Want to know Actualtests 312-50 Exam practice test features? Want to lear more about EC-Council Ethical Hacking and Countermeasures (CEHv6) certification experience? Study Guaranteed EC-Council 312-50 answers to Most up-to-date 312-50 questions at Actualtests. Gat a success with an absolute guarantee to pass EC-Council 312-50 (Ethical Hacking and Countermeasures (CEHv6)) test on your first attempt.

Q261. If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response? 

A. The zombie computer will respond with an IPID of 24334. 

B. The zombie computer will respond with an IPID of 24333. 

C. The zombie computer will not send a response. 

D. The zombie computer will respond with an IPID of 24335. 

Answer: C


Q262. Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit. 

Choose the attack type from the choices given below. 

A. Database Fingerprinting 

B. Database Enumeration 

C. SQL Fingerprinting 

D. SQL Enumeration 

Answer: A

Explanation: He is trying to create a view of the characteristics of the target database, he is taking it’s fingerprints. 


Q263. Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack? 

A. Teardrop 

B. Smurf 

C. Ping of Death 

D. SYN flood 

E. SNMP Attack 

Answer: A

Explanation: The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash. 


Q264. What is Hunt used for? 

A. Hunt is used to footprint networks 

B. Hunt is used to sniff traffic 

C. Hunt is used to hack web servers 

D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic 

E. Hunt is used for password cracking 

Answer: D

Explanation: Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions. 


Q265. Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called? 

A. Information Audit Policy (IAP) 

B. Information Security Policy (ISP) 

C. Penetration Testing Policy (PTP) 

D. Company Compliance Policy (CCP) 

Answer: B


Q266. This kind of attack will let you assume a users identity at a dynamically generated web page or site: 

A. SQL Injection 

B. Cross Site Scripting 

C. Session Hijacking 

D. Zone Transfer 

Answer: B

Explanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. 


Q267. The GET method should never be used when sensitive data such as credit is being sent to a CGI program. This is because any GET command will appear in the URL and will be logged by any servers. For example, let’s say that you’ve entered your credit card information into a form that uses the GET method. The URL may appear like this: 

https://www.xsecurity-bank.com/creditcard.asp?cardnumber=454543433532234 

The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. 

How would you protect from this type of attack? 

A. Replace the GET with POST method when sending data 

B. Never include sensitive information in a script 

C. Use HTTOS SSLV3 to send the data instead of plain HTTPS 

D. Encrypt the data before you send using GET method 

Answer: A

Explanation: If the method is "get", the user agent takes the value of action, appends a ? to it, then appends the form data set, encoded using the application/x-www-form-urlencoded content type. The user agent then traverses the link to this URI. If the method is "post" --, the user agent conducts an HTTP post transaction using the value of the action attribute and a message created according to the content type specified by the enctype attribute. 


Q268. Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply) 

A. 802.11b 

B. 802.11e 

C. 802.11a 

D. 802.11g 

E. 802.11 

Answer: ACD

Explanation: If you check the website, cards for all three (A, B, G) are supported. See: http://www.stumbler.net/ 


Q269. In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program? 

A. Design 

B. Elimination 

C. Incorporation 

D. Replication 

E. Launch 

F. Detection 

Answer: E


Q270. Which is the Novell Netware Packet signature level used to sign all packets ? 

A. 0 

B. 1 

C. 2 

D. 3 

Answer: D

Explanation: Level 0 is no signature, Level 3 is communication using signature only.