Proper study guides for Refresh EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the Vivid 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.

Q31. You are the IT Manager of a large legal firm in California. Your firm represents many important clients whose names always must remain anonymous to the public. Your boss, Mr. Smith is always concerned about client information being leaked or revealed to the pres or public. You have just finished a complete security overhaul of your information system including an updated IPS, new firewall, email encryption and employee security awareness training. Unfortunately, many of your firm’s clients do not trust technology to completely secure their information, so couriers routinely have to travel back and forth to and from the office with sensitive information. 

Your boss has charged you with figuring out how to secure the information the couriers must transport. You propose that the data be transferred using burned CD’s or USB flash drives. You initially think of encrypting the files, but decide against that method for fear the encryption keys could eventually be broken. 

What software application could you use to hide the data on the CD’s and USB flash drives? 

A. Snow 

B. File Snuff 

C. File Sneaker 


Answer: A

Explanation: The Snow software developed by Matthew Kwan will insert extra spaces at the end of each line. Three bits are encoded in each line by adding between 0 and 7 spaces that are ignored by most display programs including web browsers. 

Q32. On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner? 

A. Use "Is" 

B. Use "lsof" 

C. Use "echo" 

D. Use "netstat" 

Answer: B

Explanation: lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several UNIX flavors. 

Q33. When writing shellcodes, you must avoid _________________ because these will end the string. 

A. Null Bytes 

B. Root Bytes 

C. Char Bytes 

D. Unicode Bytes 

Answer: A

Explanation: The null character (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets, and available in nearly all mainstream programming languages. The original meaning of this character was like NOP — when sent to a printer or a terminal, it does nothing (some terminals, however, incorrectly display it as space). Strings ending in a null character are said to be null-terminated. 

Q34. What is a sniffing performed on a switched network called? 

A. Spoofed sniffing 

B. Passive sniffing 

C. Direct sniffing 

D. Active sniffing 

Answer: D

Q35. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? 

Select the best answers. 

A. Use port security on his switches. 

B. Use a tool like ARPwatch to monitor for strange ARP activity. 

C. Use a firewall between all LAN segments. 

D. If you have a small network, use static ARP entries. 

E. Use only static IP addresses on all PC's. 

Answer: ABD


By using port security on his switches, the switches will only allow the first MAC address that is connected to the switch to use that port, thus preventing ARP spoofing. ARPWatch is a tool that monitors for strange ARP activity. This may help identify ARP spoofing when it happens. Using firewalls between all LAN segments is possible and may help, but is usually pretty unrealistic. On a very small network, static ARP entries are a possibility. However, on a large network, this is not an realistic option. ARP spoofing doesn't have anything to do with static or dynamic IP addresses. Thus, this option won't help you. 

Q36. While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS? 

A. Scan more slowly. 

B. Do not scan the broadcast IP. 

C. Spoof the source IP address. 

D. Only scan the Windows systems. 

Answer: B

Explanation: Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time. 

Q37. SSL has been seen as the solution to several common security problems. Administrators will often make use of SSL to encrypt communication from point A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B? 

A. SSL is redundant if you already have IDS in place. 

B. SSL will trigger rules at regular interval and force the administrator to turn them off. 

C. SSL will slow down the IDS while it is breaking the encryption to see the packet content. 

D. SSL will mask the content of the packet and Intrusion Detection System will be blinded. 

Answer: D

Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload. 

Q38. Bill has started to notice some slowness on his network when trying to update his company’s website while trying to access the website from the Internet. Bill asks the help desk manager if he has received any calls about slowness from the end users, but the help desk manager says that he has not. Bill receives a number of calls from customers that can’t access the company website and can’t purchase anything online. Bill logs on to a couple of this routers and notices that the logs shows network traffic is at all time high. He also notices that almost all the traffic is originating from a specific address. 

Bill decides to use Geotrace to find out where the suspect IP is originates from. The Geotrace utility runs a traceroute and finds that IP is coming from Panama. Bill knows that none of his customers are in Panama so he immediately thinks that his company is under a Denial of Service attack. Now Bill needs to find out more about the originating IP Address. 

What Internet registry should Bill look in to find the IP Address? 





Answer: A

Explanation: LACNIC is the Latin American and Caribbean Internet Addresses Registry that administers IP addresses, autonomous system numbers, reverse DNS, and other network resources for that region. 

Q39. A very useful resource for passively gathering information about a target company is: 

A. Host scanning 

B. Whois search 

C. Traceroute 

D. Ping sweep 


Explanation: A, C & D are "Active" scans, the question says: "Passively" 

Q40. You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed? 

A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information 

C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots" 

D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques 

Answer: B