312-50 is an excellent qualifications audit to take up in an effort to contain a flourishing employment within EC-Council. Theres lots of on the net training that is going to motivate you to create well to the 312-50 audit. Youll be able to get a full set of questions. A good 312-50 practice audit will cover most style of questions requested within the 312-50 audit all this would give a superb emulator of your real 312-50 test out.

2021 Mar 312-50 question

Q351. The network administrator at Spears Technology, Inc has configured the default gateway Cisco Router’s access-list as below: 

You are tried to conduct security testing on their network. You successfully brute-force for SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection. 

You want to retrieve the Cisco Configuration from the router. How would you proceed? 

A. Send a customized SNMP set request with spoofed source IP Address in the range-

192.168.1.0 

B. Run a network sniffer and capture the returned traffic with the configuration file from the router 

C. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address 

D. Use the Cisco’s TFTP default password to connect and download the configuration file 

Answer: AB

Explanation: SNMP is allowed only by access-list 1. Therefore you need to spoof a 192.168.1.0/24 address and then sniff the reply from the gateway. 


Q352. Shayla is an IT security consultant, specializing in social engineering and external penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the Department of Defense. Shayla has been given authority to perform any and all tests necessary to audit the company's network security. 

No employees for the company, other than the IT director, know about Shayla's work she will be doing. Shayla's first step is to obtain a list of employees through company website contact pages. Then she befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Shayla is able to gain her trust and they become friends. One day, Shayla steals the employee's access badge and uses it to gain unauthorized access to the Treks Avionics offices. 

What type of insider threat would Shayla be considered? 

A. She would be considered an Insider Affiliate 

B. Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate 

C. Shayla is an Insider Associate since she has befriended an actual employee 

D. Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider 

Answer: A


Q353. Exhibit: 

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal? 

A. har.txt 

B. SAM file 

C. wwwroot 

D. Repair file 

Answer:

Explanation: He is actually trying to get the file har.txt but this file contains a copy of the SAM file. 


Q354. What does the term “Ethical Hacking” mean? 

A. Someone who is hacking for ethical reasons. 

B. Someone who is using his/her skills for ethical reasons. 

C. Someone who is using his/her skills for defensive purposes. 

D. Someone who is using his/her skills for offensive purposes. 

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. 


Q355. You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet? 

[ceh]# ping 10.2.3.4 

PING 10.2.3.4 (10.2.3.4) from 10.2.3.80 : 56(84) bytes of data. 

--- 10.2.3.4 ping statistics ---

3 packets transmitted, 0 packets received, 100% packet loss 

[ceh]# ./hping2 -c 4 -n -i 2 10.2.3.4 

HPING 10.2.3.4 (eth0 10.2.3.4): NO FLAGS are set, 40 headers + 

0 data bytes 

len=46 ip=10.2.3.4 flags=RA seq=0 ttl=128 id=54167 win=0 rtt=0.8 ms 

len=46 ip=10.2.3.4 flags=RA seq=1 ttl=128 id=54935 win=0 rtt=0.7 ms 

len=46 ip=10.2.3.4 flags=RA seq=2 ttl=128 id=55447 win=0 rtt=0.7 ms 

len=46 ip=10.2.3.4 flags=RA seq=3 ttl=128 id=55959 win=0 rtt=0.7 ms 

--- 10.2.3.4 hping statistic ---

4 packets tramitted, 4 packets received, 0% packet loss 

round-trip min/avg/max = 0.7/0.8/0.8 ms 

A. ping packets cannot bypass firewalls 

B. you must use ping 10.2.3.4 switch 

C. hping2 uses TCP instead of ICMP by default 

D. hping2 uses stealth TCP packets to connect 

Answer: C

Explanation: Default protocol is TCP, by default hping2 will send tcp headers to target host's port 0 with a winsize of 64 without any tcp flag on. Often this is the best way to do an 'hide ping', useful when target is behind a firewall that drop ICMP. Moreover a tcp null-flag to port 0 has a good probability of not being logged. 


Far out 312-50 download:

Q356. You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. What can you do to solve this problem? 

A. Install a network-based IDS 

B. Reconfigure the firewall 

C. Conduct a needs analysis 

D. Enforce your security policy 

Answer:

Explanation: The employee was unaware of security policy. 


Q357. You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner? 

A. Convert the Trojan.exe file extension to Trojan.txt disguising as text file 

B. Break the Trojan into multiple smaller files and zip the individual pieces 

C. Change the content of the Trojan using hex editor and modify the checksum 

D. Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1 

Answer: A


Q358. Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here? 

A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan 

B. She is utilizing a SYN scan to find live hosts that are listening on her network 

C. The type of scan, she is using is called a NULL scan 

D. Hayden is using a half-open scan to find live hosts on her network 

Answer: D


Q359. Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices, which would otherwise be unable to communicate a means to notify administrators of problems or performance. 

What default port Syslog daemon listens on? 

A. 242 

B. 312 

C. 416 

D. 514 

Answer: D


Q360. What does the following command achieve? 

Telnet <IP Address> <Port 80> 

HEAD /HTTP/1.0 

<Return> 

<Return> 

A. This command returns the home page for the IP address specified 

B. This command opens a backdoor Telnet session to the IP address specified 

C. This command returns the banner of the website specified by IP address 

D. This command allows a hacker to determine the sites security 

E. This command is bogus and will accomplish nothing 

Answer: C

Explanation: This command is used for banner grabbing. Banner grabbing helps identify the service and version of web server running.