It is more faster and easier to pass the EC-Council 312-50 exam by using Realistic EC-Council Ethical Hacking and Countermeasures (CEHv6) questuins and answers. Immediate access to the Far out 312-50 Exam and find the same core area 312-50 questions with professionally verified answers, then PASS your exam with a high score now.

2017 Apr 312-50 actual test

Q141. Which of the following are potential attacks on cryptography? (Select 3) 

A. One-Time-Pad Attack 

B. Chosen-Ciphertext Attack 

C. Man-in-the-Middle Attack 

D. Known-Ciphertext Attack 

E. Replay Attack 

Answer: BCE

Explanation: A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed "lunchtime" or "midnight" attacks, referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 


Q142. Exhibit 

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal? 

What is odd about this attack? Choose the best answer. 

A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags. 

B. This is back orifice activity as the scan comes form port 31337. 

C. The attacker wants to avoid creating a sub-carries connection that is not normally valid. 

D. These packets were crafted by a tool, they were not created by a standard IP stack. 

Answer: B

Explanation: Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of ‘elite’, meaning ‘elite hackers’. 


Q143. You are scanning the target network for the first time. You are able to detect few convention open ports. While attempting to perform conventional service identification by connecting to the open ports, the scan yields either bad or no result. As you are unsure of the protocols in use, you want to discover as many different protocols as possible. Which of the following scan options can help you achieve this? 

A. Nessus sacn with TCP based pings 

B. Netcat scan with the switches 

C. Nmap scan with the P (ping scan) switch 

D. Nmap with the O (Raw IP Packets switch 

Answer: D

Explanation: -sO IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. If we receive an ICMP protocol unreachable message, then the protocol is not in use. Otherwise we assume it is open. Note that some hosts (AIX, HP-UX, Digital UNIX) and firewalls may not send protocol unreachable messages. 


Q144. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use? 

A. 443 

B. 139 

C. 179 

D. 445 

Answer: D


Q145. Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called? 

A. Spoof attack 

B. Replay attack 

C. Injection attack 

D. Rebound attack 

Answer: B

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 


Most recent 312-50 test:

Q146. ou have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming. 

Which command would you execute to extract the Trojan to a standalone file? 

A. c:\> type readme.txt:virus.exe > virus.exe 

B. c:\> more readme.txt | virus.exe > virus.exe 

C. c:\> cat readme.txt:virus.exe > virus.exe 

D. c:\> list redme.txt$virus.exe > virus.exe 

Answer: C

Explanation: cat will concatenate, or write, the alternate data stream to its own file named virus.exe 


Q147. Sabotage, Advertising and Covering are the three stages of _____ 

A. Social engineering 

B. Reverse Social Engineering 

C. Reverse Software Engineering 

D. Rapid Development Engineering 

Answer: B

Explanation: Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker. 


Q148. Giles is the network administrator for his company, a graphics design company based in Dallas. Most of the network is comprised of Windows servers and workstations, except for some designers that prefer to use MACs. These MAC users are running on the MAC OS X operating system. These MAC users also utilize iChat to talk between each other. Tommy, one of these MAC users, calls Giles and says that his computer is running very slow. Giles then gets more calls from the other MAC users saying they are receiving instant messages from Tommy even when he says he is not on his computer. Giles immediately unplugs Tommy's computer from the network to take a closer look. He opens iChat on Tommy's computer and it says that it sent a file called latestpics.tgz to all the other MAC users. Tommy says he never sent those files. Giles also sees that many of the computer's applications appear to be altered. The path where the files should be has an altered file and the original application is stored in the file's resource fork. 

What has Giles discovered on Tommy's computer? 

A. He has discovered OSX/Chat-burner virus on Tommy's computer 

B. Giles has found the OSX/Leap-A virus on Tommy's computer 

C. This behavior is indicative of the OSX/Inqtana.A virus 

D. On Tommy's computer, Giles has discovered an apparent infection of the OSX/Transmitter.B virus 

Answer: B

Explanation: OSX.Leap.A is a worm that targets installs of Macintosh OS X and spreads via iChat Instant Messenger program. http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99 


Q149. Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 

15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 

21. What can Wayne infer from this traffic log? 

A. The initial traffic from 192.168.12.35 was being spoofed. 

B. The traffic from 192.168.12.25 is from a Linux computer. 

C. The TTL of 21 means that the client computer is on wireless. 

D. The client computer at 192.168.12.35 is a zombie computer. 

Answer: A


Q150. Study the following e-mail message. When the link in the message is clicked, it will take you to an address like: http://hacker.xsecurity.com/in.htm. Note that hacker.xsecurity.com is not an official SuperShopper site! 

What attack is depicted in the below e-mail? 

Dear SuperShopper valued member, 

Due to concerns, for the safety and integrity of the SuperShopper community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports. 

If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result to your account cancellation. This notification expires within 24 hours. 

Once you have updated your account records your SuperShopper will not be interrupted and will continue as normal. 

Please follow the link below and renew your account information. 

https://www.supershopper.com/cgi-bin/webscr?cmd=update-run 

SuperShopper Technical Support http://www.supershopper.com 

A. Phishing attack 

B. E-mail spoofing 

C. social engineering 

D. Man in the middle attack 

Answer: A

Explanation: Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.