Master the 312-50 Ethical Hacking and Countermeasures (CEHv6) content and be ready for exam day success quickly with this Pass4sure 312-50 question. We guarantee it!We make it a reality and give you real 312-50 questions in our EC-Council 312-50 braindumps.Latest 100% VALID EC-Council 312-50 Exam Questions Dumps at below page. You can use our EC-Council 312-50 braindumps and pass your exam.

Q21. _____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another. 

A. Canonicalization 

B. Character Mapping 

C. Character Encoding 

D. UCS transformation formats 

Answer: A

Explanation: Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a "standard" canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order. 

Q22. A Company security System Administrator is reviewing the network system log files. He notes the following: 

-Network log files are at 5 MB at 12:00 noon. 

-At 14:00 hours, the log files at 3 MB. 

What should he assume has happened and what should he do about the situation? 

A. He should contact the attacker’s ISP as soon as possible and have the connection disconnected. 

B. He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy. 

C. He should log the file size, and archive the information, because the router crashed. 

D. He should run a file system check, because the Syslog server has a self correcting file system problem. 

E. He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place. 

Answer: B

Explanation: You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy. 

Q23. Which of these are phases of a reverse social engineering attack? 

Select the best answers. 

A. Sabotage 

B. Assisting 

C. Deceiving 

D. Advertising 

E. Manipulating 

Answer: ABD


According to "Methods of Hacking: Social Engineering", by Rick Nelson, the three phases of reverse social engineering attacks are sabotage, advertising, and assisting. 

Q24. What are the default passwords used by SNMP?(Choose two.) 

A. Password 

B. SA 

C. Private 

D. Administrator 

E. Public 

F. Blank 

Answer: CE

Explanation: Besides the fact that it passes information in clear text, SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP. 

Q25. Network Intrusion Detection systems can monitor traffic in real time on networks. 

Which one of the following techniques can be very effective at avoiding proper detection? 

A. Fragmentation of packets. 

B. Use of only TCP based protocols. 

C. Use of only UDP based protocols. 

D. Use of fragmented ICMP traffic only. 

Answer: A

Explanation: If the default fragmentation reassembly timeout is set to higher on the client than on the IDS then the it is possible to send an attack in fragments that will never be reassembled in the IDS but they will be reassembled and read on the client computer acting victim. 

Q26. How does traceroute map the route a packet travels from point A to point B? 

A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message 

B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message 

C. Uses a protocol that will be rejected by gateways on its way to the destination 

D. Manipulates the flags within packets to force gateways into generating error messages 

Answer: B

Q27. How would you prevent session hijacking attacks? 

A. Using biometrics access tokens secures sessions against hijacking 

B. Using non-Internet protocols like http secures sessions against hijacking 

C. Using hardware-based authentication secures sessions against hijacking 

D. Using unpredictable sequence numbers secures sessions against hijacking 

Answer: D

Explanation: Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try. 

Q28. Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder’s IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his network hackers on the Internet. 

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall use. 

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder’s attempts. 

Samuel wants to completely block hackers brute force attempts on his network. 

What are the alternatives to defending against possible brute-force password attacks on his site? 

A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users 

B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually 

C. Enforce complex password policy on your network so that passwords are more difficult to brute force 

D. You can’t completely block the intruders attempt if they constantly switch proxies 

Answer: D

Explanation: Without knowing from where the next attack will come there is no way of proactively block the attack. This is becoming a increasing problem with the growth of large bot nets using ordinary workstations and home computers in large numbers. 

Q29. Gerald is a Certified Ethical Hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit of the company's network. One of the company's primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company's home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses a session hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client's session; he simply monitors the traffic that passes between it and the server. 

What type of session attack is Gerald employing here? 

A. He is utilizing a passive network level hijack to see the session traffic used to communicate between the two devices 

B. Gerald is using a passive application level hijack to monitor the client and server traffic 

C. This type of attack would be considered an active application attack since he is actively monitoring the traffic 

D. This type of hijacking attack is called an active network attack 

Answer: C

Explanation: Session Hijacking is an active attack 

Q30. What type of attack is shown here? 

A. Bandwidth exhaust Attack 

B. Denial of Service Attack 

C. Cluster Service Attack 

D. Distributed Denial of Service Attack 

Answer: B