Exam Code: 312-50 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Ethical Hacking and Countermeasures (CEHv6)
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass 312-50 Exam.

Q211. You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open. 

What is the next step you would do? 

A. Re-install the operating system. 

B. Re-run anti-virus software. 

C. Install and run Trojan removal software. 

D. Run utility fport and look for the application executable that listens on port 6666. 

Answer: D

Explanation: Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications. 

Q212. ARP poisoning is achieved in _____ steps 

A. 1 

B. 2 

C. 3 

D. 4 

Answer: B

Explanation: The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router, associating his computer's MAC address with your IP Address. Now your router thinks the hacker's computer is your computer. Next, the hacker sends a malicious ARP reply to your computer, associating his MAC Address with the routers IP Address. Now your machine thinks the hacker's computer is your router. The hacker has now used ARP poisoning to accomplish a MitM attack. 

Q213. SSL has been as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to Point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between Point A to Point B? 

A. SSL is redundant if you already have IDS’s in place 

B. SSL will trigger rules at regular interval and force the administrator to turn them off 

C. SSL will make the content of the packet and Intrusion Detection System are blinded 

D. SSL will slow down the IDS while it is breaking the encryption to see the packet content 


Explanation: An IDS will not be able to evaluate the content in the packets if it is encrypted. 

Q214. Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack? 

A. Teardrop 

B. Smurf 

C. Ping of Death 

D. SYN flood 

E. SNMP Attack 

Answer: A

Explanation: The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash. 

Q215. Bill has started to notice some slowness on his network when trying to update his company’s website while trying to access the website from the Internet. Bill asks the help desk manager if he has received any calls about slowness from the end users, but the help desk manager says that he has not. Bill receives a number of calls from customers that can’t access the company website and can’t purchase anything online. Bill logs on to a couple of this routers and notices that the logs shows network traffic is at all time high. He also notices that almost all the traffic is originating from a specific address. 

Bill decides to use Geotrace to find out where the suspect IP is originates from. The Geotrace utility runs a traceroute and finds that IP is coming from Panama. Bill knows that none of his customers are in Panama so he immediately thinks that his company is under a Denial of Service attack. Now Bill needs to find out more about the originating IP Address. 

What Internet registry should Bill look in to find the IP Address? 





Answer: A

Explanation: LACNIC is the Latin American and Caribbean Internet Addresses Registry that administers IP addresses, autonomous system numbers, reverse DNS, and other network resources for that region. 

Q216. In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. 

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack? 

A. Full Blown 

B. Thorough 

C. Hybrid 

D. BruteDics 

Answer: C

Explanation: A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack. 

Q217. You have installed antivirus software and you want to be sure that your AV signatures are working correctly. You don't want to risk the deliberate introduction of a live virus to test the AV software. You would like to write a harmless test virus, which is based on the European Institute for Computer Antivirus Research format that can be detected by the AV software. 

How should you proceed? 

A. Type the following code in notepad and save the file as SAMPLEVIRUS.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$SAMPLEVIRUS-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

B. Type the following code in notepad and save the file as AVFILE.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$AVFILE-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

C. Type the following code in notepad and save the file as TESTAV.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$TESTAV-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

D. Type the following code in notepad and save the file as EICAR.COM. Your antivirus program springs into action whenever you attempt to open, run or copy it. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

Answer: D

Explanation: The EICAR test file (official name: EICAR Standard Anti-Virus Test File) is a file, developed by the European Institute for Computer Antivirus Research, to test the response of computer antivirus (AV) programs. The rationale behind it is to allow people, companies, and AV programmers to test their software without having to use a real computer virus that could cause actual damage should the AV not respond correctly. EICAR likens the use of a live virus to test AV software to setting a fire in a trashcan to test a fire alarm, and promotes the EICAR test file as a safe alternative. 

Q218. When working with Windows systems, what is the RID of the true administrator account? 

A. 500 

B. 501 

C. 512 

D. 1001 

E. 1024 

F. 1000 


Explanation: The built-in administrator account always has a RID of 500. 

Q219. What does a type 3 code 13 represent?(Choose two. 

A. Echo request 

B. Destination unreachable 

C. Network unreachable 

D. Administratively prohibited 

E. Port unreachable 

F. Time exceeded 

Answer: BD

Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port. 

Q220. You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ? 

A. Black box testing 

B. Black hat testing 

C. Gray box testing 

D. Gray hat testing 

E. White box testing 

F. White hat testing 


Explanation: Internal Testing is also referred to as Gray-box testing.