Testkings EC-Council 312-50 exam braindumps are the prior choice for you because the website gets the most ample preparation source. Whatever training materials for EC-Council EC-Council certification exam you want, you can seek out a few important information. You can prepare for the final EC-Council 312-50 exam with all the high level knowledge. The particular EC-Council 312-50 exam questions and answers can test your abilities along with skills involving operating the particular EC-Council office network. Our own test engine can provide the detailed report along with a progress schedule. You can amount out what you get and havent mastered.

2017 Mar 312-50 exam prep

Q371. Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products? 

A. Covert keylogger 

B. Stealth keylogger 

C. Software keylogger 

D. Hardware keylogger 

Answer: D

Explanation: As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products. 


Q372. The terrorist organizations are increasingly blocking all traffic from North America or from Internet Protocol addresses that point to users who rely on the English Language. 

Hackers sometimes set a number of criteria for accessing their website. This information is shared among the co-hackers. For example if you are using a machine with the Linux Operating System and the Netscape browser then you will have access to their website in a convert way. When federal investigators using PCs running windows and using Internet Explorer visited the hacker’s shared site, the hacker’s system immediately mounted a distributed denial-of-service attack against the federal system. 

Companies today are engaging in tracking competitor’s through reverse IP address lookup sites like whois.com, which provide an IP address’s domain. When the competitor visits the companies website they are directed to a products page without discount and prices are marked higher for their product. When normal users visit the website they are directed to a page with full-blown product details along with attractive discounts. This is based on IP-based blocking, where certain addresses are barred from accessing a site. 

What is this masking technique called? 

A. Website Cloaking 

B. Website Filtering 

C. IP Access Blockade 

D. Mirrored WebSite 

Answer: A

Explanation: Website Cloaking travels under a variety of alias including Stealth, Stealth scripts, IP delivery, Food Script, and Phantom page technology. It’s hot- due to its ability to manipulate those elusive top-ranking results from spider search engines. 


Q373. Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here? 

A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan 

B. She is utilizing a SYN scan to find live hosts that are listening on her network 

C. The type of scan, she is using is called a NULL scan 

D. Hayden is using a half-open scan to find live hosts on her network 

Answer: D


Q374. Which of the following activities would not be considered passive footprinting? 

A. Search on financial site such as Yahoo Financial 

B. Perform multiple queries through a search engine 

C. Scan the range of IP address found in their DNS database 

D. Go through the rubbish to find out any information that might have been discarded 

Answer: C

Explanation: Passive footprinting is a method in which the attacker never makes contact with the target. Scanning the targets IP addresses can be logged at the target and therefore contact has been made. 


Q375. Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown to Chris, certain functions are executed on his local system under his privileges, which allow Kevin access to information used on the BBS. However, no executables are downloaded and run on the local system. What would you term this attack? 

A. Phishing 

B. Denial of Service 

C. Cross Site Scripting 

D. Backdoor installation 

Answer: C

Explanation: This is a typical Type-1 Cross Site Scripting attack. This kind of cross-site scripting hole is also referred to as a non-persistent or reflected vulnerability, and is by far the most common type. These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. If unvalidated user-supplied data is included in the resulting page without HTML encoding, this will allow client-side code to be injected into the dynamic page. A classic example of this is in site search engines: if one searches for a string which includes some HTML special characters, often the search string will be redisplayed on the result page to indicate what was searched for, or will at least include the search terms in the text box for easier editing. If all occurrences of the search terms are not HTML entity encoded, an XSS hole will result. 


Up to date 312-50 practice test:

Q376. Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist's computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software? 

A. Steganography 

B. Wrapping 

C. ADS 

D. Hidden Channels 

Answer: A


Q377. Which of the following is one of the key features found in a worm but not seen in a virus? 

A. The payload is very small, usually below 800 bytes. 

B. It is self replicating without need for user intervention. 

C. It does not have the ability to propagate on its own. 

D. All of them cannot be detected by virus scanners. 

Answer:

Explanation: A worm is similar to a virus by its design, and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. 


Q378. The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence number of transmitted packets from host B are lower than the packet segment containing the set FIN flag. 

A. True 

B. False 

Answer: A

Explanation: For sequence number purposes, the SYN is considered to occur before the first actual data octet of the segment in which it occurs, while the FIN is considered to occur after the last actual data octet in a segment in which it occurs. So packets receiving out of order will still be accepted. 


Q379. Why would an ethical hacker use the technique of firewalking? 

A. It is a technique used to discover wireless network on foot. 

B. It is a technique used to map routers on a network link. 

C. It is a technique used to discover the nature of rules configured on a gateway. 

D. It is a technique used to discover interfaces in promiscuous mode. 

Answer: C

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 


Q380. What is the key advantage of Session Hijacking? 

A. It can be easily done and does not require sophisticated skills. 

B. You can take advantage of an authenticated connection. 

C. You can successfully predict the sequence number generation. 

D. You cannot be traced in case the hijack is detected. 

Answer: B

Explanation: As an attacker you don’t have to steal an account and password in order to take advantage of an authenticated connection.