EC-COUNCIL 312-50 exam exercise questions,312-50 dumps easy to prepare for passing exams

Certified Ethical Hacker | CEH Certification | CEH v10 | EC-Council” Exam 312-50. Here you can get the latest free EC-COUNCIL 312-50 exam exercise questions and answers for free and easily improve your skills!

312-50 exam: A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. Follow the link to find more information about exam.

Table of Contents:

Latest EC-COUNCIL 312-50 pdf

[PDF] Free EC-COUNCIL 312-50 pdf dumps download from Google Drive:

Certified Ethical Hacker | CEH Certification | CEH v10 | EC-Council:

Free EC-COUNCIL 312-50 Exam Practice Questions

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict,
and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company
secrets and intellectual property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee,.
These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select
2 answers)
A. Frequently leaves work early, arrive late or call in sick
B. Spends time surfing the Internet or on the phone
C. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments
D. Always negative; finds fault with everything
E. Limit access to the applications they can run on their desktop computers and enforce strict work hour rules
F. By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different
environments with varying levels of access and security to various employees
G. Organizations must ensure that their corporate data is centrally managed and delivered to users just and when
H. Limit Internet access, e-mail communications, access to social networking sites and job hunting portals
Correct Answer: BC

What do you conclude from the nmap results below?
Staring nmap V. 3.10ALPHA0 (
(The 1592 ports scanned but not shown below are in state: closed)
PortStateService 21/tcpopenftp 25/tcpopensmtp 80/tcpopenhttp 443/tcpopenhttps
Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed 1 IP
address (1 host up) scanned in 91.66 seconds
A. The system is a Windows Domain Controller.
B. The system is not firewalled.
C. The system is not running Linux or Solaris.
D. The system is not properly patched.
Correct Answer: B
There is no reports of any ports being filtered.

How does traceroute map the route a packet travels from point A to point B?
A. Uses a TCP timestamp packet that will elicit a time exceeded in transit message
B. Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message
C. Uses a protocol that will be rejected by gateways on its way to the destination
D. Manipulates the flags within packets to force gateways into generating error messages
Correct Answer: B

The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the
destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it
is able to determine the path packets take to reach the destination.
The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute
sends out end up being filtered, making it impossible to completely trace the path to the destination.lead4pass 312-50 exam question q4

How would you overcome the Firewall restriction on ICMP ECHO packets?
A. Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for
connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most
common firewall filters.
B. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for
connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most
common firewall filters.
C. Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for
connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most
common firewall filters.
D. Do not use traceroute command to determine the path packets take to reach the destination instead use the custom
hacking tool JOHNTHETRACER and run with the command
Correct Answer: A

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host
and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of
the SYN/ACK before the connection is established. This is referred to as the “TCP three-way handshake.” While waiting
for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections
waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds
after the SYN ACK. How would an attacker exploit this design by launching TCP SYN attack?
A. Attacker generates TCP SYN packets with random destination addresses towards a victim host
B. Attacker floods TCP SYN packets with random source addresses towards a victim host
C. Attacker generates TCP ACK packets with random source addresses towards a victim host
D. Attacker generates TCP RST packets with random source addresses towards a victim host
Correct Answer: B

The programmers on your team are analyzing the free, open source software being used to run FTP services on a
server in your organization. They notice that there is excessive number of functions in the source code that might lead to
buffer overflow. These C++ functions do not check bounds. Identify the line the source code that might lead to buffer
overflow.lead4pass 312-50 exam question q6

A. Line number 31.
B. Line number 15
C. Line number 8
D. Line number 14
Correct Answer: B

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate
A. Snort
B. argus
C. TCPflow
D. Tcpdump
Correct Answer: C
Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way
that is convenient for protocol analysis or debugging. A program like \\’tcpdump\\’ shows a summary of packets seen on
the wire, but usually doesn\\’t store the data that\\’s actually being transmitted. In contrast, tcpflow reconstructs the
actual data streams and stores each flow in a separate file for later analysis.

Steven is the senior network administrator for Onkton Incorporated, an oil well drilling company in Oklahoma City.
Steven and his team of IT technicians are in charge of keeping inventory for the entire company; including computers,
software, and oil well equipment. To keep track of everything, Steven has decided to use RFID tags on their entire
inventory so they can be scanned with either a wireless scanner or a handheld scanner. These RFID tags hold as much
information as possible about the equipment they are attached to. When Steven purchased these tags, he made sure
they were as state of the art as possible. One feature he really liked was the ability to disable RFID tags if necessary.
This comes in very handy when the company actually sells oil drilling equipment to other companies. All Steven has to
do is disable the RFID tag on the sold equipment and it cannot give up any information that was previously stored on it.
What technology allows Steven to disable the RFID tags once they are no longer needed?
A. Newer RFID tags can be disabled by using Terminator Switches built into the chips
B. RFID Kill Switches built into the chips enable Steven to disable them
C. The company\\’s RFID tags can be disabled by Steven using Replaceable ROM technology
D. The technology used to disable an RFIP chip after it is no longer needed, or possibly stolen, is called RSA Blocking
Correct Answer: D

Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software
application. What is the recommended and well- known GPS mapping package that would interface with
PrismStumbler? Select the best answer.
A. GPSDrive
C. WinPcap
D. Microsoft Mappoint
Correct Answer: A
GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can
be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for
Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows, it isn\\’t
going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application. PrismStumbler is a Linux
application. Thus, these two are not going to work well together.

What type of Virus is shown here?lead4pass ms-200 exam question q10

A. Macro Virus
B. Cavity Virus
C. Boot Sector Virus
D. Metamorphic Virus
E. Sparse Infector Virus
Correct Answer: B

Which is the right sequence of packets sent during the initial TCP three way handshake?
Correct Answer: D
A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN
together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way
handshake should be only an ACK to acknowledge that the SYN reply was recived.

Sara is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic
A. Basic authentication is broken
B. The password is never sent in clear text over the network
C. The password sent in clear text over the network is never reused.
D. It is based on Kerberos authentication protocol
Correct Answer: B
Digest access authentication is one of the agreed methods a web page can use to negotiate credentials with a web user
(using the HTTP protocol). This method builds upon (and obsoletes) the basic authentication scheme, allowing user
identity to be established without having to send a password in plaintext over the network.

When working with Windows systems, what is the RID of the true administrator account?
A. 500
B. 501
C. 1000
D. 1001
E. 1024
F. 512
Correct Answer: A
Because of the way in which Windows functions, the true administrator account always has a RID of 500.

Related 312-50 Popular Exam resources

title pdf youtube EC-COUNCIL lead4pass Lead4Pass Total Questions
EC-COUNCIL lead4pass 312-50 dumps pdf lead4pass 312-50 youtube Certified Ethical Hacker | CEH Certification | CEH v10 | EC-Council 765 Q&A

Get Lead4Pass Coupons(12% OFF)

lead4pass coupon

What are the advantages of Lead4pass?

Lead4pass employs the most authoritative exam specialists from EC-COUNCIL, Cisco, Microsoft, IBM, Oracle, etc.
We update exam data throughout the year. Highest pass rate! We have a large user base. We are an industry leader! Choose Lead4Pass to pass the exam with ease!

why lead4pass


It’s not easy to pass the EC-COUNCIL exam, but with accurate learning materials and proper practice, you can crack the exam with excellent results. Lead4pass provides you with the most relevant learning materials that you can use to help you prepare.