It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Rebirth Ethical Hacking and Countermeasures (CEHv6) practice guides.

Q11. NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish? 

nslookup 

> server <ipaddress> 

> set type =any 

> ls -d <target.com> 

A. Enables DNS spoofing 

B. Loads bogus entries into the DNS table 

C. Verifies zone security 

D. Performs a zone transfer 

E. Resets the DNS cache 

Answer: D

Explanation: If DNS has not been properly secured, the command sequence displayed above will perform a zone transfer. 


Q12. You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges? 

A. Administrator 

B. IUSR_COMPUTERNAME 

C. LOCAL_SYSTEM 

D. Whatever account IIS was installed with 

Answer: C

Explanation: If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM. 


Q13. What makes web application vulnerabilities so aggravating? (Choose two) 

A. They can be launched through an authorized port. 

B. A firewall will not stop them. 

C. They exist only on the Linux platform. 

D. They are detectable by most leading antivirus software. 

Answer: AB

Explanation: As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack. 


Q14. One of the most common and the best way of cracking RSA encryption is to being to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _________________ process, then the private key can be derived. 

A. Factorization 

B. Prime Detection 

C. Hashing 

D. Brute-forcing 

Answer: A

Explanation: In April 1994, an international cooperative group of mathematicians and computer scientists solved a 17-year-old challenge problem, the factoring of a 129-digit number, called RSA-129, into two primes. That is, RSA-129 = 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 = 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. Se more at http://en.wikipedia.org/wiki/RSA_Factoring_Challenge 


Q15. One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out? 

Select the best answers. 

A. John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. 

B. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. 

C. SYSKEY is an effective countermeasure. 

D. If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899. 

E. Enforcing Windows complex passwords is an effective countermeasure. 

Answer: ACE

Explanations: 

John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. John the Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output doesn't show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to "send NTLMv2 responses only". SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7 characters or less, the has will be passed with the following characters: 0xAAD3B435B51404EE Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case, lower case, special characters, and numbers. 


Q16. You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of what protocols are being used. You need to discover as many different protocols as possible. Which kind of scan would you use to do this? 

A. Nmap with the –sO (Raw IP packets) switch 

B. Nessus scan with TCP based pings 

C. Nmap scan with the –sP (Ping scan) switch 

D. Netcat scan with the –u –e switches 

Answer: A

Explanation: Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified. 


Q17. Why would an attacker want to perform a scan on port 137? 

A. To discover proxy servers on a network 

B. To disrupt the NetBIOS SMB service on the target host 

C. To check for file and print sharing on Windows systems 

D. To discover information about a target host using NBTSTAT 

Answer: D

Explanation: Microsoft encapsulates netbios information within TCP/Ip using ports 135-139. It is trivial for an attacker to issue the following command: 

nbtstat -A (your Ip address) from their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders). 


Q18. Dave has been assigned to test the network security of Acme Corp. The test was announced to the employees. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a sand clock to mark the progress of the test. Dave successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond? 

A. The attack did not fall through as the firewall blocked the traffic 

B. The attack was social engineering and the firewall did not detect it 

C. The attack was deception and security was not directly compromised 

D. Security was not compromised as the webpage was hosted internally 

Answer: B

Explanation: This was just another way to trick the information out of the users without the need to hack into any systems. All traffic is outgoing and initiated by the user so the firewall will not react. 


Q19. This kind of password cracking method uses word lists in combination with numbers and special characters: 

A. Hybrid 

B. Linear 

C. Symmetric 

D. Brute Force 

Answer: A

Explanation: A Hybrid (or Hybrid Dictionary) Attack uses a word list that it modifies slightly to find passwords that are almost from a dictionary (like St0pid) 


Q20. What type of attack changes its signature and/or payload to avoid detection by antivirus programs? 

A. Polymorphic 

B. Rootkit C. Boot sector 

D. File infecting 

Answer: A

Explanation: In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact. This technique is sometimes used by computer viruses, shellcodes and computer worms to hide their presence.