Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Most recent EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.

Q61. What sequence of packets is sent during the initial TCP three-way handshake? 





Answer: D

Explanation: This is referred to as a "three way handshake." The "SYN" flags are requests by the TCP stack at one end of a socket to synchronize themselves to the sequence numbering for this new sessions. The ACK flags acknowlege earlier packets in this session. Obviously only the initial packet has no ACK flag, since there are no previous packets to acknowlege. Only the second packet (the first response from a server to a client) has both the SYN and the ACK bits set. 

Q62. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use? 

A. 443 

B. 139 

C. 179 

D. 445 

Answer: D

Q63. SNMP is a connectionless protocol that uses UDP instead of TCP packets? (True or False) 

A. True 

B. False 

Answer: A

Explanation: TCP and UDP provide transport services. But UDP was preferred. This is due to TCP characteristics, it is a complicate protocol and it consume to many memory and CPU resources. Where as UDP is easy to build and run. Into devices (repeaters and modems) vendors have built simple version of IP and UDP. 

Q64. Steven, a security analyst for XYZ associates, is analyzing packets captured by Ethereal on a Linux Server inside his network when the server starts to slow down tremendously. Steven examines the following Ethereal captures: 

A. Smurf Attack 

B. ARP Spoofing 

C. Ping of Death 

D. SYN Flood 

Answer: A

Explanation: A perpetrator is sending a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. 

Topic 9, Social Engineering 

303. Your boss at asks you what are the three stages of Reverse Social Engineering. 

A. Sabotage, advertising, Assisting 

B. Sabotage, Advertising, Covering 

C. Sabotage, Assisting, Billing D. Sabotage, Advertising, Covering 

Answer: A

Explanation: Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker. 

Q65. What did the following commands determine? 

C : user2sid earth guest S-1-5-21-343818398-789336058-1343024091-501 

C:sid2user 5 21 343818398 789336058 1343024091 500 Name is Joe Domain is EARTH 

A. That the Joe account has a SID of 500 

B. These commands demonstrate that the guest account has NOT been disabled 

C. These commands demonstrate that the guest account has been disabled 

D. That the true administrator is Joe 

E. Issued alone, these commands prove nothing 

Answer: D

Explanation: One important goal of enumeration is to determine who the true administrator is. In the example above, the true administrator is Joe. 

Q66. What is a sheepdip? 

A. It is another name for Honeynet 

B. It is a machine used to coordinate honeynets 

C. It is the process of checking physical media for virus before they are used in a computer 

D. None of the above 

Answer: C

Explanation: Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness. 

Q67. Jackson discovers that the wireless AP transmits 128 bytes of plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network traffic. What authentication mechanism is being followed here? 

A. no authentication 

B. single key authentication 

C. shared key authentication 

D. open system authentication 


Explantion: The following picture shows how the WEP authentication procedure: 

Q68. While testing web applications, you attempt to insert the following test script into the search area on the company's web site: 

<script>alert('Testing Testing Testing')</script> 

Afterwards, when you press the search button, a pop up box appears on your screen with the text "Testing Testing Testing". What vulnerability is detected in the web application here? 

A. A hybrid attack 

B. A buffer overflow 

C. Password attacks 

D. Cross Site Scripting 

Answer: D

Explanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. 

Q69. Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet. 

How can you protect/fix the problem of your application as shown above? 

A. Because the counter starts with 0, we would stop when the counter is less than 200 

B. Because the counter starts with 0, we would stop when the counter is more than 200 

C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it can’t hold any more data 

D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it can’t hold any more data 

Answer: AC

Explanation: I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200. 

Q70. Travis works primarily from home as a medical transcriptions. 

He just bought a brand new Dual Core Pentium Computer with over 3 GB of RAM. He uses voice recognition software is processor intensive, which is why he bought the new computer. Travis frequently has to get on the Internet to do research on what he is working on. After about two months of working on his new computer, he notices that it is not running nearly as fast as it used to. 

Travis uses antivirus software, anti-spyware software and always keeps the computer up-to-date with Microsoft patches. 

After another month of working on the computer, Travis computer is even more noticeable slow. Every once in awhile, Travis also notices a window or two pop-up on his screen, but they quickly disappear. He has seen these windows show up, even when he has not been on the Internet. Travis is really worried about his computer because he spent a lot of money on it and he depends on it to work. Travis scans his through Windows Explorer and check out the file system, folder by folder to see if there is anything he can find. He spends over four hours pouring over the files and folders and can’t find anything but before he gives up, he notices that his computer only has about 10 GB of free space available. Since has drive is a 200 GB hard drive, Travis thinks this is very odd. 

Travis downloads Space Monger and adds up the sizes for all the folders and files on his computer. According to his calculations, he should have around 150 GB of free space. What is mostly likely the cause of Travi’s problems? 

A. Travis’s Computer is infected with stealth kernel level rootkit 

B. Travi’s Computer is infected with Stealth Torjan Virus 

C. Travis’s Computer is infected with Self-Replication Worm that fills the hard disk space 

D. Logic Bomb’s triggered at random times creating hidden data consuming junk files 

Answer: A

Explanation: A rootkit can take full control of a system. A rootkit's only purpose is to hide files, network connections, memory addresses, or registry entries from other programs used by system administrators to detect intended or unintended special privilege accesses to the computer resources.