Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Abreast of the times EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.

Q71. Exhibit: 

Given the following extract from the snort log on a honeypot, what do you infer from the attack? 

A. A new port was opened 

B. A new user id was created 

C. The exploit was successful 

D. The exploit was not successful 

Answer: D

Explanation: The attacker submits a PASS to the honeypot and receives a login incorrect before disconnecting. 


Q72. What does the following command in "Ettercap" do? 

ettercap –NCLzs –quiet 

A. This command will provide you the entire list of hosts in the LAN 

B. This command will check if someone is poisoning you and will report its IP 

C. This command will detach ettercap from console and log all the sniffed passwords to a file 

D. This command broadcasts ping to scan the LAN instead of ARP request all the subset IPs 

Answer: C

Explanation: -L specifies that logging will be done to a binary file and –s tells us it is running in script mode. 


Q73. What tool can crack Windows SMB passwords simply by listening to network traffic? 

Select the best answer. 

A. This is not possible 

B. Netbus 

C. NTFSDOS 

D. L0phtcrack 

Answer:

Explanations: 

This is possible with a SMB packet capture module for L0phtcrack and a known weaknesses in the LM hash algorithm. 


Q74. Which of the following command line switch would you use for OS detection in Nmap? 

A. -D 

B. -O 

C. -P 

D. -X 

Answer: B

Explanation: OS DETECTION: -O: Enable OS detection (try 2nd generation w/fallback to 1st) -O2: Only use the new OS detection system (no fallback) -O1: Only use the old (1st generation) OS detection system --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressively 


Q75. Exhibit 

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session. 

What does the first and second column mean? Select two. 

A. The first column reports the sequence number 

B. The second column reports the difference between the current and last sequence number 

C. The second column reports the next sequence number 

D. The first column reports the difference between current and last sequence number 

Answer: AB


Q76. 1 172.16.1.254 (172.16.1.254) 0.724 ms 3.285 ms 0.613 ms 2 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 12.169 ms 14.958 ms 13.416 ms 3 ip68-98-176-1.nv.nv.cox.net (68.98.176.1) 13.948 ms ip68-100-0-1.nv.nv.cox.net 

(68.100.0.1) 16.743 ms 16.207 ms 4 ip68-100-0-137.nv.nv.cox.net (68.100.0.137) 17.324 ms 13.933 ms 

20.938 ms 

5 68.1.1.4 (68.1.1.4) 12.439 ms 220.166 ms 204.170 ms 6 so-6-0-0.gar2.wdc1.Level3.net (67.29.170.1) 16.177 ms 25.943 ms 14.104 ms 7 unknown.Level3.net (209.247.9.173) 14.227 ms 17.553 ms 15.415 ms 8 so-0-1-0.bbr1.NewYork1.level3.net (64.159.1.41) 17.063 ms 20.960 ms 

19.512 ms 9 so-7-0-0.gar1.NewYork1.Level3.net (64.159.1.182) 20.334 ms 19.440 ms 

17.938 ms 10 so-4-0-0.edge1.NewYork1.Level3.net (209.244.17.74) 27.526 ms 18.317 ms 21.202 ms 11 uunet-level3-oc48.NewYork1.Level3.net (209.244.160.12) 21.411 ms 

19.133 ms 18.830 ms 12 0.so-6-0-0.XL1.NYC4.ALTER.NET (152.63.21.78) 21.203 ms 22.670 ms 

20.111 ms 13 0.so-2-0-0.TL1.NYC8.ALTER.NET (152.63.0.153) 30.929 ms 24.858 ms 

23.108 ms 14 0.so-4-1-0.TL1.ATL5.ALTER.NET (152.63.10.129) 37.894 ms 33.244 ms 

33.910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms 

49.466 ms 16 0.so-3-0-0.XR1.MIA4.ALTER.NET (152.63.101.41) 50.937 ms 49.005 ms 

51.055 ms 17 117.ATM6-0.GW5.MIA1.ALTER.NET (152.63.82.73) 51.897 ms 50.280 ms 

53.647 ms 18 target-gw1.customer.alter.net (65.195.239.14) 51.921 ms 51.571 ms 

56.855 ms 19 www.target.com <http://www.target.com/> (65.195.239.22) 52.191 ms 

52.571 ms 56.855 ms 20 www.target.com <http://www.target.com/> (65.195.239.22) 53.561 ms 

54.121 ms 58.333 ms 

You perform the above traceroute and notice that hops 19 and 20 both show the same IP address. This probably indicates what? 

A. A host based IDS 

B. A Honeypot 

C. A stateful inspection firewall 

D. An application proxying firewall 

Answer: C


Q77. Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position. 

Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around but the program he is using does not seem to be capturing anything. He pours through the sniffer’s manual but can’t find anything that directly relates to his problem. Harold decides to ask the network administrator if the has any thoughts on the problem. Harold is told that the sniffer was not working because the agency’s network is a switched network, which can’t be sniffed by some programs without some tweaking. 

What technique could Harold use to sniff agency’s switched network? 

A. ARP spoof the default gateway 

B. Conduct MiTM against the switch 

C. Launch smurf attack against the switch 

D. Flood switch with ICMP packets 

Answer: A

Explanation: ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack). The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack). 


Q78. You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check for security reasons? 

What is the length of the MD5 hash? 

A. 32 bit 

B. 64 byte 

C. 48 char 

D. 128 kb 

Answer: C


Q79. Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin&Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katy&Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox? 

A. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access 

B. By changing the mailbox's name in the URL, Kevin is attempting directory transversal 

C. Kevin is trying to utilize query string manipulation to gain access to her email account 

D. He is attempting a path-string attack to gain access to her mailbox 

Answer: C


Q80. Which Steganography technique uses Whitespace to hide secret messages? 

A. snow 

B. beetle 

C. magnet 

D. cat 

Answer: A