Tips to Pass 312-50 Exam (151 to 160)

Examcollection 312-50 Questions are updated and all 312-50 answers are verified by experts. Once you have completely prepared with our 312-50 exam prep kits you will be ready for the real 312-50 exam without a problem. We have Avant-garde EC-Council 312-50 dumps study guide. PASSED 312-50 First attempt! Here What I Did.

Q151. A POP3 client contacts the POP3 server: 

A. To send mail 

B. To receive mail 

C. to send and receive mail 

D. to get the address to send mail to 

E. initiate a UDP SMTP connection to read mail 

Answer:

Explanation: POP is used to receive e-mail.SMTP is used to send e-mail. 


Q152. You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner? 

A. Convert the Trojan.exe file extension to Trojan.txt disguising as text file 

B. Break the Trojan into multiple smaller files and zip the individual pieces 

C. Change the content of the Trojan using hex editor and modify the checksum 

D. Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1 

Answer: A


Q153. A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in. 

What do you think is the most likely reason behind this? 

A. There is a NIDS present on that segment. 

B. Kerberos is preventing it. 

C. Windows logons cannot be sniffed. 

D. L0phtcrack only sniffs logons to web servers. 

Answer: B

Explanation: In a Windows 2000 network using Kerberos you normally use pre-authentication and the user password never leaves the local machine so it is never exposed to the network so it should not be able to be sniffed. 


Q154. What is SYSKEY # of bits used for encryption? 

A. 40 

B. 64 

C. 128 

D. 256 

Answer: C

Explanation: System Key hotfix is an optional feature which allows stronger encryption of SAM. Strong encryption protects private account information by encrypting the password data using a 128-bit cryptographically random key, known as a password encryption key. 


Q155. This tool is widely used for ARP Poisoning attack. Name the tool. 

A. Cain and Able 

B. Beat Infector 

C. Poison Ivy 

D. Webarp Infector 

Answer: A


Q156. What are the four steps is used by nmap scanning? 

A. DNS Lookup 

B. ICMP Message 

C. Ping 

D. Reverse DNS lookup 

E. TCP three way handshake 

F. The Actual nmap scan 

Answer: ACDF

Explanation: Nmap performs four steps during a normal device scan. Some of these steps can be modified or disabled using options on the nmap command line. 


Q157. Which of the following statements would not be a proper definition for a Trojan Horse? 

A. An unauthorized program contained within a legitimate program. 

This unauthorized program performs functions unknown (and probably unwanted) by the user. 

B. A legitimate program that has been altered by the placement of unauthorized code within it; this code perform functions unknown (and probably unwanted) by the user. 

C. An authorized program that has been designed to capture keyboard keystrokes while the user remains unaware of such an activity being performed. 

D. Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user. 

Answer: C

Explanation: A Trojan is all about running unauthorized code on the users computer without the user knowing of it. 


Q158. Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password 'just to double check our records'. Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.'s computers, to find the cookie recipe. This is an example of what kind of attack? 

A. Reverse Psychology 

B. Social Engineering 

C. Reverse Engineering 

D. Spoofing Identity 

E. Faking Identity 

Answer: B

Explanation: This is a typical case of pretexting. Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone. 


Q159. Which of the following built-in C/C++ functions you should avoid to prevent your program from buffer overflow attacks? 

A. strcpy() 

B. strcat() 

C. streadd() 

D. strscock() 

Answer: ABC

Explanation: When hunting buffer overflows, the first thing to look for is functions which write into arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you're using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str...() family which expect NUL-terminated strings actually get them - store a '' in the last element of each array involved just before you call the function, if necessary. Strscock() is not a valid C/C++ function. 


Q160. Which of the following activities will not be considered passive footprinting? 

A. Go through the rubbish to find out any information that might have been discarded 

B. Search on financial site such as Yahoo Financial to identify assets 

C. Scan the range of IP address found in the target DNS database 

D. Perform multiples queries using a search engine 

Answer:

Explanation: Scanning is not considered to be passive footprinting.