Your success in EC-Council 312-50 is our sole target and we develop all our 312-50 braindumps in a way that facilitates the attainment of this target. Not only is our 312-50 study material the best you can find, it is also the most detailed and the most updated. 312-50 Practice Exams for EC-Council 312-50 are written to the highest standards of technical accuracy.

Q361. While footprinting a network, what port/service should you look for to attempt a zone transfer? 

A. 53 UDP 

B. 53 TCP 

C. 25 UDP 

D. 25 TCP 

E. 161 UDP 

F. 22 TCP 

G. 60 TCP 


Explanation: IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there. 

Q362. Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch. 

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full? 

A. Switch then acts as hub by broadcasting packets to all machines on the network 

B. The CAM overflow table will cause the switch to crash causing Denial of Service 

C. The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF 

D. Every packet is dropped and the switch sends out SNMP alerts to the IDS port 

Answer: A

Q363. A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system. 

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software. 

What is Rogue security software? 

A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites 

B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software. 

C. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software. 

D. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software. 

E. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites 

F. This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker 

Answer: BCD

Q364. In which location, SAM hash passwords are stored in Windows 7? 

A. c:\windows\system32\config\SAM 

B. c:\winnt\system32\machine\SAM 

C. c:\windows\etc\drivers\SAM 

D. c:\windows\config\etc\SAM 

Answer: A

Q365. According to the CEH methodology, what is the next step to be performed after footprinting? 

A. Enumeration 

B. Scanning 

C. System Hacking 

D. Social Engineering 

E. Expanding Influence 


Explanation: Once footprinting has been completed, scanning should be attempted next. 

Scanning should take place on two distinct levels: network and host. 

Q366. In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program? 

A. Design 

B. Elimination 

C. Incorporation 

D. Replication 

E. Launch 

F. Detection 

Answer: E

Q367. Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context? 

A. Trailing 

B. Tailgating 

C. Swipe Gating 

D. Smooth Talking 

Answer: B

Explanation: Tailgating, in which an unauthorized person follows someone with a pass into an office, is a very simple social engineering attack. The intruder opens the door, which the authorized user walks through, and then engages them in conversation about the weather or weekend sport while they walk past the reception area together. 

Q368. A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information? 

A. The packets were sent by a worm spoofing the IP addresses of 47 infected sites B. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system 

C. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number 

D. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0 

Answer: B

Q369. Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. 

In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer) 

A. Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards. 

B. Hire more computer security monitoring personnel to monitor computer systems and networks. 

C. Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life. 

D. Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises. 

Answer: A

Explanation: Bridging the gap would consist of educating the white hats and the black hats equally so that their knowledge is relatively the same. Using books, articles, the internet, and professional training seminars is a way of completing this goal. 

Q370. Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually in place to secure the company's network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company is lacking in. This report then becomes the basis for all of Charlie's remaining tests. 

What type of initial analysis has Charlie performed to show the company which areas it needs improvements in? 

A. Charlie has performed a BREACH analysis; showing the company where its weak points are 

B. This analysis would be considered a vulnerability analysis 

C. This type of analysis is called GAP analysis 

D. This initial analysis performed by Charlie is called an Executive Summary 

Answer: C

Explanation: In business and economics, gap analysis is a tool that helps a company to compare its actual performance with its potential performance. 

At its core are two questions: "Where are we?" and "Where do we want to be?".