Proper study guides for Replace EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the Realistic 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.

Q71. Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies. 

What do you think is the main reason behind the significant increase in hacking attempts over the past years? 

A. It is getting more challenging and harder to hack for non technical people. 

B. There is a phenomenal increase in processing power. 

C. New TCP/IP stack features are constantly being added. 

D. The ease with which hacker tools are available on the Internet. 

Answer:

Explanation: Today you don’t need to be a good hacker in order to break in to various systems, all you need is the knowledge to use search engines on the internet. 


Q72. Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com'. The application displays server error. What is wrong with the web application? 

A. The email is not valid 

B. User input is not sanitized 

C. The web server may be down 

D. The ISP connection is not reliable 

Answer: B

Explanation: All input from web browsers, such as user data from HTML forms and cookies, must be stripped of special characters and HTML tags as described in the following CERT advisories: http://www.cert.org/advisories/CA-1997-25.html http://www.cert.org/advisories/CA-2000-02.html 


Q73. Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this? 

A. The services are protected by TCP wrappers 

B. There is a honeypot running on the scanned machine 

C. An attacker has replaced the services with trojaned ones 

D. This indicates that the telnet and SMTP server have crashed 

Answer: A

Explanation: TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes. 


Q74. You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as? 

A. Footprinting 

B. Firewalking 

C. Enumeration 

D. Idle scanning 

Answer: B

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 


Q75. Gerald is a Certified Ethical Hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit of the company's network. One of the company's primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company's home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses a session hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client's session; he simply monitors the traffic that passes between it and the server. 

What type of session attack is Gerald employing here? 

A. He is utilizing a passive network level hijack to see the session traffic used to communicate between the two devices 

B. Gerald is using a passive application level hijack to monitor the client and server traffic 

C. This type of attack would be considered an active application attack since he is actively monitoring the traffic 

D. This type of hijacking attack is called an active network attack 

Answer: C

Explanation: Session Hijacking is an active attack 


Q76. What is the proper response for a NULL scan if the port is open? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: A NULL scan will have no response if the port is open. 


Q77. Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. 

But Jess is not picking up hashed from the network. 

Why? 

A. The network protocol is configured to use SMB Signing. 

B. The physical network wire is on fibre optic cable. 

C. The network protocol is configured to use IPSEC. 

D. L0phtCrack SMB filtering only works through Switches and not Hubs. 

Answer: A

Explanation: To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session. 


Q78. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’? 

A. The ethical hacker does not use the same techniques or skills as a cracker. 

B. The ethical hacker does it strictly for financial motives unlike a cracker. 

C. The ethical hacker has authorization from the owner of the target. 

D. The ethical hacker is just a cracker who is getting paid. 

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. 


Q79. What is the proper response for a NULL scan if the port is closed? 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. No response 

Answer:

Explanation: Closed ports respond to a NULL scan with a reset. 


Q80. The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user: 

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following: 

SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago' 

How will you delete the OrdersTable from the database using SQL Injection? 

A. Chicago' drop table OrdersTable --

B. Delete table'blah' OrdersTable --

C. EXEC; SELECT * OrdersTable > DROP --

D. cmdshell' 'del c:sqlmydbOrdersTable' // 

Answer: A