Getting the actual EC-Council EC-Council certification is the dream of several IT aspirants. However passing the EC-Council 312-50 exam just isnt an straightforward task with no any valuable preparatory materials. The very first step would be to find a great abundant resource for the EC-Council 312-50 exam preparation. Right now Testking comes that may help you. The 312-50 exam furthermore names EC-Council EC-Council exam which is a EC-Council certification. And also Testking provides you with every one of the EC-Council certification exam products such as the EC-Council 312-50 exam demos.

2021 Mar 312-50 exam answers

Q21. You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assesments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation? 

A. Reconfigure the firewall 

B. Conduct a needs analysis 

C. Install a network-based IDS 

D. Enforce the corporate security policy 

Answer: D

Explanation: The security policy is meant to always be followed until changed. If a need rises to perform actions that might violate the security policy you’ll have to find another way to accomplish the task or wait until the policy has been changed. 


Q22. SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. 

The signature for SYN Flood attack is: 

A. The source and destination address having the same value. 

B. The source and destination port numbers having the same value. 

C. A large number of SYN packets appearing on a network without the corresponding reply packets. 

D. A large number of SYN packets appearing on a network with the corresponding reply packets. 

Answer: C

Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process" queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. 


Q23. A POP3 client contacts the POP3 server: 

A. To send mail 

B. To receive mail 

C. to send and receive mail 

D. to get the address to send mail to 

E. initiate a UDP SMTP connection to read mail 

Answer:

Explanation: POP is used to receive e-mail.SMTP is used to send e-mail. 


Q24. John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the logfiles to investigate the attack. 

Take a look at the following Linux logfile snippet. The hacker compromised and "owned" a Linux machine. What is the hacker trying to accomplish here? 

[root@apollo /]# rm rootkit.c 

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; 

rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm - rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; 

rm /sbin/por359 ? 00:00:00 inetd 359 ? 00:00:00 inetd 

rm: cannot remove `/tmp/h': No such file or directory 

rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 

[root@apollo /]# ps -aux | grep portmap 

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm 

/sbin/portmap ; 

rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm - rf 

/usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 

inetd 

rm: cannot remove `/sbin/portmap': No such file or directory 

rm: cannot remove `/tmp/h': No such file or directory 

>rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 

[root@apollo /]# rm: cannot remove `/sbin/portmap': No such file or directory 

A. The hacker is planting a rootkit 

B. The hacker is trying to cover his tracks 

C. The hacker is running a buffer overflow exploit to lock down the system 

D. The hacker is attempting to compromise more machines on the network 

Answer:

Explanation: By deleting temporary directories and emptying like bash_history that contains the last commands used with the bash shell he is trying to cover his tracks. 


Q25. You are doing IP spoofing while you scan your target. You find that the target has port 23 open.Anyway you are unable to connect. Why? 

A. A firewall is blocking port 23 

B. You cannot spoof + TCP 

C. You need an automated telnet tool 

D. The OS does not reply to telnet even if port 23 is open 

Answer: A

Explanation: The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of three states – “open”, “closed”, or “filtered” a port can be in an “open” state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for bsd). C and D to make any sense for this question, their bogus, and B, “You cannot spoof + TCP”, well you can spoof + TCP, so we strike that out. 


Most recent 312-50 free practice questions:

Q26. Which definition below best describes a covert channel? 

A. Making use of a Protocol in a way it was not intended to be used 

B. It is the multiplexing taking place on communication link 

C. It is one of the weak channels used by WEP that makes it insecure 

D. A Server Program using a port that is not well known 

Answer: A

Explanation: A covert channel is a hidden communication channel not intended for information transfer at all. Redundancy can often be used to communicate in a covert way. There are several ways that hidden communication can be set up. 


Q27. Jack Hackers wants to break into Brown’s Computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co. pretending to be an administrator from Brown Co. Jack tell Jane that there has been a problem with some accounts and asks her to verify her password with him “just to double check our records”. Jane does not suspect anything amiss and parts her password. Jack can now access Brown Co.’s computer with a valid username and password to steal the cookie recipe. What kind of attack is being illustrated here? 

A. Faking Identity 

B. Spoofing Identity 

C. Social Engineering 

D. Reverse Psychology 

E. Reverse Engineering 

Answer: C

Explanation: Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim. 


Q28. As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? 

Select the best answers. 

A. Use the same machines for DNS and other applications 

B. Harden DNS servers 

C. Use split-horizon operation for DNS servers 

D. Restrict Zone transfers 

E. Have subnet diversity between DNS servers 

Answer: BCDE

Explanations: 

A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called split-horizon operation). Zone transfers should only be accepted from authorized DNS servers. By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down. 


Q29. When discussing passwords, what is considered a brute force attack? 

A. You attempt every single possibility until you exhaust all possible combinations or discover the password 

B. You threaten to use the rubber hose on someone unless they reveal their password 

C. You load a dictionary of words into your cracking program 

D. You create hashes of a large number of words and compare it with the encrypted passwords 

E. You wait until the password expires 

Answer: A

Explanation: Brute force cracking is a time consuming process where you try every possible combination of letters, numbers, and characters until you discover a match. 


Q30. All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ? 

A. They are all Windows based webserver 

B. They are all Unix based webserver 

C. The company is not using IDS 

D. The company is not using a stateful firewall 

Answer: D

Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK.