312-50 Premium Bundle

312-50 Premium Bundle

Ethical Hacking and Countermeasures (CEHv6) Certification Exam

4.5 
(2610 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
November 21, 2024Last update

EC-Council 312-50 Free Practice Questions

Q1. Josh is the network administrator for Consultants Galore, an IT consulting firm based in Kansas City. Josh is responsible for the company's entire network which consists of one Windows Server 2003 Active Directory domain. Almost all employees have Remote Desktop access to the servers so they can perform their work duties. Josh has created a security group in Active Directory called "RDP Deny" which contains all the user accounts that should not have Remote Desktop permission to any of the servers. What Group Policy change can Jayson make to ensure that all users in the "RDP Deny" group cannot access the company servers through Remote Desktop? 

A. Josh should add the "RDP Deny" group into the list of Restricted Groups to prevent the users from accessing servers remotely. 

B. By adding the "RDP Deny" group to the "Deny logon as a service" policy, the users in that security group will not be able to establish remote connections to any of the servers. 

C. He should add the "RDP Deny" group to the "Deny RDP connections to member servers" policy. 

D. Josh needs to add the "RDP Deny" group to the "Deny logon through Terminal Services" policy. * 

Answer: D

New questions 

604. Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks? 

A. Configure Port Security on the switch 

B. Configure Port Recon on the switch 

C. Configure Switch Mapping 

D. Configure Multiple Recognition on the switch 

Q2. What are the default passwords used by SNMP?(Choose two.) 

A. Password 

B. SA 

C. Private 

D. Administrator 

E. Public 

F. Blank 

Answer: CE

Explanation: Besides the fact that it passes information in clear text, SNMP also uses well-known passwords. Public and private are the default passwords used by SNMP. 

Q3. What is a sheepdip? 

A. It is another name for Honeynet 

B. It is a machine used to coordinate honeynets 

C. It is the process of checking physical media for virus before they are used in a computer 

D. None of the above 

Answer: C

Explanation: Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness. 

Q4. Identify SQL injection attack from the HTTP requests shown below: 

A. http://www.victim.com/example?accountnumber=67891&creditamount=999999999 

B. http://www.xsecurity.com/cgiin/bad.cgi?foo=..%fc%80%80%80%80%af../bin/ls%20-al 

C. http://www.myserver.com/search.asp?lname=smith%27%3bupdate%20usertable%20set%20pass wd%3d%27hAx0r%27%3b--%00 

D. http://www.myserver.com/script.php?mydata=%3cscript%20src=%22http%3a%2f%2fwww.yourser ver.c0m%2fbadscript.js%22% 3e%3c%2fscript%3e 

Answer: C

Explantion: The correct answer contains the code to alter the usertable in order to change the password for user smith to hAx0r 

Q5. Data is sent over the network as clear text (unencrypted) when Basic Authentication is configured on Web Servers. 

A. True 

B. False 

Answer: A

Explanation: Using HTTP basic authentication will result in your password being sent over the internet as clear text. Don't use this technique unless you understand what the ramifications of this are. 

Q6. StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks. 

A. Canary 

B. Hex editing 

C. Format checking 

D. Non-executing stack 

Answer: A

Explanation: Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system. 

Q7. War dialing is one of the oldest methods of gaining unauthorized access to the target systems, it is one of the dangers most commonly forgotten by network engineers and system administrators. A hacker can sneak past all the expensive firewalls and IDS and connect easily into the network. Through wardialing an attacker searches for the devices located in the target network infrastructure that are also accessible through the telephone line. 

‘Dial backup’ in routers is most frequently found in networks where redundancy is required. Dial-on-demand routing(DDR) is commonly used to establish connectivity as a backup. 

As a security testers, how would you discover what telephone numbers to dial-in to the router? 

A. Search the Internet for leakage for target company’s telephone number to dial-in 

B. Run a war-dialing tool with range of phone numbers and look for CONNECT Response 

C. Connect using ISP’s remote-dial in number since the company’s router has a leased line connection established with them 

D. Brute force the company’s PABX system to retrieve the range of telephone numbers to dial-in 

Answer:

Explanation: Use a program like Toneloc to scan the company’s range of phone numbers. 

Q8. Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment. Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it. What kind of Denial of Service attack was best illustrated in the scenario above? 

A. DOS attacks which involves flooding a network or system 

B. DOS attacks which involves crashing a network or system 

C. DOS attacks which is done accidentally or deliberately 

D. Simple DDOS attack 

Answer: B

Explanation: This is not a DDOS, there is only one person involved as attacker 

Q9. In the context of Windows Security, what is a 'null' user? 

A. A user that has no skills 

B. An account that has been suspended by the admin 

C. A pseudo account that has no username and password 

D. A pseudo account that was created for security administration purpose 

Answer:

Explanation: NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Using these NULL connections allows you to gather the following information from the host:* List of users and groups 

* List of machines * List of shares * Users and host SID' (Security Identifiers) 

NULL sessions exist in windows networking to allow: * Trusted domains to enumerate resources * 

Computers outside the domain to authenticate and enumerate users * The SYSTEM account to authenticate and enumerate resources 

NetBIOS NULL sessions are enabled by default in Windows NT and 2000. Windows XP and 2003 will allow anonymous enumeration of shares, but not SAM accounts. 

Q10. What is SYSKEY # of bits used for encryption? 

A. 40 

B. 64 

C. 128 

D. 256 

Answer: C

Explanation: System Key hotfix is an optional feature which allows stronger encryption of SAM. Strong encryption protects private account information by encrypting the password data using a 128-bit cryptographically random key, known as a password encryption key. 

Q11. What would best be defined as a security test on services against a known vulnerability database using an automated tool? 

A. A penetration test 

B. A privacy review 

C. A server audit 

D. A vulnerability assessment 

Answer: D

Explanation: Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region). 

Q12. Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well. 

Which of the choices below indicate the other features offered by Snort? 

A. IDS, Packet Logger, Sniffer 

B. IDS, Firewall, Sniffer 

C. IDS, Sniffer, Proxy 

D. IDS, Sniffer, content inspector 

Answer: A

Explanation: Snort is a free software network intrusion detection and prevention system capable of performing packet logging & real-time traffic analysis, on IP networks. Snort was written by Martin Roesch but is now owned and developed by Sourcefire 

Q13. 802.11b is considered a ____________ protocol. 

A. Connectionless 

B. Secure 

C. Unsecure 

D. Token ring based 

E. Unreliable 

Answer: C

Explanation: 802.11b is an insecure protocol. It has many weaknesses that can be used by a hacker. 

Q14. What type of cookies can be generated while visiting different web sites on the Internet? 

A. Permanent and long term cookies. 

B. Session and permanent cookies. 

C. Session and external cookies. 

D. Cookies are all the same, there is no such thing as different type of cookies. 

Answer: B

Explanation: There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser. 

Q15. The SNMP Read-Only Community String is like a password. The string is sent along with each SNMP Get-Request and allows (or denies) access to a device. Most network vendors ship their equipment with a default password of "public". This is the so-called "default public community string". How would you keep intruders from getting sensitive information regarding the network devices using SNMP? (Select 2 answers) 

A. Enable SNMPv3 which encrypts username/password authentication 

B. Use your company name as the public community string replacing the default 'public' 

C. Enable IP filtering to limit access to SNMP device 

D. The default configuration provided by device vendors is highly secure and you don't need to change anything 

Answer: AC

START 312-50 EXAM