Accurate of 312-50 exam engine materials and paper for EC-Council certification for candidates, Real Success Guaranteed with Updated 312-50 pdf dumps vce Materials. 100% PASS Ethical Hacking and Countermeasures (CEHv6) exam Today!

Q431. In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building’s center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack. 

Which of the following statements is true? 

A. With the 300 feet limit of a wireless signal, Ulf’s network is safe. 

B. Wireless signals can be detected from miles away, Ulf’s network is not safe. 

C. Ulf’s network will be safe but only of he doesn’t switch to 802.11a. 

D. Ulf’s network will not be safe until he also enables WEP. 

Answer: D


Q432. In Linux, the three most common commands that hackers usually attempt to Trojan are: 

A. car, xterm, grep 

B. netstat, ps, top 

C. vmware, sed, less 

D. xterm, ps, nc 

Answer: B

Explanation: The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html 


Q433. What is the key advantage of Session Hijacking? 

A. It can be easily done and does not require sophisticated skills. 

B. You can take advantage of an authenticated connection. 

C. You can successfully predict the sequence number generation. 

D. You cannot be traced in case the hijack is detected. 

Answer: B

Explanation: As an attacker you don’t have to steal an account and password in order to take advantage of an authenticated connection. 


Q434. An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts. 

A. 2 

B. 256 

C. 512 

D. Over 10,000 

Answer: C

Explanation: The hosts with IP address 202.176.56.0-255 & 202.176.56.0-255 will be scanned (256+256=512) 


Q435. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? 

A. Network aliasing 

B. Domain Name Server (DNS) poisoning 

C. Reverse Address Resolution Protocol (ARP) 

D. Port scanning 

Answer: B

This reference is close to the one listed DNS poisoning is the correct answer. 

This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning. 


Q436. You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next? 

A. Use NetScan Tools Pro to conduct the scan 

B. Run nmap XMAS scan against 192.168.1.10 

C. Run NULL TCP hping2 against 192.168.1.10 

D. The firewall is blocking all the scans to 192.168.1.10 

Answer: C


Q437. You are trying to compromise a Linux Machine and steal the password hashes for cracking with password brute forcing program. Where is the password file kept is Linux? 

A. /etc/shadow 

B. /etc/passwd 

C. /bin/password 

D. /bin/shadow 

Answer: A

Explanation: /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file. 

Topic 19, Evading IDS, Firewalls and Honeypots 

459. Exhibit 

Study the log given in the exhibit, 

Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate? 

A. Disallow UDP 53 in from outside to DNS server 

B. Allow UDP 53 in from DNS server to outside 

C. Disallow TCP 53 in from secondaries or ISP server to DNS server 

D. Block all UDP traffic 

Answer: C

Explanation: According to the exhibit, the question is regarding the DNS Zone Transfer. Since Zone Transfers are done with TCP port 53, you should not allow this connect external to you organization. 


Q438. SSL has been as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to Point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between Point A to Point B? 

A. SSL is redundant if you already have IDS’s in place 

B. SSL will trigger rules at regular interval and force the administrator to turn them off 

C. SSL will make the content of the packet and Intrusion Detection System are blinded 

D. SSL will slow down the IDS while it is breaking the encryption to see the packet content 

Answer:

Explanation: An IDS will not be able to evaluate the content in the packets if it is encrypted. 


Q439. Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes? 

A. A hidden form field value. 

B. A hidden price value. 

C. An integer variable. 

D. A page cannot be changed locally, as it is served by a web server. 

Answer: A


Q440. nn would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. 

Which of the following type of scans would be the most accurate and reliable option? 

A. A half-scan 

B. A UDP scan 

C. A TCP Connect scan 

D. A FIN scan 

Answer: C

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. Example of a three-way handshake followed by a reset: Source Destination Summary 

[192.168.0.8] [192.168.0.10] TCP: D=80 S=49389 SYN SEQ=3362197786 LEN=0 WIN=5840 

[192.168.0.10] [192.168.0.8] TCP: D=49389 S=80 SYN ACK=3362197787 SEQ=58695210 LEN=0 WIN=65535 

[192.168.0.8]

 [192.168.0.10] TCP: D=80 S=49389 ACK=58695211 WIN<<2=5840 

[192.168.0.8]

 [192.168.0.10] TCP: D=80 S=49389 RST ACK=58695211 WIN<<2=5840