Want to know Exambible 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Exact EC-Council 312-50 answers to Up to date 312-50 questions at Exambible. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

2021 Mar 312-50 latest exam

Q271. You have installed antivirus software and you want to be sure that your AV signatures are working correctly. You don't want to risk the deliberate introduction of a live virus to test the AV software. You would like to write a harmless test virus, which is based on the European Institute for Computer Antivirus Research format that can be detected by the AV software. 

How should you proceed? 

A. Type the following code in notepad and save the file as SAMPLEVIRUS.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

B. Type the following code in notepad and save the file as AVFILE.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

C. Type the following code in notepad and save the file as TESTAV.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

D. Type the following code in notepad and save the file as EICAR.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

Answer: D

Explanation: The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative. 


Q272. An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS? 

Select the best answer. 

A. Firewalk 

B. Manhunt 

C. Fragrouter 

D. Fragids 

Answer:

Explanations: 

Firewalking is a way to disguise a portscan. Thus, firewalking is not a tool, but a method of conducting a port scan in which it can be hidden from some firewalls. Synamtec Man-Hunt is an IDS, not a tool to evade an IDS. Fragrouter is a tool that can take IP traffic and fragment it into multiple pieces. There is a legitimate reason that fragmentation is done, but it is also a technique that can help an attacker to evade detection while Fragids is a made-up tool and does not exist. 


Q273. What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim? 

A. Fraggle Attack 

B. Man in the Middle Attack 

C. Trojan Horse Attack 

D. Smurf Attack 

E. Back Orifice Attack 

Answer: D

Explanation: Trojan and Back orifice are Trojan horse attacks. Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP's capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address. 

Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf". 


Q274. You want to scan the live machine on the LAN, what type of scan you should use? 

A. Connect 

B. SYN 

C. TCP 

D. UDP 

E. PING 

Answer: E

Explanation: The ping scan is one of the quickest scans that nmap performs, since no actual ports are queried. Unlike a port scan where thousands of packets are transferred between two stations, a ping scan requires only two frames. This scan is useful for locating active devices or determining if ICMP is passing through a firewall. 


Q275. Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit. 

You can visit Web sites without allowing anyone to gather information on sites visited by you. Services that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address. 

These services typically use a proxy server to process each HTTP request. When the user requests a Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the information using its own server. The remote server (where the requested Web page resides) receives information on the anonymous Web surfing service in place of your information. 

In which situations would you want to use anonymizer? (Select 3 answers) 

A. Increase your Web browsing bandwidth speed by using Anonymizer 

B. To protect your privacy and Identity on the Internet 

C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit. 

D. Post negative entries in blogs without revealing your IP identity 

Answer: BCD


Updated 312-50 exam cram:

Q276. Jake is a network administrator who needs to get reports from all the computer and network devices on his network. Jake wants to use SNMP but is afraid that won't be secure since passwords and messages are in clear text. How can Jake gather network information in a secure manner? 

A. He can use SNMPv3 

B. Jake can use SNMPrev5 

C. He can use SecWMI 

D. Jake can use SecSNMP 

Answer: A


Q277. This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. 

<ahref="http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js %22%3E%3C/script%3E">See foobar</a> 

What is this attack? 

A. Cross-site-scripting attack 

B. SQL Injection 

C. URL Traversal attack 

D. Buffer Overflow attack 

Answer: A


Q278. Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces? 

A. Snow 

B. Gif-It-Up 

C. NiceText 

D. Image Hide 

Answer: A

Explanation: The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected. 


Q279. Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS? 

A. SYN scan 

B. ACK scan 

C. RST scan 

D. Connect scan 

E. FIN scan 

Answer:

Explanation: The TCP full connect (-sT) scan is the most reliable. 


Q280. You are footprinting an organization to gather competitive intelligence. You visit the company’s website for contact information and telephone numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but not it is not there. 

How would it be possible for you to retrieve information from the website that is outdated? 

A. Visit google’s search engine and view the cached copy. 

B. Visit Archive.org web site to retrieve the Internet archive of the company’s website. 

C. Crawl the entire website and store them into your computer. 

D. Visit the company’s partners and customers website for this information. 

Answer: B

Explanation:

Explanation: Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that's the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org