Latest Certified Success Dumps Download

312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 101-110

September 22, 2017

2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 101 – (Topic 3)

When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?





Answer: B

Explanation: The default behavior of NMAP is to do both an ICMP ping sweep (the usual kind of ping) and a TCP port 80 ACK ping sweep. If an admin is logging these this will be fairly characteristic of NMAP.

Question No: 102 – (Topic 3)

Jack is conducting a port scan of a target network. He knows that his target network has a web server and that a mail server is up and running. Jack has been sweeping the network but has not been able to get any responses from the remote target.

Check all of the following that could be a likely cause of the lack of response?

  1. The host might be down

  2. UDP is filtered by a gateway

  3. ICMP is filtered by a gateway

  4. The TCP window Size does not match

  5. The destination network might be down

  6. The packet TTL value is too low and can’t reach the target

Answer: A,C,E,F

Explanation: Wrong answers is B and D as sweeping a network uses ICMP

Question No: 103 – (Topic 3)

Neil notices that a single address is generating traffic from its port 500 to port 500 of several other machines on the network. This scan is eating up most of the network bandwidth and Neil is concerned. As a security professional, what would you infer from this scan?

  1. It is a network fault and the originating machine is in a network loop

  2. It is a worm that is malfunctioning or hardcoded to scan on port 500

  3. The attacker is trying to detect machines on the network which have SSL enabled

  4. The attacker is trying to determine the type of VPN implementation and checking for IPSec

Answer: D

Explanation: Port 500 is used by IKE (Internet Key Exchange). This is typically used for IPSEC-based VPN software, such as Freeswan, PGPnet, and various vendors of in-a-box VPN solutions such as Cisco. IKE is used to set up the session keys. The actual session is usually sent with ESP (Encapsulated Security Payload) packets, IP protocol 50 (but some in-a-box VPN#39;s such as Cisco are capable of negotiating to send the encrypted tunnel over a UDP channel, which is useful for use across firewalls that block IP protocols other than TCP or UDP).

Question No: 104 – (Topic 3)

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

  1. The packets were sent by a worm spoofing the IP addresses of 47 infected sites

  2. ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

  3. All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

  4. 13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Answer: B

Question No: 105 – (Topic 3)

Because UDP is a connectionless protocol: (Select 2)

  1. UDP recvfrom() and write() scanning will yield reliable results

  2. It can only be used for Connect scans

  3. It can only be used for SYN scans

  4. There is no guarantee that the UDP packets will arrive at their destination

  5. ICMP port unreachable messages may not be returned successfully

Answer: D,E

Explanation: Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives).

Question No: 106 – (Topic 3)

You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet?

[ceh]# ping

PING ( from : 56(84) bytes of data.

— ping statistics —

  1. packets transmitted, 0 packets received, 100% packet loss

    [ceh]# ./hping2 -c 4 -n -i 2

    HPING (eth0 NO FLAGS are set, 40 headers 0 data bytes

    len=46 ip= flags=RA seq=0 ttl=128 id=54167 win=0 rtt=0.8 ms len=46 ip= flags=RA seq=1 ttl=128 id=54935 win=0 rtt=0.7 ms len=46 ip= flags=RA seq=2 ttl=128 id=55447 win=0 rtt=0.7 ms len=46 ip= flags=RA seq=3 ttl=128 id=55959 win=0 rtt=0.7 ms

    — hping statistic —

  2. packets tramitted, 4 packets received, 0% packet loss

round-trip min/avg/max = 0.7/0.8/0.8 ms

  1. ping packets cannot bypass firewalls

  2. you must use ping switch

  3. hping2 uses TCP instead of ICMP by default

  4. hping2 uses stealth TCP packets to connect

Answer: C

Explanation: Default protocol is TCP, by default hping2 will send tcp headers to target host#39;s port 0 with a winsize of 64 without any tcp flag on. Often this is the best way to do an #39;hide ping#39;, useful when target is behind a firewall that drop ICMP. Moreover a tcp null-flag to port 0 has a good probability of not being logged.

Question No: 107 – (Topic 3)

What is the proper response for a FIN scan if the port is open?

  1. SYN

  2. ACK

  3. FIN

  4. PSH

  5. RST

  6. No response

Answer: F

Explanation: Open ports respond to a FIN scan by ignoring the packet in question.

Question No: 108 – (Topic 3)

is an automated vulnerability assessment tool.

  1. Whack a Mole

  2. Nmap

  3. Nessus

  4. Kismet

  5. Jill32

Answer: C

Explanation: Nessus is a vulnerability assessment tool.

Question No: 109 – (Topic 3)

You want to scan the live machine on the LAN, what type of scan you should use?

  1. Connect

  2. SYN

  3. TCP

  4. UDP

  5. PING

Answer: E

Explanation: The ping scan is one of the quickest scans that nmap performs, since no actual ports are queried. Unlike a port scan where thousands of packets are transferred between two stations, a ping scan requires only two frames. This scan is useful for locating active devices or determining if ICMP is passing through a firewall.

Question No: 110 – (Topic 3)

Which type of scan does not open a full TCP connection?

  1. Stealth Scan

  2. XMAS Scan

  3. Null Scan

  4. FIN Scan

Answer: A

Explanation: Stealth Scan: Instead of completing the full TCP three-way-handshake a full connection is not made. A SYN packet is sent to the system and if a SYN/ACK packet is received it is assumed that the port on the system is active. In that case a RST/ACK will be sent which will determined the listening state the system is in. If a RST/ACK packet is received, it is assumed that the port on the system is not active.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE