High quality of 312-50 practice exam materials and paper for EC-Council certification for IT engineers, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/312-50-exam-dumps.html

Q381. Access control is often implemented through the use of MAC address filtering on wireless Access Points. Why is this considered to be a very limited security measure? 

A. Vendors MAC address assignment is published on the Internet. 

B. The MAC address is not a real random number. 

C. The MAC address is broadcasted and can be captured by a sniffer. 

D. The MAC address is used properly only on Macintosh computers. 

Answer: C


Q382. Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65,536 bytes. What is Lee seeing here? 

A. Lee is seeing activity indicative of a Smurf attack. 

B. Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing. 

C. Lee is seeing a Ping of death attack. 

D. This is not unusual traffic, ICMP packets can be of any size. 

Answer: C


Q383. In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code? 

A. EIP 

B. ESP 

C. EAP 

D. EEP 

Answer:

Explanation: EIP is the instruction pointer which is a register, it points to your next command. 


Q384. You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this? 

A. Block TCP at the firewall 

B. Block UDP at the firewall 

C. Block ICMP at the firewall 

D. There is no way to completely block tracerouting into this area 

Answer: D

Explanation: If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have. 


Q385. You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of what protocols are being used. You need to discover as many different protocols as possible. Which kind of scan would you use to do this? 

A. Nmap with the –sO (Raw IP packets) switch 

B. Nessus scan with TCP based pings 

C. Nmap scan with the –sP (Ping scan) switch 

D. Netcat scan with the –u –e switches 

Answer: A

Explanation: Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified. 


Q386. Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network. 

Why would an attacker try to create a null session with a computer on a network? 

A. Enumerate users shares 

B. Install a backdoor for later attacks 

C. Escalate his/her privileges on the target server 

D. To create a user with administrative privileges for later use 

Answer: A

Explanation: The Null Session is often referred to as the "Holy Grail" of Windows hacking. Listed as the number 5 windows vulnerability on the SANS/FBI Top 20 list, Null Sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) architecture. You can establish a Null Session with a Windows (NT/2000/XP) host by logging on with a null user name and password. Using these null connections allows you to gather the following information from the host: 

-List of users and groups 

-List of machines 

-List of shares 

-Users and host SID' (Security Identifiers) 

Topic 5, System Hacking 

177. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible? 

A. Birthday 

B. Brute force 

C. Man-in-the-middle 

D. Smurf 

Answer: B

Explanation: Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked. 


Q387. Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder’s IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his network hackers on the Internet. 

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall use. 

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder’s attempts. 

Samuel wants to completely block hackers brute force attempts on his network. 

What are the alternatives to defending against possible brute-force password attacks on his site? 

A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users 

B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually 

C. Enforce complex password policy on your network so that passwords are more difficult to brute force 

D. You can’t completely block the intruders attempt if they constantly switch proxies 

Answer: D

Explanation: Without knowing from where the next attack will come there is no way of proactively block the attack. This is becoming a increasing problem with the growth of large bot nets using ordinary workstations and home computers in large numbers. 


Q388. You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker? 

A. 5 minutes 

B. 23 days 

C. 200 years 

D. 16 million years 

Answer: A

Explanation: A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password. As long as you use a word found in or similar to a word found in a dictionary the password is considered to be weak. 


Q389. Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist's computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software? 

A. Steganography 

B. Wrapping 

C. ADS 

D. Hidden Channels 

Answer: A


Q390. What is SYSKEY # of bits used for encryption? 

A. 40 

B. 64 

C. 128 

D. 256 

Answer: C

Explanation: System Key hotfix is an optional feature which allows stronger encryption of SAM. Strong encryption protects private account information by encrypting the password data using a 128-bit cryptographically random key, known as a password encryption key.