♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for EC-Council 312-50 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Proper study guides for Rebirth EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the 100% Correct 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.
Q391. In which of the following should be performed first in any penetration test?
A. System identification
B. Intrusion Detection System testing
C. Passive information gathering
D. Firewall testing
Q392. When working with Windows systems, what is the RID of the true administrator account?
Explanation: The built-in administrator account always has a RID of 500.
Q393. In Linux, the three most common commands that hackers usually attempt to Trojan are:
A. car, xterm, grep
B. netstat, ps, top
C. vmware, sed, less
D. xterm, ps, nc
Explanation: The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html
Q394. Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.
A. hping3 -T 10.8.8.8 -S netbios -c 2 -p 80
B. hping3 -Y 10.8.8.8 -S windows -c 2 -p 80
C. hping3 -O 10.8.8.8 -S server -c 2 -p 80
D. hping3 -a 10.8.8.8 -S springfield -c 2 -p 80
Q395. What makes web application vulnerabilities so aggravating? (Choose two)
A. They can be launched through an authorized port.
B. A firewall will not stop them.
C. They exist only on the Linux platform.
D. They are detectable by most leading antivirus software.
Explanation: As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack.
Q396. Study the log below and identify the scan type.
tcpdump –w host 192.168.1.10
A. nmap R 192.168.1.10
B. nmap S 192.168.1.10
C. nmap V 192.168.1.10
D. nmap –sO –T 192.168.1.10
Explanation: -sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine.
Q397. Joe the Hacker breaks into company’s Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.
Running “ifconfig –a” will produce the following:
# ifconfig –a
1o0: flags=848<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
inet 127.0.0.1 netmask ff000000hme0:
flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,MULTICAST> mtu inet 192.0.2.99 netmask ffffff00 broadcast 126.96.36.199 ether
What can Joe do to hide the wiretap program from being detected by ifconfig command?
A. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu
B. Run the wiretap program in stealth mode from being detected by the ifconfig command.
C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.
D. You cannot disable Promiscuous mode detection on Linux systems.
Explanation: The normal way to hide these rogue programs running on systems is the use crafted commands like ifconfig and ls.
Q398. What is the purpose of firewalking?
A. It's a technique used to discover Wireless network on foot
B. It's a technique used to map routers on a network link
C. It's a technique used to discover interface in promiscuous mode
D. It's a technique used to discover what rules are configured on a gateway
Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.
Q399. Why is Social Engineering considered attractive by hackers and also adopted by experts in the field?
A. It is done by well known hackers and in movies as well.
B. It does not require a computer in order to commit a crime.
C. It is easy and extremely effective to gain information.
D. It is not considered illegal.
Explanation: Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim. The term has been popularized in recent years by well known (reformed) computer criminal and security consultant Kevin Mitnick who points out that it's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in. He claims it to be the single most effective method in his arsenal.
Q400. In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?
A. WEP attack
B. Drive by hacking
C. Rogue access point attack
D. Unauthorized access point attack
Explanation: The definition of a Rogue access point is:1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world.2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an "evil twin," the rogue AP picks up beacons (signals that advertise its presence) from the company's legitimate AP and transmits identical beacons, which some client machines inside the building associate with.