Pass4sure 312-50 Questions are updated and all 312-50 answers are verified by experts. Once you have completely prepared with our 312-50 exam prep kits you will be ready for the real 312-50 exam without a problem. We have Regenerate EC-Council 312-50 dumps study guide. PASSED 312-50 First attempt! Here What I Did.

Q151. What port scanning method is the most reliable but also the most detectable? 

A. Null Scanning 

B. Connect Scanning 

C. ICMP Scanning 

D. Idlescan Scanning 

E. Half Scanning 

F. Verbose Scanning 

Answer: B

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. 


Q152. An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker drafts e-mail to an employee on the contact page that appears to come from an individual who might reasonably request confidential information, such as a network administrator. 

The email asks the employee to log into a bogus page that requests the employee's user name and password or click on a link that will download spyware or other malicious programming. 

Google's Gmail was hacked using this technique and attackers stole source code and sensitive data from Google servers. This is highly sophisticated attack using zero-day exploit vectors, social engineering and malware websites that focused on targeted individuals working for the company. 

What is this deadly attack called? 

A. Spear phishing attack 

B. Trojan server attack 

C. Javelin attack 

D. Social networking attack 

Answer: A


Q153. On wireless networks, a SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless network? 

A. The SSID is only 32 bits in length 

B. The SSID is transmitted in clear text 

C. The SSID is to identify a station not a network 

D. The SSID is the same as the MAC address for all vendors 

Answer: B

Explanation: The use of SSIDs is a fairly weak form of security, because most access points broadcast the SSID, in clear text, multiple times per second within the body of each beacon frame. A hacker can easily use an 802.11 analysis tool (e.g., AirMagnet, Netstumbler, or AiroPeek) to identify the SSID. 


Q154. In Trojan terminology, what is a covert channel? 

A. A channel that transfers information within a computer system or network in a way that violates the security policy 

B. A legitimate communication path within a computer system or network for transfer of data 

C. It is a kernel operation that hides boot processes and services to mask detection 

D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections 

Answer: A


Q155. Darren is the network administrator for Greyson & Associates, a large law firm in Houston. Darren is responsible for all network functions as well as any digital forensics work that is needed. Darren is examining the firewall logs one morning and notices some unusual activity. He traces the activity target to one of the firm's internal file servers and finds that many documents on that server were destroyed. After performing some calculations, Darren finds the damage to be around $75,000 worth of lost data. Darren decides that this incident should be handled and resolved within the same day of its discovery. 

What incident level would this situation be classified as? 

A. This situation would be classified as a mid-level incident 

B. Since there was over $50,000 worth of loss, this would be considered a high-level incident 

C. Because Darren has determined that this issue needs to be addressed in the same day it was discovered, this would be considered a low-level incident 

D. This specific incident would be labeled as an immediate-level incident 

Answer: D


Q156. On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner? 

A. Use "Is" 

B. Use "lsof" 

C. Use "echo" 

D. Use "netstat" 

Answer: B

Explanation: lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several UNIX flavors. 


Q157. Bob is a Junior Administrator at ABC Company. On One of Linux machine he entered the following firewall rules: 

iptables –t filter –A INPUT -p tcp --dport 23 –j DROP 

Why he entered the above line? 

A. To accept the Telnet connection 

B. To deny the Telnet connection 

C. The accept all connection except telnet connection 

D. None of Above 

Answer: B

Explanation: -t, --table 

This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: filter This is the default table, and contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). nat This table is consulted when a packet which is creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). 

-A, --append 

Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. -p, --protocol [!] protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. Also a protocol name from /etc/protocols is allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted. All may not be used in in combination with the check command. --destination-port [!] [port[:port]] Destination port or port range specification. The flag --dport is an alias for this option. -j, --jump target 

This specifies the target of the rule; ie. what to do if the packet matches it. The target can be a user-defined chain (not the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented. 


Q158. You receive an e-mail with the following text message. 

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible." 

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service". 

What category of virus is this? 

A. Virus hoax 

B. Spooky Virus 

C. Stealth Virus 

D. Polymorphic Virus 

Answer: A


Q159. Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password? 

A. Dictionary attack 

B. Brute forcing attack 

C. Hybrid attack 

D. Syllable attack 

E. Rule-based attack 

Answer: C


Q160. John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately. 

What would you suggest to John to help identify the OS that is being used on the remote web server? 

A. Connect to the web server with a browser and look at the web page. 

B. Connect to the web server with an FTP client. 

C. Telnet to port 8080 on the web server and look at the default page code. 

D. Telnet to an open port and grab the banner. 

Answer: D

Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.