Top Improved 312-50 test question Reviews!
Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.
Q171. Which port, when configured on a switch receives a copy of every packet that passes through it?
A. R-DUPE Port
B. MIRROR port
C. SPAN port
Q172. Which of the following is not an effective countermeasure against replay attacks?
A. Digital signatures
B. Time Stamps
C. System identification
D. Sequence numbers
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature)
Q173. You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address.
What can be inferred from this output?
1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net (188.8.131.52) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net (184.108.40.206) 13.948 ms ip68-100-0-1.nv.nv.cox.net
(220.127.116.11) 16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (18.104.22.168) 17.324 ms 12.933 ms 20.938 ms
5 22.214.171.124 (126.96.36.199) 12.439 ms 220.166 ms 204.170 ms 6 so-6-0-0.gar2.wdc1.Level3.net (188.8.131.52) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (184.108.40.206) 14.227 ms 17.553 ms 15.415 ms 8 so-0-1-0.bbr1.NewYork1.level3.net (220.127.116.11) 17.063 ms 20.960 ms 19.512 ms 9 so-7-0-0-gar1.NewYork1.Level3.net (18.104.22.168) 20.334 ms 19.440 ms 17.938 ms 10 so-4-0-0.edge1.NewYork1.Level3.net (22.214.171.124) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-oc48.NewYork1.Level3.net (126.96.36.199) 21.411 ms 19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (188.8.131.52) 21.203 ms 22.670 ms 20.11 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (184.108.40.206) 30.929 ms 24.858 ms 23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (220.127.116.11) 38.894 ms 33.244 33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (18.104.22.168) 51.165 ms 49.935 ms 49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.NET (22.214.171.124) 50.937 ms 49.005 ms 51.055 ms 17 117.ATM6-0.GW5.MIA1.ALTER.NET (126.96.36.199) 51.897 ms 50.280 ms 53.647 ms 18 example-gwl.customer.alter.net (188.8.131.52) 51.921 ms 51.571 ms 56.855 ms 19 www.ABC.com (184.108.40.206) 52.191 ms 52.571 ms 56.855 ms 20 www.ABC.com (220.127.116.11) 53.561 ms 54.121 ms 58.333 ms
A. An application proxy firewall
B. A stateful inspection firewall
C. A host based IDS
D. A Honeypot
Q174. DRAG DROP
A Successfully Attack by a malicious hacker can divide into five phases, Match the order:
Q175. While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?
A. Scan more slowly.
B. Do not scan the broadcast IP.
C. Spoof the source IP address.
D. Only scan the Windows systems.
Explanation: Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.
Q176. The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let's say that you've entered your credit card information into a form that uses the GET method. The URL may appear like this:
The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. How would you protect from this type of attack?
A. Never include sensitive information in a script
B. Use HTTPS SSLv3 to send the data instead of plain HTTPS
C. Replace the GET with POST method when sending data
D. Encrypt the data before you send using GET method
Q177. Which type of scan does not open a full TCP connection?
A. Stealth Scan
B. XMAS Scan
C. Null Scan
D. FIN Scan
Explanation: Stealth Scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active.
Q178. Paula works as the primary help desk contact for her company. Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he ca no longer work. Paula walks over to the user’s computer and sees the Blue Screen of Death screen. The user’s computer is running Windows XP, but the Blue screen looks like a familiar one that Paula had seen a Windows 2000 Computers periodically.
The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there. Paula also noticed that the hard drive activity light was flashing meaning that the computer was processing some thing. Paula knew this should not be the case since the computer should be completely frozen during a Blue screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.
What is Paula seeing happen on this computer?
A. Paula’s Network was scanned using FloppyScan
B. Paula’s Netwrok was scanned using Dumpsec
C. There was IRQ conflict in Paula’s PC
D. Tool like Nessus will cause BSOD
Explanation: Floppyscan is a dangerous hacking tool which can be used to portscan a system using a floppy disk Bootsup mini Linux Displays Blue screen of death screen Port scans the network using NMAP Send the results by e-mail to a remote server.
Q179. Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage. How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?
A. Ensure all files have at least a 755 or more restrictive permissions.
B. Configure rules using ipchains.
C. Configure and enable portsentry on his server.
D. Install an intrusion detection system on her computer such as Snort.
Explanation: ipchains is a free software based firewall for Linux. It is a rewrite of Linux's previous IPv4 firewalling code, ipfwadm. In Linux 2.2, ipchains is required to administer the IP packet filters. ipchains was written because the older IPv4 firewall code used in Linux 2.0 did not work with IP fragments and didn't allow for specification of protocols other than TCP, UDP, and ICMP.
Q180. You have been using the msadc.pl attack script to execute arbitrary commands on an NT4 web server. While it is effective, you find it tedious to perform extended functions. On further research you come across a perl script that runs the following msadc functions:
What kind of exploit is indicated by this script?
A. A buffer overflow exploit.
B. A SUID exploit.
C. A SQL injection exploit.
D. A chained exploit.
E. A buffer under run exploit.