Want to know Testking 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study High quality EC-Council 312-50 answers to Up to the minute 312-50 questions at Testking. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

Q181. Which of the following activities would not be considered passive footprinting? 

A. Search on financial site such as Yahoo Financial 

B. Perform multiple queries through a search engine 

C. Scan the range of IP address found in their DNS database 

D. Go through the rubbish to find out any information that might have been discarded 

Answer: C

Explanation: Passive footprinting is a method in which the attacker never makes contact with the target. Scanning the targets IP addresses can be logged at the target and therefore contact has been made. 

Q182. War dialing is one of the oldest methods of gaining unauthorized access to the target systems, it is one of the dangers most commonly forgotten by network engineers and system administrators. A hacker can sneak past all the expensive firewalls and IDS and connect easily into the network. Through wardialing an attacker searches for the devices located in the target network infrastructure that are also accessible through the telephone line. 

‘Dial backup’ in routers is most frequently found in networks where redundancy is required. Dial-on-demand routing(DDR) is commonly used to establish connectivity as a backup. 

As a security testers, how would you discover what telephone numbers to dial-in to the router? 

A. Search the Internet for leakage for target company’s telephone number to dial-in 

B. Run a war-dialing tool with range of phone numbers and look for CONNECT Response 

C. Connect using ISP’s remote-dial in number since the company’s router has a leased line connection established with them 

D. Brute force the company’s PABX system to retrieve the range of telephone numbers to dial-in 


Explanation: Use a program like Toneloc to scan the company’s range of phone numbers. 

Q183. Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit. 

Choose the attack type from the choices given below. 

A. Database Fingerprinting 

B. Database Enumeration 

C. SQL Fingerprinting 

D. SQL Enumeration 

Answer: A

Explanation: He is trying to create a view of the characteristics of the target database, he is taking it’s fingerprints. 

Q184. Which Type of scan sends a packets with no flags set ? 

Select the Answer 

A. Open Scan 

B. Null Scan 

C. Xmas Scan 

D. Half-Open Scan 



The types of port connections supported are: 

Q185. One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out? 

Select the best answers. 

A. John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. 

B. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. 

C. SYSKEY is an effective countermeasure. 

D. If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899. 

E. Enforcing Windows complex passwords is an effective countermeasure. 

Answer: ACE


John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case. John the Ripper is a very effective password cracker. It can crack passwords for many different types of operating systems. However, one limitation is that the output doesn't show if the password is upper or lower case. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. NTLM Version 2 (NTLMV2) is a good countermeasure to LM password cracking (and therefore a correct answer). To do this, set Windows 9x and NT systems to "send NTLMv2 responses only". SYSKEY is an effective countermeasure. It uses 128 bit encryption on the local copy of the Windows SAM. If a Windows LM password is 7 characters or less, the has will be passed with the following characters: 0xAAD3B435B51404EE Enforcing Windows complex passwords is an effective countermeasure to password cracking. Complex passwords are- greater than 6 characters and have any 3 of the following 4 items: upper case, lower case, special characters, and numbers. 

Q186. A denial of Service (DoS) attack works on the following principle: 

A. MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily. 

B. All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily. 

C. Overloaded buffer systems can easily address error conditions and respond appropriately. 

D. Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State). 

E. A server stops accepting connections from certain networks one those network become flooded. 

Answer: D

Explanation: Denial-of-service (often abbreviated as DoS) is a class of attacks in which an attacker attempts to prevent legitimate users from accessing an Internet service, such as a web site. This can be done by exercising a software bug that causes the software running the service to fail (such as the “Ping of Death” attack against Windows NT systems), sending enough data to consume all available network bandwidth (as in the May, 2001 attacks against Gibson Research), or sending data in such a way as to consume a particular resource needed by the service. 

Q187. What is the IV key size used in WPA2? 

A. 32 

B. 24 

C. 16 

D. 48 

E. 128 

Answer: D

Q188. What is the purpose of firewalking? 

A. It's a technique used to discover Wireless network on foot 

B. It's a technique used to map routers on a network link 

C. It's a technique used to discover interface in promiscuous mode 

D. It's a technique used to discover what rules are configured on a gateway 

Answer: D

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 

Q189. What happens during a SYN flood attack? 

A. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports. 

B. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination. 

C. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field. 

D. A TCP packet is received with both the SYN and the FIN bits set in the flags field. 

Answer: A

Explanation: To a server that requires an exchange of a sequence of messages. The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending a SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message and then data can be exchanged. At the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message, there is a half-open connection. A data structure describing all pending connections is in memory of the server that can be made to overflow by intentionally creating too many partially open connections. Another common attack is the SYN flood, in which a target machine is flooded with TCP connection requests. The source addresses and source TCP ports of the connection request packets are randomized; the purpose is to force the target host to maintain state information for many connections that will never be completed. SYN flood attacks are usually noticed because the target host (frequently an HTTP or SMTP server) becomes extremely slow, crashes, or hangs. It's also possible for the traffic returned from the target host to cause trouble on routers; because this return traffic goes to the randomized source addresses of the original packets, it lacks the locality properties of "real" IP traffic, and may overflow route caches. On Cisco routers, this problem often manifests itself in the router running out of memory. 

Q190. Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called? 

A. Spoof attack 

B. Replay attack 

C. Injection attack 

D. Rebound attack 

Answer: B

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).