Jul 2021 updated: Examcollection EC-Council 312-50 exam answers 321-330

Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Examcollection 312-50 exam study guides now. We will not let you down with our money-back guarantee.

Q321. nn would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. 

Which of the following type of scans would be the most accurate and reliable option? 

A. A half-scan 

B. A UDP scan 

C. A TCP Connect scan 

D. A FIN scan 

Answer: C

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. Example of a three-way handshake followed by a reset: Source Destination Summary 

[192.168.0.8] [192.168.0.10] TCP: D=80 S=49389 SYN SEQ=3362197786 LEN=0 WIN=5840 

[192.168.0.10] [192.168.0.8] TCP: D=49389 S=80 SYN ACK=3362197787 SEQ=58695210 LEN=0 WIN=65535 

[192.168.0.8]

 [192.168.0.10] TCP: D=80 S=49389 ACK=58695211 WIN<<2=5840 

[192.168.0.8]

 [192.168.0.10] TCP: D=80 S=49389 RST ACK=58695211 WIN<<2=5840 


Q322. Why is Social Engineering considered attractive by hackers and also adopted by experts in the field? 

A. It is done by well known hackers and in movies as well. 

B. It does not require a computer in order to commit a crime. 

C. It is easy and extremely effective to gain information. 

D. It is not considered illegal. 

Answer: C

Explanation: Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim. The term has been popularized in recent years by well known (reformed) computer criminal and security consultant Kevin Mitnick who points out that it's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in. He claims it to be the single most effective method in his arsenal. 


Q323. Why would an ethical hacker use the technique of firewalking? 

A. It is a technique used to discover wireless network on foot. 

B. It is a technique used to map routers on a network link. 

C. It is a technique used to discover the nature of rules configured on a gateway. 

D. It is a technique used to discover interfaces in promiscuous mode. 

Answer: C

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 


Q324. Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ. 

Which built-in functionality of Linux can achieve this? 

A. IP Tables 

B. IP Chains 

C. IP Sniffer 

D. IP ICMP 

Answer: A

Explanation: iptables is a user space application program that allows a system administrator to configure the netfilter tables, chains, and rules (described above). Because iptables requires elevated privileges to operate, it must be executed by user root, otherwise it fails to function. On most Linux systems, iptables is installed as /sbin/iptables. IP Tables performs stateful inspection while the older IP Chains only performs stateless inspection. 


Q325. Global deployment of RFC 2827 would help mitigate what classification of attack? 

A. Sniffing attack 

B. Denial of service attack 

C. Spoofing attack 

D. Reconnaissance attack 

E. Prot Scan attack 

Answer: C

Explanation: RFC 2827 - Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing 


Q326. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task? 

A. Charlie can use the command: ping -l 56550 172.16.0.45 -t. 

B. Charlie can try using the command: ping 56550 172.16.0.45. 

C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router 

D. He could use the command: ping -4 56550 172.16.0.45. 

Answer: A


Q327. RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured. 

What is the most likely cause behind this? 

A. There are some flaws in the implementation. 

B. There is no key management. 

C. The IV range is too small. 

D. All of the above. 

E. None of the above. 

Answer: D

Explanation: Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets. Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed. 


Q328. After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledge (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen and then opens a second connection from a forget IP address. The attack doesn’t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP Address is used for authentication, the attacker can use the one-side communication to break into the server. 

What attacks can you successfully launch against a server using the above technique? 

A. Session Hijacking attacks 

B. Denial of Service attacks 

C. Web Page defacement attacks 

D. IP Spoofing Attacks 

Answer: A

Explanation: The term Session Hijacking refers to the exploitation of a valid computer session -sometimes also called a session key - to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. 

Topic 11, Hacking Web Servers 


Q329. How many bits encryption does SHA-1 use? 

A. 64 bits 

B. 128 bits 

C. 160 bits 

D. 256 bits 

Answer: C

Explanation: SHA-1 (as well as SHA-0) produces a 160-bit digest from a message with a maximum length of 264 - 1 bits, and is based on principles similar to those used by Professor Ronald L. Rivest of MIT in the design of the MD4 and MD5 message digest algorithms. 


Q330. Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server. 

User-agent: * Disallow: /images/ Disallow: /banners/ Disallow: /Forms/ Disallow: /Dictionary/ Disallow: /_borders/ Disallow: /_fpclass/ Disallow: /_overlay/ Disallow: /_private/ Disallow: /_themes/ What is the name of this file? 

A. robots.txt 

B. search.txt 

C. blocklist.txt 

D. spf.txt 

Answer: A