Facts about ethical hacking and countermeasures exam 312-50

It is more faster and easier to pass the EC-Council 312-50 exam by using Printable EC-Council Ethical Hacking and Countermeasures (CEHv6) questuins and answers. Immediate access to the Down to date 312-50 Exam and find the same core area 312-50 questions with professionally verified answers, then PASS your exam with a high score now.

2016 Sep certified ethical hacker exam 312-50 pdf:

Q111. You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discovering the internal structure of publicly accessible areas of the network. How can you achieve this? 

A. Block TCP at the firewall 

B. Block UDP at the firewall 

C. Block ICMP at the firewall 

D. There is no way to completely block tracerouting into this area 

Answer: D

Explanation: If you create rules that prevents attackers to perform traceroutes to your DMZ then you’ll also prevent anyone from accessing the DMZ from outside the company network and in that case it is not a DMZ you have. 


Q112. What is the goal of a Denial of Service Attack? 

A. Capture files from a remote computer. 

B. Render a network or computer incapable of providing normal service. 

C. Exploit a weakness in the TCP stack. 

D. Execute service at PS 1009. 

Answer: B

Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB). 


Q113. John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the logfiles to investigate the attack. 

Take a look at the following Linux logfile snippet. The hacker compromised and "owned" a Linux machine. What is the hacker trying to accomplish here? 

[root@apollo /]# rm rootkit.c 

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; 

rm /sbin/portmap ; rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm - rf /usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; 

rm /sbin/por359 ? 00:00:00 inetd 359 ? 00:00:00 inetd 

rm: cannot remove `/tmp/h': No such file or directory 

rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 

[root@apollo /]# ps -aux | grep portmap 

[root@apollo /]# [root@apollo /]# ps -aux | grep inetd ; ps -aux | grep portmap ; rm 

/sbin/portmap ; 

rm /tmp/h ; rm /usr/sbin/rpc.portmap ; rm -rf .bash* ; rm -rf /root/.bash_history ; rm - rf 

/usr/sbin/namedps -aux | grep inetd ; ps -aux | grep portmap ; rm /sbin/por359 ? 00:00:00 

inetd 

rm: cannot remove `/sbin/portmap': No such file or directory 

rm: cannot remove `/tmp/h': No such file or directory 

>rm: cannot remove `/usr/sbin/rpc.portmap': No such file or directory 

[root@apollo /]# rm: cannot remove `/sbin/portmap': No such file or directory 

A. The hacker is planting a rootkit 

B. The hacker is trying to cover his tracks 

C. The hacker is running a buffer overflow exploit to lock down the system 

D. The hacker is attempting to compromise more machines on the network 

Answer: B 

Explanation: By deleting temporary directories and emptying like bash_history that contains the last commands used with the bash shell he is trying to cover his tracks. 


Q114. Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports? 

A. Netcat -h -U 

B. Netcat -hU <host(s.> 

C. Netcat -sU -p 1-1024 <host(s.> 

D. Netcat -u -v -w2 <host> 1-1024 

E. Netcat -sS -O target/1024 

Answer: D 

Explanation: The proper syntax for a UDP scan using Netcat is "Netcat -u -v -w2 <host> 1-1024". 

Netcat is considered the Swiss-army knife of hacking tools because it is so versatile. 


Q115. Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference? 

A. Eric network has been penetrated by a firewall breach 

B. The attacker is using the ICMP protocol to have a covert channel 

C. Eric has a Wingate package providing FTP redirection on his network 

D. Somebody is using SOCKS on the network to communicate through the firewall 

Answer: D

Explanation: Port Description: SOCKS. SOCKS port, used to support outbound tcp services (FTP, HTTP, etc). Vulnerable similar to FTP Bounce, in that attacker can connect to this port and \bounce\ out to another internal host. Done to either reach a protected internal host or mask true source of attack. Listen for connection attempts to this port -- good sign of port scans, SOCKS-probes, or bounce attacks. Also a means to access restricted resources. Example: Bouncing off a MILNET gateway SOCKS port allows attacker to access web sites, etc. that were restricted only to.mil domain hosts. 


312-50 exam cram

Most up-to-date certified ethical hacker exam 312-50 pdf:

Q116. You have been using the msadc.pl attack script to execute arbitrary commands on an NT4 web server. While it is effective, you find it tedious to perform extended functions. On further research you come across a perl script that runs the following msadc functions: 


What kind of exploit is indicated by this script? 

A. A buffer overflow exploit. 

B. A SUID exploit. 

C. A SQL injection exploit. 

D. A chained exploit. 

E. A buffer under run exploit. 

Answer: D


Q117. ou are footprinting Acme.com to gather competitive intelligence. You visit the acme.com websire for contact information and telephone number numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but now it is not there. How would it be possible for you to retrieve information from the website that is outdated? 

A. Visit google search engine and view the cached copy. 

B. Visit Archive.org site to retrieve the Internet archive of the acme website. 

C. Crawl the entire website and store them into your computer. 

D. Visit the company’s partners and customers website for this information. 

Answer: B

Explanation: The Internet Archive (IA) is a non-profit organization dedicated to maintaining an archive of Web and multimedia resources. Located at the Presidio in San Francisco, California, this archive includes "snapshots of the World Wide Web" (archived copies of pages, taken at various points in time), software, movies, books, and audio recordings (including recordings of live concerts from bands that allow it). This site is found at www.archive.org. 


Q118. As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? 

Select the best answers. 

A. Use the same machines for DNS and other applications 

B. Harden DNS servers 

C. Use split-horizon operation for DNS servers 

D. Restrict Zone transfers 

E. Have subnet diversity between DNS servers 

Answer: BCDE

Explanations: 

A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called split-horizon operation). Zone transfers should only be accepted from authorized DNS servers. By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down. 


Q119. A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database? 

A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database 

B. An attacker submits user input that executes an operating system command to compromise a target system 

C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access 

D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database 

Answer: A

Explanation: Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack. 


Q120. A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider? 

A. The CEO of the company because he has access to all of the computer systems 

B. A government agency since they know the company computer system strengths and weaknesses 

C. Disgruntled employee, customers, suppliers, vendors, business partners, contractors, temps, and consultants 

D. A competitor to the company because they can directly benefit from the publicity generated by making such an attack 

Answer: C 

Explanation: An insider is anyone who already has an foot inside one way or another.