Act now and download your EC-Council 312-50 test today! Do not waste time for the worthless EC-Council 312-50 tutorials. Download Renewal EC-Council Ethical Hacking and Countermeasures (CEHv6) exam with real questions and answers and begin to learn EC-Council 312-50 with a classic professional.

Q251. In Linux, the three most common commands that hackers usually attempt to Trojan are: 

A. car, xterm, grep 

B. netstat, ps, top 

C. vmware, sed, less 

D. xterm, ps, nc 

Answer: B

Explanation: The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users, in this case netstat, ps, and top, for a complete list of commonly trojaned and rootkited software please reference this URL: 

Q252. The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let's say that you've entered your credit card information into a form that uses the GET method. The URL may appear like this: 

The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. How would you protect from this type of attack? 

A. Never include sensitive information in a script 

B. Use HTTPS SSLv3 to send the data instead of plain HTTPS 

C. Replace the GET with POST method when sending data 

D. Encrypt the data before you send using GET method 

Answer: C

Q253. Harold just got home from working at Henderson LLC where he works as an IT technician. He was able to get off early because they were not too busy. When he walks into his home office, he notices his teenage daughter on the computer, apparently chatting with someone online. As soon as she hears Harold enter the room, she closes all her windows and tries to act like she was playing a game. When Harold asks her what she was doing, she acts very nervous and does not give him a straight answer. Harold is very concerned because he does not want his daughter to fall victim to online predators and the sort. Harold doesn't necessarily want to install any programs that will restrict the sites his daughter goes to, because he doesn't want to alert her to his trying to figure out what she is doing. Harold wants to use some kind of program that will track her activities online, and send Harold an email of her activity once a day so he can see what she has been up to. What kind of software could Harold use to accomplish this? 

A. Install hardware Keylogger on her computer 

B. Install screen capturing Spyware on her computer 

C. Enable Remote Desktop on her computer 

D. Install VNC on her computer 

Answer: B

Q254. While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80. 

What can you infer from this observation? 

A. They are using Windows based web servers. 

B. They are using UNIX based web servers. 

C. They are not using an intrusion detection system. 

D. They are not using a stateful inspection firewall. 

Answer: D

Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK. 

Q255. What type of Virus is shown here? 

A. Macro Virus 

B. Cavity Virus 

C. Boot Sector Virus 

D. Metamorphic Virus 

E. Sparse Infector Virus 

Answer: B

Q256. You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data. 

What kind of program can you use to track changes to files on the server? 

A. Network Based IDS (NIDS) 

B. Personal Firewall 

C. System Integrity Verifier (SIV) 

D. Linux IP Chains 

Answer: C

Explanation: System Integrity Verifiers like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. 

Q257. Which of the following keyloggers can’t be detected by anti-virus or anti-spyware products? 

A. Hardware keylogger 

B. Software Keylogger 

C. Stealth Keylogger 

D. Convert Keylogger 

Answer: A

Explanation: A hardware keylogger will never interact with the operating system and therefore it will never be detected by any security programs running in the operating system. 

Q258. Steven is a senior security analyst for a state agency in Tulsa, Oklahoma. His agency is currently undergoing a mandated security audit by an outside consulting firm. The consulting firm is halfway through the audit and is preparing to perform the actual penetration testing against the agency’s network. The firm first sets up a sniffer on the agency’s wired network to capture a reasonable amount of traffic to analyze later. This takes approximately 2 hours to obtain 10 GB of data. The consulting firm then sets up a sniffer on the agency’s wireless network to capture the same amount of traffic. This capture only takes about 30 minutes to get 10 GB of data. 

Why did capturing of traffic take much less time on the wireless network? 

A. Because wireless access points act like hubs on a network 

B. Because all traffic is clear text, even when encrypted 

C. Because wireless traffic uses only UDP which is easier to sniff 

D. Because wireless networks can’t enable encryption 

Answer: A

Explanation: You can not have directed radio transfers over a WLAN. Every packet will be broadcasted as far as possible with no concerns about who might hear it. 

Q259. While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective? 

A. Block port 25 at the firewall. 

B. Shut off the SMTP service on the server. 

C. Force all connections to use a username and password. 

D. Switch from Windows Exchange to UNIX Sendmail. 

E. None of the above. 

Answer: E

Explanation: Blocking port 25 in the firewall or forcing all connections to use username and password would have the consequences that the server is unable to communicate with other SMTP servers. Turning of the SMTP service would disable the email function completely. All email servers use SMTP to communicate with other email servers and therefore changing email server will not help. 

Q260. While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect’s workstation. He comes across a file that is called ‘file.txt’ but when he opens it, he find the following: 

What does this file contain? 

A. A picture that has been renamed with a .txt extension. 

B. An encrypted file. 

C. A uuencoded file. 

D. A buffer overflow. 


Explanation: This is a buffer overflow exploit with its “payload” in hexadecimal format.