Leading EC-Council 312-50 - An Overview 421 to 430

we provide 100% Correct EC-Council 312-50 question which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!

Q421. What does black box testing mean? 

A. You have full knowledge of the environment 

B. You have no knowledge of the environment 

C. You have partial knowledge of the environment 

Answer: B

Explanation: Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive. 

Q422. Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called? 

A. Spoof attack 

B. Replay attack 

C. Injection attack 

D. Rebound attack 

Answer: B

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

Q423. Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet. How would you accomplish this? 

A. Use HTTP Tunneling 

B. Use Proxy Chaining 

C. Use TOR Network 

D. Use Reverse Chaining 

Answer: A

Q424. Peter has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the External Gateway interface. Further inspection reveals they are not responses from internal hosts request but simply responses coming from the Internet. What could be the likely cause of this? 

A. Someone Spoofed Peter’s IP Address while doing a land attack 

B. Someone Spoofed Peter’s IP Address while doing a DoS attack 

C. Someone Spoofed Peter’s IP Address while doing a smurf Attack 

D. Someone Spoofed Peter’s IP address while doing a fraggle attack 


Explanation: An attacker sends forged ICMP echo packets to broadcast addresses of vulnerable networks with forged source address pointing to the target (victim) of the attack. All the systems on these networks reply to the victim with ICMP echo replies. This rapidly exhausts the bandwidth available to the target. 

Q425. Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing. 

Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two) 

A. Ethernet Zapping 

B. MAC Flooding 

C. Sniffing in promiscuous mode 

D. ARP Spoofing 

Answer: BD

Explanation: In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). 

Q426. Stephanie, a security analyst, has just returned from a Black Hat conference in Las Vegas where she learned of many powerful tools used by hackers and security professionals alike. Stephanie is primarily worried about her Windows network because of all the legacy computers and servers that she must use, due to lack of funding. 

Stephanie wrote down many of the tools she learned of in her notes and was particularly interested in one tool that could scan her network for vulnerabilities and return reports on her network's weak spots called SAINT. She remembered from her notes that SAINT is very flexible and can accomplish a number of tasks. Stephanie asks her supervisor, the CIO, if she can download and run SAINT on the network. Her boss said to not bother with it since it will not work for her at all. 

Why did Stephanie's boss say that SAINT would not work? 

A. SAINT only works on Macintosh-based machines 

B. SAINT is too expensive and is not cost effective 

C. SAINT is too network bandwidth intensive 

D. SAINT only works on LINUX and UNIX machines 

Answer: D

Explanation: Works with Unix/Linux/BSD and MacOS X http://www.saintcorporation.com/ 

Q427. If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False). 

A. True 

B. False 


Explanation: When and ACK is sent to an open port, a RST is returned. 

Q428. Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. 

What should Peter do to prevent a smurf attack? 

Select the best answer. 

A. He should disable unicast on all routers 

B. Disable multicast on the router 

C. Turn off fragmentation on his router 

D. Make sure all anti-virus protection is updated on all systems 

E. Make sure his router won't take a directed broadcast 


Explanation: Unicasts are one-to-one IP transmissions, by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peter’s concerns as a smurf attack uses broadcast, not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source, which is really the victim. Disabling directed broadcasts on a router can prevent the attack. 

Q429. Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management? 

A. Rebecca should make a recommendation to disable the () system call 

B. Rebecca should make a recommendation to upgrade the Linux kernel promptly 

C. Rebecca should make a recommendation to set all child-process to sleep within the execve() 

D. Rebecca should make a recommendation to hire more system administrators to monitor all child processes to ensure that each child process can't elevate privilege 

Answer: B

Q430. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold. 

What is the most common cause of buffer overflow in software today? 

A. Bad permissions on files. 

B. High bandwidth and large number of users. 

C. Usage of non standard programming languages. 

D. Bad quality assurance on software produced. 

Answer: D

Explanation: Technically, a buffer overflow is a problem with the program's internal implementation.