★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Want to know Exambible 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Precise EC-Council 312-50 answers to Most up-to-date 312-50 questions at Exambible. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.
2016 Jul examcollection ceh 312-50:
Q311. Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?
A. They are using UDP that is always authorized at the firewall
B. They are using an older version of Internet Explorer that allow them to bypass the proxy server
C. They have been able to compromise the firewall, modify the rules, and give themselves proper access
D. They are using tunneling software that allows them to communicate with protocols in a way it was not intended
Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.
Q312. Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?
A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan
B. She is utilizing a SYN scan to find live hosts that are listening on her network
C. The type of scan, she is using is called a NULL scan
D. Hayden is using a half-open scan to find live hosts on her network
Q313. SSL has been seen as the solution to several common security problems. Administrators will often make use of SSL to encrypt communication from point A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?
A. SSL is redundant if you already have IDS in place.
B. SSL will trigger rules at regular interval and force the administrator to turn them off.
C. SSL will slow down the IDS while it is breaking the encryption to see the packet content.
D. SSL will mask the content of the packet and Intrusion Detection System will be blinded.
Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the payload.
Q314. Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his test?
A. IP Range, OS, and patches installed.
B. Only the IP address range.
C. Nothing but corporate name.
D. All that is available from the client site.
Explanation: Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box (with complete knowledge of the infrastructure to be tested). As you might expect, there are conflicting opinions about this choice and the value that either approach will bring to a project.
Q315. Which type of attack is port scanning?
A. Web server attack
B. Information gathering
C. Unauthorized access
D. Denial of service attack
Improve ceh official certified ethical hacker review guide exam 312-50 pdf:
Q316. You are performing a port scan with nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results?
A. XMAS scan
B. Stealth scan
C. Connect scan
D. Fragmented packet scan
Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection.
Q317. An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS?
Select the best answer.
Firewalking is a way to disguise a portscan. Thus, firewalking is not a tool, but a method of conducting a port scan in which it can be hidden from some firewalls. Synamtec Man-Hunt is an IDS, not a tool to evade an IDS. Fragrouter is a tool that can take IP traffic and fragment it into multiple pieces. There is a legitimate reason that fragmentation is done, but it is also a technique that can help an attacker to evade detection while Fragids is a made-up tool and does not exist.
Q318. When working with Windows systems, what is the RID of the true administrator account?
Explanation: Because of the way in which Windows functions, the true administrator account always has a RID of 500.
Q319. 802.11b is considered a ____________ protocol.
D. Token ring based
Explanation: 802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker.
Q320. home/root # traceroute www.targetcorp.com <http://www.targetcorp.com>
traceroute to www.targetcorp.com <http://www.targetcorp.com> (192.168.12.18), 64 hops may, 40 byte packets 1 router.anon.com (126.96.36.199) 1.373 ms 1.123 ms 1.280 ms 2 188.8.131.52 (184.108.40.206) 3.680 ms 3.506 ms 4.583 ms 3 firewall.anon.com (220.127.116.11) 127.189 ms 257.404 ms 208.484 ms 4 anon-gw.anon.com (18.104.22.168) 471.68 ms 376.875 ms 228.286 ms 5 fe5-0.lin.isp.com (22.214.171.124) 2.961 ms 3.852 ms 2.974 ms 6 fe0-0.lon0.isp.com (126.96.36.199) 3.979 ms 3.243 ms 4.370 ms 7 188.8.131.52 (184.108.40.206) 11.454 ms 4.221 ms 3.333 ms 6 * * * 7 * * * 8 www.targetcorp.com <http://www.targetcorp.com> (192.168.12.18) 5.392 ms 3.348 ms 3.199 ms
Use the traceroute results shown above to answer the following question:
The perimeter security at targetcorp.com does not permit ICMP TTL-expired packets out.
Explanation: As seen in the exhibit there is 2 registrations with timeout, this tells us that the firewall filters packets where the TTL has reached 0, when you continue with higher starting values for TTL you will get an answer from the target of the traceroute.
see more Ethical Hacking and Countermeasures (CEHv6)