It is impossible to pass EC-Council 312-50 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed EC-Council 312-50 practice questions. You will get a surprising result by our Most up-to-date Ethical Hacking and Countermeasures (CEHv6) practice guides.

2017 Apr 312-50 practice question

Q1. When writing shellcodes, you must avoid _________________ because these will end the string. 

A. Null Bytes 

B. Root Bytes 

C. Char Bytes 

D. Unicode Bytes 

Answer: A

Explanation: The null character (also null terminator) is a character with the value zero, present in the ASCII and Unicode character sets, and available in nearly all mainstream programming languages. The original meaning of this character was like NOP — when sent to a printer or a terminal, it does nothing (some terminals, however, incorrectly display it as space). Strings ending in a null character are said to be null-terminated. 

Q2. Which of the following LM hashes represent a password of less than 8 characters? (Select 2) 

A. BA810DBA98995F1817306D272A9441BB 

B. 44EFCE164AB921CQAAD3B435B51404EE 

C. 0182BD0BD4444BF836077A718CCDF409 

D. CEC52EB9C8E3455DC2265B23734E0DAC 

E. B757BF5C0D87772FAAD3B435B51404EE 

F. E52CAC67419A9A224A3B108F3FA6CB6D 

Answer: BE

Explanation: Notice the last 8 characters are the same 

Q3. Which of the following represents the initial two commands that an IRC client sends to join an IRC network? 






Explanation: A "PASS" command is not required for either client or server connection to be registered, but it must precede the server message or the latter of the NICK/USER combination. (RFC 1459) 

Q4. Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible? 

A. Any cookie can be replayed irrespective of the session status 

B. The scenario is invalid as a secure cookie cannot be replayed 

C. It works because encryption is performed at the network layer (layer 1 encryption) 

D. It works because encryption is performed at the application layer (single encryption key) 

Answer: D

Q5. Which of the following statements would not be a proper definition for a Trojan Horse? 

A. An unauthorized program contained within a legitimate program. 

This unauthorized program performs functions unknown (and probably unwanted) by the user. 

B. A legitimate program that has been altered by the placement of unauthorized code within it; this code perform functions unknown (and probably unwanted) by the user. 

C. An authorized program that has been designed to capture keyboard keystrokes while the user remains unaware of such an activity being performed. 

D. Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user. 

Answer: C

Explanation: A Trojan is all about running unauthorized code on the users computer without the user knowing of it. 

Down to date 312-50 sample question:

Q6. You are configuring the security options of your mail server and you would like to block certain file attachments to prevent viruses and malware from entering the users inbox. 

Which of the following file formats will you block? 

(Select up to 6) 

A. .txt 

B. .vbs 

C. .pif 

D. .jpg 

E. .gif 

F. .com 

G. .htm 

H. .rar 

I. .scr 

J. .exe 

Answer: BCEFIJ


Q7. ou wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization. 

While some of the methods listed below work, which holds the least risk of detection? 

A. Make some phone calls and attempt to retrieve the information using social engineering. 

B. Use nmap in paranoid mode and scan the web server. 

C. Telnet to the web server and issue commands to illicit a response. 

D. Use the netcraft web site look for the target organization’s web site. 

Answer: D

Explanation: Netcraft is providing research data and analysis on many aspects of the Internet. Netcraft has explored the Internet since 1995 and is a respected authority on the market share of web servers, operating systems, hosting providers, ISPs, encrypted transactions, electronic commerce, scripting languages and content technologies on the internet. 

Q8. Gerald, the systems administrator for Hyped Enterprise, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, his discovers numerous remote tools were installed that no one claims to have knowledge of in his department. 

Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to proxy server in Brazil. 

Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. 

What tool Geralds’s attacker used to cover their tracks? 

A. Tor 



D. Cheops 

Answer: A

Explanation: Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). 

Q9. Which of the following is not considered to be a part of active sniffing? 

A. MAC Flooding 

B. ARP Spoofing 

C. SMAC Fueling 

D. MAC Duplicating 

Answer: C

Q10. Leonard is a systems administrator who has been tasked by his supervisor to slow down or lessen the amount of SPAM their company receives on a regular basis. SPAM being sent to company email addresses has become a large problem within the last year for them. Leonard starts by adding SPAM prevention software at the perimeter of the network. He then builds a black list, white list, turns on MX callbacks, and uses heuristics to stop the incoming SPAM. While these techniques help some, they do not prevent much of the SPAM from coming in. Leonard decides to use a technique where his mail server responds very slowly to outside connected mail servers by using multi-line SMTP responses. By responding slowly to SMTP connections, he hopes that SPAMMERS will see this and move on to easier and faster targets. 

What technique is Leonard trying to employ here to stop SPAM? 

A. To stop SPAM, Leonard is using the technique called Bayesian Content Filtering 

B. Leonard is trying to use the Transparent SMTP Proxy technique to stop incoming SPAM 

C. This technique that Leonard is trying is referred to as using a Sender Policy Framework to aid in SPAM prevention 

D. He is using the technique called teergrubing to delay SMTP responses and hopefully stop SPAM 

Answer: D

Explanation: Teergrubing FAQ 

What does a UBE sender really need? What does he sell? 

A certain amount of sent E-Mails per minute. This product is called Unsolicited Bulk E-Mail. 

How can anyone hit an UBE sender? 

By destroying his working tools. 


E-Mail is sent using SMTP. For this purpose a TCP/IP connection to the MX host of the recipient is established. Usually a computer is able to hold about 65500 TCP/IP connections from/to a certain port. But in most cases it's a lot less due to limited resources. 

If it is possible to hold a mail connection open (i.e. several hours), the productivity of the UBE sending equipment is dramatically reduced. SMTP offers continuation lines to hold a connection open without running into timeouts. 

A teergrube is a modified MTA (mail transport agent) able to do this to specified senders. 

Incorrect answer: 

Sender Policy Framework (SPF) deals with allowing an organization to publish “Authorized” SMTP servers for their organization through DNS records.