we provide Top Quality EC-Council 312-50 answers which are the best for clearing 312-50 test, and to get certified by EC-Council Ethical Hacking and Countermeasures (CEHv6). The 312-50 Questions & Answers covers all the knowledge points of the real 312-50 exam. Crack your EC-Council 312-50 Exam with latest dumps, guaranteed!

Q211. Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server. 

User-agent: * Disallow: /images/ Disallow: /banners/ Disallow: /Forms/ Disallow: /Dictionary/ Disallow: /_borders/ Disallow: /_fpclass/ Disallow: /_overlay/ Disallow: /_private/ Disallow: /_themes/ What is the name of this file? 

A. robots.txt 

B. search.txt 

C. blocklist.txt 

D. spf.txt 

Answer: A


Q212. John Beetlesman, the hacker has successfully compromised the Linux System of Agent Telecommunications, Inc’s WebServer running Apache. He has downloaded sensitive documents and database files off the machine. 

Upon performing various tasks, Beetlesman finally runs the following command on the Linux box before disconnecting. 

for ((i=0;i<1;i++));do 

?dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda 

done 

What exactly is John trying to do? 

A. He is making a bit stream copy of the entire hard disk for later download 

B. He is deleting log files to remove his trace 

C. He is wiping the contents of the hard disk with zeros 

D. He is infecting the hard disk with random virus strings 

Answer:

Explanation: dd copies an input file to an output file with optional conversions. –if is input file, -of is output file. /dev/zero is a special file that provides as many null characters (ASCII NULL, 0x00; not ASCII character "digit zero", "0", 0x30) as are read from it. /dev/hda is the hard drive. 


Q213. What file system vulnerability does the following command take advantage of? 

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe 

A. HFS 

B. ADS 

C. NTFS 

D. Backdoor access 

Answer: B

Explanation: ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream. 


Q214. Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL’s (access control lists) to files or folders and also one that can be used within batch files. 

Which of the following tools can be used for that purpose? (Choose the best answer) 

A. PERM.exe 

B. CACLS.exe 

C. CLACS.exe 

D. NTPERM.exe 

Answer:

Explanation: Cacls.exe is a Windows NT/2000/XP command-line tool you can use to assign, display, or modify ACLs (access control lists) to files or folders. Cacls is an interactive tool, and since it's a command-line utility, you can also use it in batch files. 


Q215. The follows is an email header. What address is that of the true originator of the message? 

Return-Path: <bgates@microsoft.com> 

Received: from smtp.com (fw.emumail.com [215.52.220.122]. 

by raq-221-181.ev1.net (8.10.2/8.10.2. with ESMTP id h78NIn404807 

for <mikeg@thesolutionfirm.com>; Sat, 9 Aug 2003 18:18:50 -0500 

Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000 

Received: from ([19.25.19.10]. 

by smtp.com with SMTP 

Received: from unknown (HELO CHRISLAPTOP. (168.150.84.123. 

by localhost with SMTP; 8 Aug 2003 23:25:01 -0000 

From: "Bill Gates" <bgates@microsoft.com> 

To: "mikeg" <mikeg@thesolutionfirm.com> 

Subject: We need your help! 

Date: Fri, 8 Aug 2003 19:12:28 -0400 

Message-ID: <51.32.123.21@CHRISLAPTOP> 

MIME-Version: 1.0 

Content-Type: multipart/mixed; 

boundary="----=_NextPart_000_0052_01C35DE1.03202950" 

X-Priority: 3 (Normal. 

X-MSMail-Priority: Normal 

X-Mailer: Microsoft Outlook, Build 10.0.2627 

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 

Importance: Normal 

A. 19.25.19.10 

B. 51.32.123.21 

C. 168.150.84.123 

D. 215.52.220.122 

E. 8.10.2/8.10.2 

Answer: C

Explanation: Spoofing can be easily achieved by manipulating the "from" name field, however, it is much more difficult to hide the true source address. The "received from" IP address 

168.150.84.123 is the true source of the 


Q216. Study the following e-mail message. When the link in the message is clicked, it will take you to an address like: http://hacker.xsecurity.com/in.htm. Note that hacker.xsecurity.com is not an official SuperShopper site! 

What attack is depicted in the below e-mail? 

Dear SuperShopper valued member, 

Due to concerns, for the safety and integrity of the SuperShopper community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports. 

If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result to your account cancellation. This notification expires within 24 hours. 

Once you have updated your account records your SuperShopper will not be interrupted and will continue as normal. 

Please follow the link below and renew your account information. 

https://www.supershopper.com/cgi-bin/webscr?cmd=update-run 

SuperShopper Technical Support http://www.supershopper.com 

A. Phishing attack 

B. E-mail spoofing 

C. social engineering 

D. Man in the middle attack 

Answer: A

Explanation: Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. 


Q217. Study the log below and identify the scan type. 

tcpdump –w host 192.168.1.10 

A. nmap R 192.168.1.10 

B. nmap S 192.168.1.10 

C. nmap V 192.168.1.10 

D. nmap –sO –T 192.168.1.10 

Answer: D

Explanation: -sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. 


Q218. You have the SOA presented below in your Zone. Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries? 

collegae.edu.SOA,cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600) 

A. One day 

B. One hour 

C. One week 

D. One month 

Answer: C

Explanation: The numbers represents the following values: 200302028; se = serial number 3600; ref = refresh = 1h 3600; ret = update retry = 1h 604800; ex = expiry = 1w 3600; min = minimum TTL = 1h 


Q219. Giles is the network administrator for his company, a graphics design company based in Dallas. Most of the network is comprised of Windows servers and workstations, except for some designers that prefer to use MACs. These MAC users are running on the MAC OS X operating system. These MAC users also utilize iChat to talk between each other. Tommy, one of these MAC users, calls Giles and says that his computer is running very slow. Giles then gets more calls from the other MAC users saying they are receiving instant messages from Tommy even when he says he is not on his computer. Giles immediately unplugs Tommy's computer from the network to take a closer look. He opens iChat on Tommy's computer and it says that it sent a file called latestpics.tgz to all the other MAC users. Tommy says he never sent those files. Giles also sees that many of the computer's applications appear to be altered. The path where the files should be has an altered file and the original application is stored in the file's resource fork. 

What has Giles discovered on Tommy's computer? 

A. He has discovered OSX/Chat-burner virus on Tommy's computer 

B. Giles has found the OSX/Leap-A virus on Tommy's computer 

C. This behavior is indicative of the OSX/Inqtana.A virus 

D. On Tommy's computer, Giles has discovered an apparent infection of the OSX/Transmitter.B virus 

Answer: B

Explanation: OSX.Leap.A is a worm that targets installs of Macintosh OS X and spreads via iChat Instant Messenger program. http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99 


Q220. What flags are set in a X-MAS scan?(Choose all that apply. 

A. SYN 

B. ACK 

C. FIN 

D. PSH 

E. RST 

F. URG 

Answer: CDF

Explanation: FIN, URG, and PSH are set high in the TCP packet for a X-MAS scan