how to use ceh official certified ethical hacker review guide exam 312-50 pdf

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on:

EC-Council EC-Council exam is identified as EC-Council 312-50 which is a new EC-Council certification exam. The EC-Council 312-50 certificate can be a threshold in the area of This and a desire of all the ambitious professionals. In case you intend to obtain the particular 312-50 certification, youd better exert more efforts on the preparation. offers you a new shortcut to get the EC-Council certification easier and earlier. You can enjoy not only the particular general information and examine tips but also the particular training materials. Start proper now and make complete preparation for the EC-Council 312-50 exam.

2017 Jan 312-50 vce:

Q391. Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer) 

A. symmetric algorithms 

B. asymmetric algorithms 

C. hashing algorithms 

D. integrity algorithms 


Explanation: In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. A hash function takes a long string (or 'message') of any length as input and produces a fixed length string as output, sometimes termed a message digest or a digital fingerprint. 

Q392. This tool is widely used for ARP Poisoning attack. Name the tool. 

A. Cain and Able 

B. Beat Infector 

C. Poison Ivy 

D. Webarp Infector 

Answer: A

Q393. Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage. How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools? 

A. Ensure all files have at least a 755 or more restrictive permissions. 

B. Configure rules using ipchains. 

C. Configure and enable portsentry on his server. 

D. Install an intrusion detection system on her computer such as Snort. 

Answer: B

Explanation: ipchains is a free software based firewall for Linux. It is a rewrite of Linux's previous IPv4 firewalling code, ipfwadm. In Linux 2.2, ipchains is required to administer the IP packet filters. ipchains was written because the older IPv4 firewall code used in Linux 2.0 did not work with IP fragments and didn't allow for specification of protocols other than TCP, UDP, and ICMP. 

Q394. What is the correct command to run Netcat on a server using port 56 that spawns command shell when connected? 

A. nc -port 56 -s cmd.exe 

B. nc -p 56 -p -e shell.exe 

C. nc -r 56 -c cmd.exe 

D. nc -L 56 -t -e cmd.exe 

Answer: D

Q395. You are doing IP spoofing while you scan your target. You find that the target has port 23 open.Anyway you are unable to connect. Why? 

A. A firewall is blocking port 23 

B. You cannot spoof + TCP 

C. You need an automated telnet tool 

D. The OS does not reply to telnet even if port 23 is open 

Answer: A

Explanation: The question is not telling you what state the port is being reported by the scanning utility, if the program used to conduct this is nmap, nmap will show you one of three states – “open”, “closed”, or “filtered” a port can be in an “open” state yet filtered, usually by a stateful packet inspection filter (ie. Netfilter for linux, ipfilter for bsd). C and D to make any sense for this question, their bogus, and B, “You cannot spoof + TCP”, well you can spoof + TCP, so we strike that out. 

Renew ec council 312-50:

Q396. Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack? 

A. Timestamps 

B. SMB Signing 

C. File permissions 

D. Sequence numbers monitoring 

Answer: ABD

Q397. You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks? 

A. System services 

B. EXEC master access 

C. xp_cmdshell 


Answer: C

Q398. You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:\\) for data with the following text “Credit Card” and “password”. It then zips all the scanned files and sends an email to a predefined hotmail address. 

You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent? 

A. HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROOSFT\\Windows\\CurrentVersion\\RunServices 

B. HKEY_LOCAL_USER\\SOFTWARE\\MICROOSFT\\Windows\\CurrentVersion\\RunServices 

C. HKEY_LOCAL_SYSTEM\\SOFTWARE\\MICROOSFT\\Windows\\CurrentVersion\\RunServices 

D. HKEY_CURRENT_USER\\SOFTWARE\\MICROOSFT\\Windows\\CurrentVersion\\RunServices 


Explanation: HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted. 

Topic 7, Sniffers 

248. Exhibit: 

ettercap –NCLzs --quiet 

What does the command in the exhibit do in “Ettercap”? 

A. This command will provide you the entire list of hosts in the LAN 

B. This command will check if someone is poisoning you and will report its IP. 

C. This command will detach from console and log all the collected passwords from the network to a file. 

D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs. 

Answer: C

Explanation: -N = NON interactive mode (without ncurses) 

-C = collect all users and passwords 

-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the 

form "YYYYMMDD-collected-pass.log" 

-z = start in silent mode (no arp storm on start up) 

-s = IP BASED sniffing 

--quiet = "demonize" ettercap. Useful if you want to log all data in background. 

Q399. Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency’s network. The firm first sets up a sniffer on the agency’s wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency’s wireless network to capture the same amount of traffic. This capture only takes about 30 minutes to get 10 GB of data. 

Why did capturing of traffic take much less time on the wireless network? 

A. Because wireless access points act like hubs on a network 

B. Because all traffic is clear text, even when encrypted 

C. Because wireless traffic uses only UDP which is easier to sniff 

D. Because wireless networks can’t enable encryption 

Answer: A

Explanation: You can not have directed radio transfers over a WLAN. Every packet will be broadcasted as far as possible with no concerns about who might hear it. 

Q400. In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this? 

A. Rouge access point attack 

B. Unauthorized access point attack 

C. War Chalking 

D. WEP attack 

Answer: A

Explanation: The definition of a Rogue access point is:1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world.2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an "evil twin," the rogue AP picks up beacons (signals that advertise its presence) from the company's legitimate AP and transmits identical beacons, which some client machines inside the building associate with. 

see more Ethical Hacking and Countermeasures (CEHv6)