Proper study guides for Latest EC-Council Ethical Hacking and Countermeasures (CEHv6) certified begins with EC-Council 312-50 preparation products which designed to deliver the Pinpoint 312-50 questions by making you pass the 312-50 test at your first time. Try the free 312-50 demo right now.

Q221. Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known weaknesses of LM? (Choose three) 

A. Converts passwords to uppercase. 

B. Hashes are sent in clear text over the network. 

C. Makes use of only 32 bit encryption. 

D. Effective length is 7 characters. 

Answer: ABD

Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. The hashes them self are sent in clear text over the network instead of sending the password in clear text. 

Q222. Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes? 

A. A hidden form field value. 

B. A hidden price value. 

C. An integer variable. 

D. A page cannot be changed locally, as it is served by a web server. 

Answer: A

Q223. Look at the following SQL query. SELECT * FROM product WHERE PCategory='computers' or 1=1--' What will it return? Select the best answer. 

A. All computers and all 1's 

B. All computers 

C. All computers and everything else 

D. Everything except computers 

Answer: C

Explanation: The 1=1 tells the SQL database to return everything, a simplified statement would be SELECT * FROM product WHERE 1=1 (which will always be true for all columns). Thus, this query will return all computers and everything else. The or 1=1 is a common test to see if a web application is vulnerable to a SQL attack. 

Q224. Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access. 

Identify the correct statement related to the above Web Server installation? 

A. Lack of proper security policy, procedures and maintenance 

B. Bugs in server software, OS and web applications 

C. Installing the server with default settings 

D. Unpatched security flaws in the server software, OS and applications 

Answer: C

Q225. Which of the following activities will not be considered passive footprinting? 

A. Go through the rubbish to find out any information that might have been discarded 

B. Search on financial site such as Yahoo Financial to identify assets 

C. Scan the range of IP address found in the target DNS database 

D. Perform multiples queries using a search engine 


Explanation: Scanning is not considered to be passive footprinting. 

Q226. You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. 

What should be the next logical step that should be performed? 

A. Connect to open ports to discover applications. 

B. Perform a ping sweep to identify any additional systems that might be up. 

C. Perform a SYN scan on port 21 to identify any additional systems that might be up. 

D. Rescan every computer to verify the results. 

Answer: C

Explanation: As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems. 

Q227. Stephanie, a security analyst, has just returned from a Black Hat conference in Las Vegas where she learned of many powerful tools used by hackers and security professionals alike. Stephanie is primarily worried about her Windows network because of all the legacy computers and servers that she must use, due to lack of funding. 

Stephanie wrote down many of the tools she learned of in her notes and was particularly interested in one tool that could scan her network for vulnerabilities and return reports on her network's weak spots called SAINT. She remembered from her notes that SAINT is very flexible and can accomplish a number of tasks. Stephanie asks her supervisor, the CIO, if she can download and run SAINT on the network. Her boss said to not bother with it since it will not work for her at all. 

Why did Stephanie's boss say that SAINT would not work? 

A. SAINT only works on Macintosh-based machines 

B. SAINT is too expensive and is not cost effective 

C. SAINT is too network bandwidth intensive 

D. SAINT only works on LINUX and UNIX machines 

Answer: D

Explanation: Works with Unix/Linux/BSD and MacOS X 

Q228. You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed? 

A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information 

C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots" 

D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques 

Answer: B

Q229. You are conducting an idlescan manually using HPING2. During the scanning process, you notice that almost every query increments the IPID- regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of he following options would be a possible reason? 

A. Hping2 can’t be used for idlescanning 

B. The Zombie you are using is not truly idle 

C. These ports are actually open on the target system 

D. A stateful inspection firewall is resetting your queries 

Answer: B

Explanation: If the IPID increments more than one value that means that there has been network traffic between the queries so the zombie is not idle. 

Q230. Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet. 

What could be the most likely cause? 

A. Someone has spoofed Clive’s IP address while doing a smurf attack. 

B. Someone has spoofed Clive’s IP address while doing a land attack. 

C. Someone has spoofed Clive’s IP address while doing a fraggle attack. 

D. Someone has spoofed Clive’s IP address while doing a DoS attack. 

Answer: A

Explanation: The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.