We provide real 312-50 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass EC-Council 312-50 Exam quickly & easily. The 312-50 PDF type is available for reading and printing. You can print more and practice many times. With the help of our EC-Council 312-50 dumps pdf and vce product and material, you can easily pass the 312-50 exam.

Q381. You are footprinting an organization to gather competitive intelligence. You visit the company’s website for contact information and telephone numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but not it is not there. 

How would it be possible for you to retrieve information from the website that is outdated? 

A. Visit google’s search engine and view the cached copy. 

B. Visit Archive.org web site to retrieve the Internet archive of the company’s website. 

C. Crawl the entire website and store them into your computer. 

D. Visit the company’s partners and customers website for this information. 

Answer: B

Explanation:

Explanation: Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that's the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org 


Q382. Which of the following snort rules look for FTP root login attempts? 

A. alert tcp -> any port 21 (msg:"user root";) 

B. alert tcp -> any port 21 (message:"user root";) 

C. alert ftp -> ftp (content:"user password root";) 

D. alert tcp any any -> any any 21 (content:"user root";) 

Answer: D

Explanation: The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:”user root”;) 


Q383. Which is the Novell Netware Packet signature level used to sign all packets ? 

A. 0 

B. 1 

C. 2 

D. 3 

Answer: D

Explanation: Level 0 is no signature, Level 3 is communication using signature only. 


Q384. WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing. 

How will you stop web spiders from crawling certain directories on your website? 

A. Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled 

B. Place authentication on root directories that will prevent crawling from these spiders 

C. Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index 

D. Enable SSL on the restricted directories which will block these spiders from crawling 

Answer: A

Explanation: WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. The method used to exclude robots from a server is to create a file on the server which specifies an access policy for robots. This file must be accessible via HTTP on the local URL "/robots.txt". http://www.robotstxt.org/orig.html#format 


Q385. Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management? 

A. Rebecca should make a recommendation to disable the () system call 

B. Rebecca should make a recommendation to upgrade the Linux kernel promptly 

C. Rebecca should make a recommendation to set all child-process to sleep within the execve() 

D. Rebecca should make a recommendation to hire more system administrators to monitor all child processes to ensure that each child process can't elevate privilege 

Answer: B


Q386. Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this? 

A. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer. 

B. He can send an IP packet with the SYN bit and the source address of his computer. 

C. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch. 

D. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine. 

Answer: D


Q387. This is an example of whois record. 

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers) 

A. Search engines like Google, Bing will expose information listed on the WHOIS record 

B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record 

C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record 

D. IRS Agents will use this information to track individuals using the WHOIS record information 

Answer: BC


Q388. War dialing is a very old attack and depicted in movies that were made years ago. 

Why would a modem security tester consider using such an old technique? 

A. It is cool, and if it works in the movies it must work in real life. 

B. It allows circumvention of protection mechanisms by being on the internal network. 

C. It allows circumvention of the company PBX. 

D. A good security tester would not use such a derelict technique. 

Answer: B

Explanation: If you are lucky and find a modem that answers and is connected to the target network, it usually is less protected (as only employees are supposed to know of its existence) and once connected you don’t need to take evasive actions towards any firewalls or IDS. 


Q389. What type of Virus is shown here? 

A. Cavity Virus 

B. Macro Virus 

C. Boot Sector Virus 

D. Metamorphic Virus 

E. Sparse Infector Virus 

Answer: E


Q390. A rootkit is a collection of tools (programs) that enable administrator-level access to a computer. This program hides itself deep into an operating system for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and may be used to create a hidden directory or folder designed to keep out of view from a user's operating system and security software. 

What privilege level does a rootkit require to infect successfully on a Victim's machine? 

A. User level privileges 

B. Ring 3 Privileges 

C. System level privileges 

D. Kernel level privileges 

Answer: D