Cause all that matters here is passing the EC-Council 312-50 exam. Cause all that you need is a high score of 312-50 Ethical Hacking and Countermeasures (CEHv6) exam. The only one thing you need to do is downloading Testking 312-50 exam study guides now. We will not let you down with our money-back guarantee.

Q111. Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. 

For /f "tokens=1 %%a in (hackfile.txt) do net use * \\\c$ /user:"Administrator" %%a 

What is Eve trying to do? 

A. Eve is trying to connect as an user with Administrator privileges 

B. Eve is trying to enumerate all users with Administrative privileges 

C. Eve is trying to carry out a password crack for user Administrator 

D. Eve is trying to escalate privilege of the null user to that of Administrator 

Answer: C

Explanation: Eve tries to get a successful login using the username Administrator and passwords from the file hackfile.txt. 

Q112. eter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for? 

Select the best answers. 

A. SNMPUtil 

B. SNScan 

C. SNMPScan 

D. Solarwinds IP Network Browser 

E. NMap 

Answer: ABD


SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree-view of the remote machine's SNMP data. 

Q113. You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of what protocols are being used. You need to discover as many different protocols as possible. Which kind of scan would you use to do this? 

A. Nmap with the –sO (Raw IP packets) switch 

B. Nessus scan with TCP based pings 

C. Nmap scan with the –sP (Ping scan) switch 

D. Netcat scan with the –u –e switches 

Answer: A

Explanation: Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified. 

Q114. _____ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at. 

A. Mandatory Access Control 

B. Authorized Access Control 

C. Role-based Access Control 

D. Discretionary Access Control 

Answer: A

Explanation : In computer security, mandatory access control (MAC) is a kind of access control, defined by the TCSEC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity." 

Q115. Theresa is the chief information security officer for her company, a large shipping company based out of New York City. In the past, Theresa and her IT employees manually checked the status of client computers on the network to see if they had the most recent Microsoft updates. Now that the company has added over 100 more clients to accommodate new departments, Theresa must find some kind of tool to see whether the clients are up-to-date or not. Theresa decides to use Qfecheck to monitor all client computers. When Theresa runs the tool, she is repeatedly told that the software does not have the proper permissions to scan. Theresa is worried that the operating system hardening that she performs on all clients is keeping the software from scanning the necessary registry keys on the client computers. 

What registry key permission should Theresa check to ensure that Qfecheck runs properly? 

A. In order for Qfecheck to run properly, it must have enough permission to read 

B. She needs to check the permissions of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates registry key 

C. Theresa needs to look over the permissions of the registry key 

D. The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft must be checked 

Answer: B

Explanation: Qfecheck check the registry HKLM\Software\Microsoft\Updates 

Q116. You are concerned that someone running PortSentry could block your scans, and you decide to slow your scans so that no one detects them. Which of the following commands will help you achieve this? 

A. nmap -sS -PT -PI -O -T1 <ip address> 

B. nmap -sO -PT -O -C5 <ip address> 

C. nmap -sF -PT -PI -O <ip address> 

D. nmap -sF -P0 -O <ip address> 


Explanation: -T[0-5]: Set timing template (higher is faster) 

Q117. You are the chief information officer for your company, a shipping company based out of Oklahoma City. You are responsible for network security throughout the home office and all branch offices. You have implemented numerous layers of security from logical to physical. As part of your procedures, you perform a yearly network assessment which includes vulnerability analysis, internal network scanning, and external penetration tests. Your main concern currently is the server in the DMZ which hosts a number of company websites. To see how the server appears to external users, you log onto a laptop at a Wi-Fi hot spot. Since you already know the IP address of the web server, you create a telnet session to that server and type in the command: 


After typing in this command, you are presented with the following screen: 

What are you trying to do here? 

A. You are attempting to send an html file over port 25 to the web server. 

B. By typing in the HEAD command, you are attempting to create a buffer overflow on the web server. 

C. You are trying to open a remote shell to the web server. 

D. You are trying to grab the banner of the web server. * 

Answer: D

Q118. On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks? 

A. The SSID is only 32 bits in length. 

B. The SSID is transmitted in clear text. 

C. The SSID is the same as the MAC address for all vendors. 

D. The SSID is to identify a station, not a network. 

Answer: B

Explanation: The SSID IS constructed to identify a network, it IS NOT the same as the MAC address and SSID’s consists of a maximum of 32 alphanumeric characters. 

Q119. Why do you need to capture five to ten million packets in order to crack WEP with AirSnort? 

A. All IVs are vulnerable to attack 

B. Air Snort uses a cache of packets 

C. Air Snort implements the FMS attack and only encrypted packets are counted 

D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers 

Answer: C

Explanation: Since the summer of 2001, WEP cracking has been a trivial but time consuming process. A few tools, AirSnort perhaps the most famous, that implement the Fluhrer-Mantin-Shamir (FMS) attack were released to the security community -- who until then were aware of the problems with WEP but did not have practical penetration testing tools. Although simple to use, these tools require a very large number of packets to be gathered before being able to crack a WEP key. The AirSnort web site estimates the total number of packets at five to ten million, but the number actually required may be higher than you think. 

Q120. A file integrity program such as Tripwire protects against Trojan horse attacks by: 

A. Automatically deleting Trojan horse programs 

B. Rejecting packets generated by Trojan horse programs 

C. Using programming hooks to inform the kernel of Trojan horse behavior 

D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse 

Answer: D

Explanation: Tripwire generates a database of the most common files and directories on your system. Once it is generated, you can then check the current state of your system against the original database and get a report of all the files that have been modified, deleted or added. This comes in handy if you allow other people access to your machine and even if you don't, if someone else does get access, you'll know if they tried to modify files such as /bin/login etc.