Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.

2021 Apr 312-50 exam question

Q341. If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False). 

A. True 

B. False 


Explanation: When and ACK is sent to an open port, a RST is returned. 

Q342. Steven works as a security consultant and frequently performs penetration tests for Fortune 500 companies. Steven runs external and internal tests and then creates reports to show the companies where their weak areas are. Steven always signs a non-disclosure agreement before performing his tests. What would Steven be considered? 

A. Whitehat Hacker 

B. BlackHat Hacker 

C. Grayhat Hacker 

D. Bluehat Hacker 

Answer: A

Explanation: A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them. 

Q343. Daryl is a network administrator working for Dayton Technologies. Since Daryl’s background is in web application development, many of the programs and applications his company uses are web-based. Daryl sets up a simple forms-based logon screen for all the applications he creates so they are secure. 

The problem Daryl is having is that his users are forgetting their passwords quite often and sometimes he does not have the time to get into his applications and change the passwords for them. Daryl wants a tool or program that can monitor web-based passwords and notify him when a password has been changed so he can use that tool whenever a user calls him and he can give them their password right then. 

What tool would work best for Daryl’s needs? 

A. Password sniffer 

B. L0phtcrack 

C. John the Ripper 

D. WinHttrack 


Explanation: L0phtCrack is a password auditing and recovery application (now called LC5), originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords. John the Ripper is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customisable cracker. It can be run against various encrypted password formats including several crypt password hash types WinHttrack is a offline browser. A password sniffer would give Daryl the passwords when they are changed as it is a web based authentication over a simple form but still it would be more correct to give the users new passwords instead of keeping a copy of the passwords in clear text. 

Q344. Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP? 

Select the best answer. 

A. Stands for Wireless Encryption Protocol 

B. It makes a WLAN as secure as a LAN 

C. Stands for Wired Equivalent Privacy 

D. It offers end to end security 



WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired, this makes access much easier. Also, WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network. 

Q345. Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean? 

A. This response means the port he is scanning is open. 

B. The RST/ACK response means the port Fred is scanning is disabled. 

C. This means the port he is scanning is half open. 

D. This means that the port he is scanning on the host is closed. 

Answer: D

Replace 312-50 test questions:

Q346. What are the default passwords used by SNMP?(Choose two.) 

A. Password 

B. SA 

C. Private 

D. Administrator 

E. Public 

F. Blank 

Answer: CE

Explanation: Besides the fact that it passes information in clear text, SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP. 

Q347. You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. 

What should be the next logical step that should be performed? 

A. Connect to open ports to discover applications. 

B. Perform a ping sweep to identify any additional systems that might be up. 

C. Perform a SYN scan on port 21 to identify any additional systems that might be up. 

D. Rescan every computer to verify the results. 

Answer: C

Explanation: As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems. 

Q348. What is the correct command to run Netcat on a server using port 56 that spawns command shell when connected? 

A. nc -port 56 -s cmd.exe 

B. nc -p 56 -p -e shell.exe 

C. nc -r 56 -c cmd.exe 

D. nc -L 56 -t -e cmd.exe 

Answer: D

Q349. Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction? 

A. They are using UDP that is always authorized at the firewall 

B. They are using an older version of Internet Explorer that allow them to bypass the proxy server 

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access 

D. They are using tunneling software that allows them to communicate with protocols in a way it was not intended 

Answer: D

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic. 

Q350. You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks? 

A. System services 

B. EXEC master access 

C. xp_cmdshell 


Answer: C