeted host. Instead, they usually spoof the originating IP addresses and send the requests at the reflectors. These reflectors (usually routers or high-powered servers with a large amount of network resources at their disposal) then reply to the spoofed targeted traffic by sending loads and loads of data to the final target. 

How would you detect these reflectors on your network? 

A. Run floodnet tool to detect these reflectors 

B. Look for the banner text by running Zobbie Zappers tools 

C. Run Vulnerability scanner on your network to detect these reflectors 

D. Scan the network using Nmap for the services used by these reflectors 

Answer: A

Explanation: http://www.exterminate-it.com/malpedia/remove-floodnet 


Q82. Your are trying the scan a machine located at ABC company’s LAN named mail.abc.com. Actually that machine located behind the firewall. Which port is used by nmap to send the TCP synchronize frame to on mail.abc.com? 

A. 443 

B. 80 

C. 8080 

D. 23 

Answer: A


Q83. Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency’s network. The firm first sets up a sniffer on the agency’s wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency’s wireless network to capture the same amount of traffic. This capture only takes about 30 minutes to get 10 GB of data. 

Why did capturing of traffic take much less time on the wireless network? 

A. Because wireless access points act like hubs on a network 

B. Because all traffic is clear text, even when encrypted 

C. Because wireless traffic uses only UDP which is easier to sniff 

D. Because wireless networks can’t enable encryption 

Answer: A

Explanation: You can not have directed radio transfers over a WLAN. Every packet will be broadcasted as far as possible with no concerns about who might hear it. 


Q84. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer) 

A. symmetric algorithms 

B. asymmetric algorithms 

C. hashing algorithms 

D. integrity algorithms 

Answer:

Explanation: In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint. 


Q85. Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack? 

A. Teardrop 

B. Smurf 

C. Ping of Death 

D. SYN flood 

E. SNMP Attack 

Answer: A

Explanation: The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash. 


Q86. What is Hunt used for? 

A. Hunt is used to footprint networks 

B. Hunt is used to sniff traffic 

C. Hunt is used to hack web servers 

D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic 

E. Hunt is used for password cracking 

Answer: D

Explanation: Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions. 


Q87. Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city's computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill's primary responsibility is to keep PC's and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network. 

Hampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill's boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill's boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company's building. 

How was Bill able to get Internet access without using an agency laptop? 

A. Bill spoofed the MAC address of Dell laptop 

B. Bill connected to a Rogue access point 

C. Toshiba and Dell laptops share the same hardware address 

D. Bill brute forced the Mac address ACLs 

Answer: B


Q88. You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:) for data with the following text “Credit Card” and “password”. It then zips all the scanned files and sends an email to a predefined hotmail address. 

You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent? 

A. HKEY_LOCAL_MACHINESOFTWAREMICROOSFTWindowsCurrentVersionRunServices 

B. HKEY_LOCAL_USERSOFTWAREMICROOSFTWindowsCurrentVersionRunServices 

C. HKEY_LOCAL_SYSTEMSOFTWAREMICROOSFTWindowsCurrentVersionRunServices 

D. HKEY_CURRENT_USERSOFTWAREMICROOSFTWindowsCurrentVersionRunServices 

Answer:

Explanation: HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted. 

Topic 7, Sniffers 

248. Exhibit: 

ettercap –NCLzs --quiet 

What does the command in the exhibit do in “Ettercap”? 

A. This command will provide you the entire list of hosts in the LAN 

B. This command will check if someone is poisoning you and will report its IP. 

C. This command will detach from console and log all the collected passwords from the network to a file. 

D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs. 

Answer: C

Explanation: -N = NON interactive mode (without ncurses) 

-C = collect all users and passwords 

-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the 

form "YYYYMMDD-collected-pass.log" 

-z = start in silent mode (no arp storm on start up) 

-s = IP BASED sniffing 

--quiet = "demonize" ettercap. Useful if you want to log all data in background. 


Q89. What do you call a system where users need to remember only one username and password, and be authenticated for multiple services? 

A. Simple Sign-on 

B. Unique Sign-on 

C. Single Sign-on 

D. Digital Certificate 

Answer: C

Explanation: Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems. 


Q90. What is the proper response for a NULL scan if the port is open? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: A NULL scan will have no response if the port is open.