Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.
Q161. Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports?
Explanation: Port 135 is for RPC and 136-139 is for NetBIOS traffic. SMB is an upper layer service that runs on top of the Session Service and the Datagram service of NetBIOS.
Q162. You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check for security reasons?
What is the length of the MD5 hash?
A. 32 bit
B. 64 byte
C. 48 char
D. 128 kb
Q163. You are concerned that someone running PortSentry could block your scans, and you decide to slow your scans so that no one detects them. Which of the following commands will help you achieve this?
A. nmap -sS -PT -PI -O -T1 <ip address>
B. nmap -sO -PT -O -C5 <ip address>
C. nmap -sF -PT -PI -O <ip address>
D. nmap -sF -P0 -O <ip address>
Explanation: -T[0-5]: Set timing template (higher is faster)
Q164. Which of the following is not considered to be a part of active sniffing?
A. MAC Flooding
B. ARP Spoofing
C. SMAC Fueling
D. MAC Duplicating
Q165. Sabotage, Advertising and Covering are the three stages of _____
A. Social engineering
B. Reverse Social Engineering
C. Reverse Software Engineering
D. Rapid Development Engineering
Explanation: Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker.
Q166. You are the security administrator for a large online auction company based out of Los Angeles. After getting your ENSA CERTIFICATION last year, you have steadily been fortifying your network’s security including training OS hardening and network security. One of the last things you just changed for security reasons was to modify all the built-in administrator accounts on the local computers of PCs and in Active Directory. After through testing you found and no services or programs were affected by the name changes.
Your company undergoes an outside security audit by a consulting company and they said that even through all the administrator account names were changed, the accounts could still be used by a clever hacker to gain unauthorized access. You argue with the auditors and say that is not possible, so they use a tool and show you how easy it is to utilize the administrator account even though its name was changed.
What tool did the auditors use?
Explanation: User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more.
Q167. What ICMP message types are used by the ping command?
A. Timestamp request (13) and timestamp reply (14)
B. Echo request (8) and Echo reply (0)
C. Echo request (0) and Echo reply (1)
D. Ping request (1) and Ping reply (2)
Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo
Q168. What do you call a pre-computed hash?
A. Sun tables
B. Apple tables
C. Rainbow tables
D. Moon tables
Q169. How do you defend against DHCP Starvation attack?
A. Enable ARP-Block on the switch
B. Enable DHCP snooping on the switch
C. Configure DHCP-BLOCK to 1 on the switch
D. Install DHCP filters on the switch to block this attack
Q170. Which of the following is NOT part of CEH Scanning Methodology?
A. Check for Live systems
B. Check for Open Ports
C. Banner Grabbing
D. Prepare Proxies
E. Social Engineering attacks
F. Scan for Vulnerabilities
G. Draw Network Diagrams