EC-Council recognition, which usually possesses optimum benefit within it employment market, could keep "pirate talent" using its pricey price along with tight entering process, specially the lessons regarding train, secure the factors to understand a little something well deserved along with keep it is initial "solid attribute." The actual strictness connected with EC-Council recognition is actually world-famous along with anyone who has ever attained the actual qualification possessed acquired around 3 to 4 situations teaching. Right now, there may be still simply no the actual document that you whos passed the actual recognition test only is actually properly trained at last.

2017 Apr 312-50 question

Q161. Statistics from and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies. 

What do you think is the main reason behind the significant increase in hacking attempts over the past years? 

A. It is getting more challenging and harder to hack for non technical people. 

B. There is a phenomenal increase in processing power. 

C. New TCP/IP stack features are constantly being added. 

D. The ease with which hacker tools are available on the Internet. 


Explanation: Today you don’t need to be a good hacker in order to break in to various systems, all you need is the knowledge to use search engines on the internet. 

Q162. What is the purpose of firewalking? 

A. It's a technique used to discover Wireless network on foot 

B. It's a technique used to map routers on a network link 

C. It's a technique used to discover interface in promiscuous mode 

D. It's a technique used to discover what rules are configured on a gateway 

Answer: D

Explanation: Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. 

Q163. Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on its database. This cookie is submitted every time a user launches a Google search, visits a site using AdSense etc. The information stored in Google's database, identified by the cookie, includes 

-Everything you search for using Google -Every web page you visit that has Google Adsense ads 

How would you prevent Google from storing your search keywords? 

A. Block Google Cookie by applying Privacy and Security settings in your web browser 

B. Disable the Google cookie using Google Advanced Search settings on Google Search page 

C. Do not use Google but use another search engine Bing which will not collect and store your search keywords 

D. Use MAC OS X instead of Windows 7. Mac OS has higher level of privacy controls by default. 

Answer: A

Q164. What do you conclude from the nmap results below? 

Staring nmap V. 3.10ALPHA0 ( 

(The 1592 ports scanned but not shown below are in state: closed) 

PortStateService 21/tcpopenftp 25/tcpopensmtp 80/tcpopenhttp 443/tcpopenhttps 

Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed – 1 IP address (1 host up) scanned in 91.66 seconds 

A. The system is a Windows Domain Controller. 

B. The system is not firewalled. 

C. The system is not running Linux or Solaris. 

D. The system is not properly patched. 


Explanation: There is no reports of any ports being filtered. 

Q165. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’? 

A. The ethical hacker does not use the same techniques or skills as a cracker. 

B. The ethical hacker does it strictly for financial motives unlike a cracker. 

C. The ethical hacker has authorization from the owner of the target. 

D. The ethical hacker is just a cracker who is getting paid. 

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. 

Updated 312-50 test questions:

Q166. What is the following command used for? 

net use \targetipc$ "" /u:"" 

A. Grabbing the etc/passwd file 

B. Grabbing the SAM 

C. Connecting to a Linux computer through Samba. 

D. This command is used to connect as a null session 

E. Enumeration of Cisco routers 


Explanation: The null session is one of the most debilitating vulnerabilities faced by Windows. 

Null sessions can be established through port 135, 139, and 445. 

Q167. After studying the following log entries, how many user IDs can you identify that the attacker has tampered with? 

1. mkdir -p /etc/X11/applnk/Internet/.etc 

2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd 

3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd 

4. touch -acmr /etc /etc/X11/applnk/Internet/.etc 

5. passwd nobody -d 

6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash 

7. passwd dns -d 

8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd 

9. touch -acmr /etc/X11/applnk/Internet/.etc /etc 


B. acmr, dns 

C. nobody, dns 

D. nobody, IUSR_ 

Answer: C

Explanation: Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns. 

Q168. If you come across a sheepdip machaine at your client site, what would you infer? 

A. A sheepdip computer is used only for virus checking. 

B. A sheepdip computer is another name for honeypop. 

C. A sheepdip coordinates several honeypots. 

D. A sheepdip computer defers a denial of service attack. 

Answer: A

Explanation: Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness. 

Q169. Bob has set up three web servers on Windows Server 2003 IIS 6.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run numerous e-commerce websites that are projected to bring in thousands of dollars a day. Bob is still concerned about the security of this server because of the potential for financial loss. Bob has asked his company’s firewall administrator to set the firewall to inspect all incoming traffic on ports 80 and 443 to ensure that no malicious data is getting into the network. 

Why will this not be possible? 

A. Firewalls can’t inspect traffic coming through port 443 

B. Firewalls can only inspect outbound traffic 

C. Firewalls can’t inspect traffic coming through port 80 

D. Firewalls can’t inspect traffic at all, they can only block or allow certain ports 


Explanation: In order to really inspect traffic and traffic patterns you need an IDS. 

Q170. Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network. 

Why would an attacker try to create a null session with a computer on a network? 

A. Enumerate users shares 

B. Install a backdoor for later attacks 

C. Escalate his/her privileges on the target server 

D. To create a user with administrative privileges for later use 

Answer: A

Explanation: The Null Session is often referred to as the "Holy Grail" of Windows hacking. Listed as the number 5 windows vulnerability on the SANS/FBI Top 20 list, Null Sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) architecture. You can establish a Null Session with a Windows (NT/2000/XP) host by logging on with a null user name and password. Using these null connections allows you to gather the following information from the host: 

-List of users and groups 

-List of machines 

-List of shares 

-Users and host SID' (Security Identifiers) 

Topic 5, System Hacking 

177. If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible? 

A. Birthday 

B. Brute force 

C. Man-in-the-middle 

D. Smurf 

Answer: B

Explanation: Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.