We provide real 312-50 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass EC-Council 312-50 Exam quickly & easily. The 312-50 PDF type is available for reading and printing. You can print more and practice many times. With the help of our EC-Council 312-50 dumps pdf and vce product and material, you can easily pass the 312-50 exam.

Q201. What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system? 

A. Blind Port Scanning 

B. Idle Scanning 

C. Bounce Scanning 

D. Stealth Scanning 

E. UDP Scanning 

Answer: B

Explanation: from NMAP:-sI <zombie host[:probeport]> Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable "IP fragmentation ID" sequence generation onthe zombie host to glean information about the open ports on the target. 

Q202. June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus? 

A. No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus 

B. Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus 

C. Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus 

D. No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program 

Answer: D

Explanation: Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses. 

Q203. Central Frost Bank was a medium-sized, regional financial institution in New York. The bank recently deployed a new Internet-accessible Web application. Using this application, Central Frost's customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business through a Web browser. John Stevens was in charge of information security at Central Frost Bank. After one month in production, the Internet banking application was the subject of several customer complaints. Mysteriously, the account balances ofmany of Central Frost's customers had been changed! However, moneyhadn't been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries: 

Attempted login of unknown user: johnm Attempted login of unknown user: susaR Attempted login of unknown user: sencat Attempted login of unknown user: pete'' Attempted login of unknown user: ' or 1=1--Attempted login of unknown user: ' drop table logins--Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x9062757944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike 

What type of attack did the Hacker attempt? 

A. Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools. 

B. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability. 

C. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID. 

D. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session. 

Answer: C

Explanation: The 1=1 or drop table logins are attempts at SQL injection. 

Q204. What is the goal of a Denial of Service Attack? 

A. Capture files from a remote computer. 

B. Render a network or computer incapable of providing normal service. 

C. Exploit a weakness in the TCP stack. 

D. Execute service at PS 1009. 

Answer: B

Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB). 

Q205. One of your team members has asked you to analyze the following SOA record. What is the version? 

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400. 

A. 200303028 

B. 3600 

C. 604800 

D. 2400 

E. 60 

F. 4800 


Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version. 

Q206. A program that defends against a port scanner will attempt to: 

A. Sends back bogus data to the port scanner 

B. Log a violation and recommend use of security-auditing tools 

C. Limit access by the scanning system to publicly available ports only 

D. Update a firewall rule in real time to prevent the port scan from being completed 

Answer: D

Q207. What port number is used by Kerberos protocol? 

A. 44 

B. 88 

C. 419 

D. 487 


Explanation: Kerberos traffic uses UDP/TCP protocol source and destination port 88. 

Q208. TCP packets transmitted in either direction after the initial three-way handshake will have which of the following bit set? 

A. SYN flag 

B. ACK flag 

C. FIN flag 

D. XMAS flag 

Answer: B

Q209. What does a type 3 code 13 represent?(Choose two. 

A. Echo request 

B. Destination unreachable 

C. Network unreachable 

D. Administratively prohibited 

E. Port unreachable 

F. Time exceeded 

Answer: BD

Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port. 

Q210. Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network. 

Why would an attacker try to create a null session with a computer on a network? 

A. Enumerate users shares 

B. Install a backdoor for later attacks 

C. Escalate his/her privileges on the target server 

D. To create a user with administrative privileges for later use 

Answer: A

Explanation: The Null Session is often referred to as the "Holy Grail" of Windows hacking. Listed as the number 5 windows vulnerability on the SANS/FBI Top 20 list, Null Sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) architecture. You can establish a Null Session with a Windows (NT/2000/XP) host by logging on with a null user name and password. Using these null connections allows you to gather the following information from the host: 

-List of users and groups 

-List of machines 

-List of shares 

-Users and host SID' (Security Identifiers) 

Topic 5, System Hacking 

177. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible? 

A. Birthday 

B. Brute force 

C. Man-in-the-middle 

D. Smurf 

Answer: B

Explanation: Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.