It is more faster and easier to pass the EC-Council 312-50 exam by using High value EC-Council Ethical Hacking and Countermeasures (CEHv6) questuins and answers. Immediate access to the Far out 312-50 Exam and find the same core area 312-50 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Mar 312-50 exam question

Q221. Microsoft Authenticode technology is used for: 

A. Digital Signing Activex controls 

B. Digitally signing SSL Certificates 

C. Digitally Signing JavaScript Files 

D. Digitally Signing Java Applets 

Answer: A

Explanation: Authenticode identifies the publisher of signed software and verifies that it hasn't been tampered with, before users download software to their PCs. As a result, end users can make a more informed decision as to whether or not to download code. Authenticode relies on digital certificates and is based on specifications that have been used successfully in the industry for some time, including Public Key Cryptography Standards (PKCS) #7 (encrypted key specification), PKCS #10 (certificate request formats), X.509 (certificate specification), and Secure Hash Algorithm (SHA) and MD5 hash algorithms. 


Q222. War dialing is a very old attack and depicted in movies that were made years ago. 

Why would a modem security tester consider using such an old technique? 

A. It is cool, and if it works in the movies it must work in real life. 

B. It allows circumvention of protection mechanisms by being on the internal network. 

C. It allows circumvention of the company PBX. 

D. A good security tester would not use such a derelict technique. 

Answer: B

Explanation: If you are lucky and find a modem that answers and is connected to the target network, it usually is less protected (as only employees are supposed to know of its existence) and once connected you don’t need to take evasive actions towards any firewalls or IDS. 


Q223. Samuel is high school teenager who lives in Modesto California. Samuel is a straight ‘A’ student who really likes tinkering around with computers and other types of electronic devices. Samuel just received a new laptop for his birthday and has been configuring it ever since. While tweaking the registry, Samuel notices a pop up at the bottom of his screen stating that his computer was now connected to a wireless network. All of a sudden, he was able to get online and surf the Internet. 

Samuel did some quick research and was able to gain access to the wireless router he was connecting to and see al of its settings? Being able to hop onto someone else’s wireless network so easily fascinated Samuel so he began doing more and more research on wireless technologies and how to exploit them. The next day Samuel’s fried said that he could drive around all over town and pick up hundred of wireless networks. This really excited Samuel so they got into his friend’s car and drove around the city seeing which networks they could connect to and which ones they could not. 

What has Samuel and his friend just performed? 

A. Wardriving 

B. Warwalking 

C. Warchalking 

D. Webdriving 

Answer: A

Explanation: Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect the networks. It was also known (as of 2002) as "WiLDing" (Wireless Lan Driving, although this term never gained any popularity and is no longer used), originating in the San Francisco Bay Area with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio. 

Topic 18, Linux Hacking 

437. Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library. 

What is the name of this library? 

A. NTPCAP 

B. LibPCAP 

C. WinPCAP 

D. PCAP 

Answer: C

Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture. 


Q224. Marshall is the information security manager for his company. Marshall was just hired on two months ago after the last information security manager retired. Since the last manager did not implement or even write IT policies, Marshall has begun writing IT security policies to cover every conceivable aspect. Marshall's supervisor has informed him that while most employees will be under one set of policies, ten other employees will be under another since they work on computers in publicly-accessible areas. Per his supervisor, Marshall has written two sets of policies. For the users working on publicly-accessible computers, their policies state that everything is forbidden. They are not allowed to browse the Internet or even use email. The only thing they can use is their work related applications like Word and Excel. 

What types of policies has Marshall written for the users working on computers in the publicly-accessible areas? 

A. He has implemented Permissive policies for the users working on public computers 

B. These types of policies would be considered Promiscuous policies 

C. He has written Paranoid policies for these users in public areas 

D. Marshall has created Prudent policies for the computer users in publicly-accessible areas 

Answer: C

Explanation: It says that everything is forbidden, this means that there is a Paranoid Policy implemented 


Q225. Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan? 

A. It is a network fault and the originating machine is in a network loop 

B. It is a worm that is malfunctioning or hardcoded to scan on port 500 

C. The attacker is trying to detect machines on the network which have SSL enabled 

D. The attacker is trying to determine the type of VPN implementation and checking for IPSec 

Answer: D

Explanation: Port 500 is used by IKE (Internet Key Exchange). This is typically used for IPSEC-based VPN software, such as Freeswan, PGPnet, and various vendors of in-a-box VPN solutions such as Cisco. IKE is used to set up the session keys. The actual session is usually sent with ESP (Encapsulated Security Payload) packets, IP protocol 50 (but some in-a-box VPN's such as Cisco are capable of negotiating to send the encrypted tunnel over a UDP channel, which is useful for use across firewalls that block IP protocols other than TCP or UDP). 


Update 312-50 free question:

Q226. Mark works as a contractor for the Department of Defense and is in charge of network security. He has spent the last month securing access to his network from all possible entry points. He has segmented his network into several subnets and has installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Mark is fairly confident of his perimeter defense, but is still worried about programs like Hping2 that can get into a network through convert channels. 

How should mark protect his network from an attacker using Hping2 to scan his internal network? 

A. Blocking ICMP type 13 messages 

B. Block All Incoming traffic on port 53 

C. Block All outgoing traffic on port 53 

D. Use stateful inspection on the firewalls 

Answer: A

Explanation: An ICMP type 13 message is an ICMP timestamp request and waits for an ICMP timestamp reply. The remote node is right to do, still it would not be necessary as it is optional and thus many ip stacks ignore such packets. Nevertheless, nmap again achived to make its packets unique by setting the originating timestamp field in the packet to 0. 


Q227. If you send a SYN to an open port, what is the correct response?(Choose all correct answers. 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

Answer: AB

Explanation: The proper response is a SYN / ACK. This technique is also known as half-open scanning. 


Q228. One of your team members has asked you to analyze the following SOA record. What is the TTL? 

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400. 

A. 200303028 

B. 3600 

C. 604800 

D. 2400 

E. 60 

F. 4800 

Answer: D

Explanation: The SOA includes a timeout value. This value can tell an attacker how long any DNS "poisoning" would last. It is the last set of numbers in the record. 


Q229. Exhibit: * Missing* 

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet? 

A. Port 1890 (Net-Devil Trojan) 

B. Port 1786 (Net-Devil Trojan) 

C. Port 1909 (Net-Devil Trojan) 

D. Port 6667 (Net-Devil Trojan) 

Answer: D

Explanation: From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's. 


Q230. Theresa is an IT security analyst working for the United Kingdom Internet Crimes Bureau in London. Theresa has been assigned to the software piracy division which focuses on taking down individual and organized groups that distribute copyrighted software illegally. Theresa and her division have been responsible for taking down over 2,000 FTP sites hosting copyrighted software. Theresa's supervisor now wants her to focus on finding and taking down websites that host illegal pirated software. What are these sights called that Theresa has been tasked with taking down? 

A. These sites that host illegal copyrighted software are called Warez sites 

B. These sites that Theresa has been tasked to take down are called uTorrent sites 

C. These websites are referred to as Dark Web sites 

D. Websites that host illegal pirated versions of software are called Back Door sites 

Answer: A

Explanation: The Warez scene, often referred to as The Scene (often capitalized) is a term of self-reference used by a community that specializes in the underground distribution of pirated content, typically software but increasingly including movies and music.