Want to know Examcollection 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Approved EC-Council 312-50 answers to Latest 312-50 questions at Examcollection. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

2021 Mar 312-50 practice

Q401. Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this? 

A. Jayden can use the command: ip binding set. 

B. Jayden can use the command: no ip spoofing. 

C. She should use the command: no dhcp spoofing. 

D. She can use the command: ip dhcp snooping binding. 

Answer: D

Q402. Which of the following nmap command in Linux procedures the above output? 

A. sudo nmap –sP 

B. root nmap –sA 

C. run nmap –TX 

D. launch nmap –PP 

Answer: A

Explanation: This is an output from a ping scan. The option –sP will give you a ping scan of the network. 

Topic 4, Enumeration 

129. Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports? 

A. Finger 


C. Samba 


Answer: D

Explanation: The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445. 

Q403. Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program. However, he is aware that not all inbound ports on the firewall are in the open state. 

From the list given below, identify the port that is most likely to be open and allowed to reach the server that Carl has just compromised. 

A. 53 

B. 110 

C. 25 

D. 69 

Answer: A

Explanation: Port 53 is used by DNS and is almost always open, the problem is often that the port is opened for the hole world and not only for outside DNS servers. 

Q404. uffer X is an Accounting application module for company can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted. Dave decided to insert 400 characters into the 200-character buffer which overflows the buffer. Below is the code snippet: 

Void func (void) 

{int I; char buffer [200]; 

for (I=0; I<400; I++) 

buffer (I)= ‘A’; 


How can you protect/fix the problem of your application as shown above? (Choose two) 

A. Because the counter starts with 0, we would stop when the counter is less then 200. 

B. Because the counter starts with 0, we would stop when the counter is more than 200. 

C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data. 

D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data. 

Answer: AC

Explanation: I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200. 

Q405. You are configuring the security options of your mail server and you would like to block certain file attachments to prevent viruses and malware from entering the users inbox. 

Which of the following file formats will you block? 

(Select up to 6) 

A. .txt 

B. .vbs 

C. .pif 

D. .jpg 

E. .gif 

F. .com 

G. .htm 

H. .rar 

I. .scr 

J. .exe 

Answer: BCEFIJ

Explanation: http://office.microsoft.com/en-us/outlook/HP030850041033.aspx 

Renovate 312-50 exam engine:

Q406. If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response? 

A. 31400 

B. 31402 

C. The zombie will not send a response 

D. 31401 

Answer: D


Drag the application to match with its correct description. 



Q408. In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them: 

FIN = 1 SYN = 2 RST = 4 PSH = 8 ACK = 16 URG = 32 ECE = 64 CWR = 128 

Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters. 

What is Jason trying to accomplish here? 





Answer: B

Q409. James is an IT security consultant as well as a certified ethical hacker. James has been asked to audit the network security of Yerta Manufacturing, a tool manufacturing company in Phoenix. James performs some initial external tests and then begins testing the security from inside the company's network. 

James finds some big problems right away; a number of users that are working on Windows XP computers have saved their usernames and passwords used to connect to servers on the network. This way, those users do not have to type in their credentials every time they want access to a server. James tells the IT manager of Yerta Manufacturing about this, and the manager does not believe this is possible on Windows XP. To prove his point, James has a user logon to a computer and then James types in a command that brings up a window that says "Stored User Names and Passwords". 

What command did James type in to get this window to come up? 

A. To bring up this stored user names and passwords window, James typed in "rundll32.exe storedpwd.dll, ShowWindow" 

B. James had to type in "rundll32.exe keymgr.dll, KRShowKeyMgr" to get the window to pop up 

C. James typed in the command "rundll32.exe storedpwd.dll" to get the Stored User Names and Passwords window to come up 

D. The command to bring up this window is "KRShowKeyMgr" 

Answer: B

Explanation: The Stored User Names and Passwords applet lets you assign user names and passwords to use when needing to authenticate yourself to services in domains other than the one you are currently logged into. The normal way of running this applet can be difficult to find quickly, so here is a way to launch it using a desktop shortcut using the rundll32.exe program: 

Click on START - RUN and type the following (follwed by ENTER): rundll32.exe 



Q410. ABC.com is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purpose. This could lead to prosecution for the sender and for the company’s directors if, for example, outgoing email was found to contain material that was pornographic, racist or likely to incite someone to commit an act of terrorism. 

You can always defend yourself by “ignorance of the law” clause. 

A. True 

B. False 

Answer: B

Explanation: Ignorantia juris non excusat or Ignorantia legis neminem excusat (Latin for "ignorance of the law does not excuse" or "ignorance of the law excuses no one") is a public policy holding that a person who is unaware of a law may not escape liability for violating that law merely because he or she was unaware of its content; that is, persons have presumed knowledge of the law. Presumed knowledge of the law is the principle in jurisprudence that one is bound by a law even if one does not know of it. It has also been defined as the "prohibition of ignorance of the law". 

Topic 2, Footprinting