Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Renewal EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.

2017 Mar 312-50 actual exam

Q311. Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response? 

A. These ports are open because they do not illicit a response. 

B. He can tell that these ports are in stealth mode. 

C. If a port does not respond to an XMAS scan using NMAP, that port is closed. 

D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan. 

Answer: A

Q312. What framework architecture is shown in this exhibit? 

A. Core Impact 

B. Metasploit 

C. Immunity Canvas 

D. Nessus 

Answer: B

Q313. You run nmap port Scan on and attempt to gain banner/server information from services running on ports 21, 110 and 123. 

Here is the output of your scan results: 

Which of the following nmap command did you run? 

A. nmap -A -sV -p21,110,123 

B. nmap -F -sV -p21,110,123 

C. nmap -O -sV -p21,110,123 

D. nmap -T -sV -p21,110,123 

Answer: C

Q314. Joseph has just been hired on to a contractor company of the Department of Defense as their Senior Security Analyst. Joseph has been instructed on the company's strict security policies that have been implemented, and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph's supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number. Joseph's company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication? 

A. Biometric device 


C. Proximity cards 

D. Security token 

Answer: D

Q315. Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page again in vain. 

What is the probable cause of Bill’s problem? 

A. The system is a honeypot. 

B. There is a problem with the shell and he needs to run the attack again. 

C. You cannot use a buffer overflow to deface a web page. 

D. The HTML file has permissions of ready only. 

Answer: D

Explanation: The question states that Bill had been able to spawn an interactive shell. By this statement we can tell that the buffer overflow and its corresponding code was enough to spawn a shell. Any shell should make it possible to change the webpage. So we either don’t have sufficient privilege to change the webpage (answer D) or it’s a honeypot (answer A). We think the preferred answer is D 

Up to date 312-50 practice test:

Q316. Study the log below and identify the scan type. 

tcpdump -vv host 

17:34:45.802163 eth0 < > victim: ip-proto-117 0 (ttl 48, id 36166) 

17:34:45.802216 eth0 < > victim: ip-proto-25 0 (ttl 48, id 33796) 

17:34:45.802266 eth0 < > victim: ip-proto-162 0 (ttl 48, id 47066) 

17:34:46.111982 eth0 < > victim: ip-proto-74 0 (ttl 48, id 35585) 

17:34:46.112039 eth0 < > victim: ip-proto-117 0 (ttl 48, id 32834) 

17:34:46.112092 eth0 < > victim: ip-proto-25 0 (ttl 48, id 26292) 

17:34:46.112143 eth0 < > victim: ip-proto-162 0 (ttl 48, id 51058) 

tcpdump -vv -x host 

17:35:06.731739 eth0 < > victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c 0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 

A. nmap -sR 

B. nmap -sS 

C. nmap -sV 

D. nmap -sO -T 

Answer: D

Q317. What command would you type to OS fingerprint a server using the command line? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: C

Q318. Which one of the following attacks will pass through a network layer intrusion detection system undetected? 

A. A teardrop attack 

B. A SYN flood attack 

C. A DNS spoofing attack 

D. A test.cgi attack 

Answer: D

Explanation: Because a network-based IDS reviews packets and headers, it can also detect denial of service (DoS) attacks 

Not A or B: 

The following sections discuss some of the possible DoS attacks available. 

Smurf Fraggle SYN Flood Teardrop DNS DoS Attacks” 

Q319. Exhibit: 

Study the following log extract and identify the attack. 

A. Hexcode Attack 

B. Cross Site Scripting 

C. Multiple Domain Traversal Attack 

D. Unicode Directory Traversal Attack 

Answer: D

Explanation: The “Get /msadc/……/……/……/winnt/system32/cmd.exe?” shows that a Unicode Directory Traversal Attack has been performed. 

Q320. StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks. 

A. Canary 

B. Hex editing 

C. Format checking 

D. Non-executing stack 

Answer: A

Explanation: Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.