It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Renovate Ethical Hacking and Countermeasures (CEHv6) practice guides.

Q361. Bob has been hired to do a web application security test. Bob notices that the site is dynamic and infers that they mist be making use of a database at the application back end. Bob wants to validate whether SQL Injection would be possible. 

What is the first character that Bob should use to attempt breaking valid SQL requests? 

A. Semi Column 

B. Double Quote 

C. Single Quote 

D. Exclamation Mark 

Answer: C

Explanation: In SQL single quotes are used around values in queries, by entering another single quote Bob tests if the application will submit a null value and probably returning an error. 


Q362. How do you defend against ARP spoofing? 

A. Place static ARP entries on servers, workstation and routers 

B. True IDS Sensors to look for large amount of ARP traffic on local subnets 

C. Use private VLANS 

D. Use ARPWALL system and block ARP spoofing attacks 

Answer: ABC 

Explanation: ARPWALL is a opensource tools will give early warning when arp attack occurs. 

This tool is still under construction. 


Q363. Which of the following Nmap commands would be used to perform a stack fingerprinting? 

A. Nmap -O -p80 <host(s.> 

B. Nmap -hU -Q<host(s.> 

C. Nmap -sT -p <host(s.> 

D. Nmap -u -o -w2 <host> 

E. Nmap -sS -0p target 

Answer: A

Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file. to decide what type of system you are scanning. 


Q364. In the context of using PKI, when Sven wishes to send a secret message to Bob, he looks up Bob’s public key in a directory, uses it to encrypt the message before sending it off. Bob then uses his private key to decrypt the message and reads it. No one listening on can decrypt the message. 

Anyone can send an encrypted message to Bob but only Bob can read it. Thus, although many people may know Bob’s public key and use it to verify Bob’s signature, they cannot discover Bob’s private key and use it to forge digital signatures. 

What does this principle refer to? 

A. Irreversibility 

B. Non-repudiation 

C. Symmetry 

D. Asymmetry 

Answer: D

Explanation: PKI uses asymmetric key pair encryption. One key of the pair is the only way to decrypt data encrypted with the other. 


Q365. Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should have ideally used printf(?s? str). What attack will his program expose the web application to? 

A. Cross Site Scripting 

B. SQL injection Attack 

C. Format String Attack 

D. Unicode Traversal Attack 

Answer: C

Explanation: Format string attacks are a new class of software vulnerability discovered around 1999, previously thought harmless. Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf() and similar functions to write back the number of bytes formatted to the same argument to printf(), assuming that the corresponding argument exists, and is of type int * . 


Q366. In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. 

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack? 

A. Full Blown 

B. Thorough 

C. Hybrid 

D. BruteDics 

Answer: C

Explanation: A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack. 


Q367. You want to hide a secret.txt document inside c:windowssystem32tcpip.dll kernel library using ADS streams. How will you accomplish this? 

A. copy secret.txt c:windowssystem32tcpip.dll kernel>secret.txt 

B. copy secret.txt c:windowssystem32tcpip.dll:secret.txt 

C. copy secret.txt c:windowssystem32tcpip.dll |secret.txt 

D. copy secret.txt >< c:windowssystem32tcpip.dll kernel secret.txt 

Answer: B


Q368. You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of what protocols are being used. You need to discover as many different protocols as possible. Which kind of scan would you use to do this? 

A. Nmap with the –sO (Raw IP packets) switch 

B. Nessus scan with TCP based pings 

C. Nmap scan with the –sP (Ping scan) switch 

D. Netcat scan with the –u –e switches 

Answer: A

Explanation: Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified. 


Q369. John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool? 

A. hping2 

B. nessus 

C. nmap 

D. make 

Answer: B


Q370. Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply) 

A. 802.11b 

B. 802.11e 

C. 802.11a 

D. 802.11g 

E. 802.11 

Answer: ACD

Explanation: If you check the website, cards for all three (A, B, G) are supported. See: http://www.stumbler.net/