It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Abreast of the times Ethical Hacking and Countermeasures (CEHv6) practice guides.

Q301. Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized. 

What type of technique might be used by these offenders to access the Internet without restriction? 

A. They are using UDP which is always authorized at the firewall. 

B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended. 

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access. 

D. They are using an older version of Internet Explorer that allows them to bypass the proxy server. 

Answer: B

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic. 


Q302. What does ICMP (type 11, code 0) denote? 

A. Unknown Type 

B. Time Exceeded 

C. Source Quench 

D. Destination Unreachable 

Answer: B

Explanation: An ICMP Type 11, Code 0 means Time Exceeded [RFC792], Code 0 = Time to Live exceeded in Transit and Code 1 = Fragment Reassembly Time Exceeded. 


Q303. Melissa is a virus that attacks Microsoft Windows platforms. 

To which category does this virus belong? 

A. Polymorphic 

B. Boot Sector infector 

C. System 

D. Macro 

Answer: D

Explanation: The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment. 


Q304. Which type of sniffing technique is generally referred as MiTM attack? 

A. Password Sniffing 

B. ARP Poisoning 

C. Mac Flooding 

D. DHCP Sniffing 

Answer: C


Q305. What type of cookies can be generated while visiting different web sites on the Internet? 

A. Permanent and long term cookies. 

B. Session and permanent cookies. 

C. Session and external cookies. 

D. Cookies are all the same, there is no such thing as different type of cookies. 

Answer: B

Explanation: There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser. 


Q306. Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. 

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers) 

A. Alternate between typing the login credentials and typing characters somewhere else in the focus window 

B. Type a wrong password first, later type the correct password on the login page defeating the keylogger recording 

C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter. 

D. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". 

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd" 

E. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd". Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies "asdfsd" 

Answer: ACDE 


Q307. A simple compiler technique used by programmers is to add a terminator 'canary word' containing four letters NULL (0x00), CR (0x0d), LF (0x0a) and EOF (0xff) so that most string operations are terminated. If the canary word has been altered when the function returns, and the program responds by emitting an intruder alert into syslog, and then halts what does it indicate? 

A. The system has crashed 

B. A buffer overflow attack has been attempted 

C. A buffer overflow attack has already occurred 

D. A firewall has been breached and this is logged 

E. An intrusion detection system has been triggered 

Answer: B

Explanation: Terminator Canaries are based on the observation that most buffer overflows and stack smash attacks are based on certain string operations which end at terminators. The reaction to this observation is that the canaries are built of NULL terminators, CR, LF, and -1. The undesirable result is that the canary is known. 


Q308. This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate-looking e-mail asking users to update their information on the company's Web site, but the URLs in the e-mail actually point to a false Web site. 

A. Wiresharp attack 

B. Switch and bait attack 

C. Phishing attack 

D. Man-in-the-Middle attack 

Answer: C


Q309. Jim’s Organization just completed a major Linux roll out and now all of the organization’s systems are running Linux 2.5 Kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ, which built-in functionality of Linux can achieve this? 

A. IP ICMP 

B. IP Sniffer 

C. IP tables 

D. IP Chains 

Answer: C

Explanation: iptables is the name of the user space tool by which administrators create rules for the packet filtering and NAT modules. While technically iptables is merely the tool which controls the packet filtering and NAT components within the kernel, the name iptables is often used to refer to the entire infrastructure, including netfilter, connection tracking and NAT, as well as the tool itself. iptables is a standard part of all modern Linux distributions. 


Q310. How does a denial-of-service attack work? 

A. A hacker tries to decipher a password by using a system, which subsequently crashes the network 

B. A hacker attempts to imitate a legitimate user by confusing a computer or even another person 

C. A hacker prevents a legitimate user (or group of users) from accessing a service 

D. A hacker uses every character, word, or letter he or she can think of to defeat authentication 

Answer: C

Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).