Latest Certified Success Dumps Download

312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 121-130

September 22, 2017

2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 121 – (Topic 3)

John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?

  1. nmap

  2. hping

  3. nessus

  4. make

Answer: C

Explanation: Nessus is the world#39;s most popular vulnerability scanner, estimated to be used by over 75,000 organizations world-wide. Nmap is mostly used for scanning, not for detecting vulnerabilities. Hping is a free packet generator and analyzer for the TCP/IP protocol and make is used to automatically build large applications on the *nix plattform.

Question No: 122 – (Topic 3)

You are concerned that someone running PortSentry could block your scans, and you decide to slow your scans so that no one detects them. Which of the following commands will help you achieve this?

  1. nmap -sS -PT -PI -O -T1 lt;ip addressgt;

  2. nmap -sO -PT -O -C5 lt;ip addressgt;

  3. nmap -sF -PT -PI -O lt;ip addressgt;

  4. nmap -sF -P0 -O lt;ip addressgt;

Answer: A

Explanation: -T[0-5]: Set timing template (higher is faster)

Question No: 123 – (Topic 3)

You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of what protocols are being used. You need to discover as many different protocols as possible. Which kind of scan would you use to do this?

  1. Nmap with the -sO (Raw IP packets) switch

  2. Nessus scan with TCP based pings

  3. Nmap scan with the -sP (Ping scan) switch

  4. Netcat scan with the -u -e switches

Answer: A

Explanation: Running Nmap with the -sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified.

Question No: 124 – (Topic 3)

Which of the following Nmap commands would be used to perform a stack fingerprinting?

  1. Nmap -O -p80 lt;host(;

  2. Nmap -hU -Qlt;host(;

  3. Nmap -sT -p lt;host(;

  4. Nmap -u -o -w2 lt;hostgt;

  5. Nmap -sS -0p target

Answer: A

Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a quot;fingerprintquot; which it compares with its database of known OS fingerprints (the nmap-os- fingerprints file. to decide what type of system you are scanning.

Question No: 125 – (Topic 3)

You are scanning the target network for the first time. You are able to detect few convention open ports. While attempting to perform conventional service identification by connecting to the open ports, the scan yields either bad or no result. As you are unsure of the protocols in use, you want to discover as many different protocols as possible. Which of the following scan options can help you achieve this?

  1. Nessus sacn with TCP based pings

  2. Netcat scan with the switches

  3. Nmap scan with the P (ping scan) switch

  4. Nmap with the O (Raw IP Packets switch

Answer: D Explanation:

-sO IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine. If we receive an ICMP protocol unreachable message, then the protocol is not in use. Otherwise we assume it is open. Note that some hosts (AIX, HP-UX, Digital UNIX) and firewalls may not send protocol unreachable messages.

Question No: 126 – (Topic 3)

The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence number of transmitted packets from host B are lower than the packet segment containing the set FIN flag.

  1. True

  2. False

Answer: A

Explanation: For sequence number purposes, the SYN is considered to occur before the first actual data octet of the segment in which it occurs, while the FIN is considered to occur after the last actual data octet in a segment in which it occurs. So packets receiving out of order will still be accepted.

Question No: 127 – (Topic 3)

What is the disadvantage of an automated vulnerability assessment tool?

  1. Ineffective

  2. Slow

  3. Prone to false positives

  4. Prone to false negatives

  5. Noisy

Answer: E

Explanation: Vulnerability assessment tools perform a good analysis of system vulnerabilities; however, they are noisy and will quickly trip IDS systems.

Question No: 128 – (Topic 3)

While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

  1. Scan more slowly.

  2. Do not scan the broadcast IP.

  3. Spoof the source IP address.

  4. Only scan the Windows systems.

Answer: B

Explanation: Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time.

Topic 4, Enumeration

Question No: 129 – (Topic 4)

Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network.

Why would an attacker try to create a null session with a computer on a network?

  1. Enumerate users shares

  2. Install a backdoor for later attacks

  3. Escalate his/her privileges on the target server

  4. To create a user with administrative privileges for later use

Answer: A

Explanation: The Null Session is often referred to as the quot;Holy Grailquot; of Windows hacking. Listed as the number 5 windows vulnerability on the SANS/FBI Top 20 list, Null Sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) architecture. You can establish a Null Session with a Windows (NT/2000/XP) host by logging on with a null user name and password. Using these null connections allows you to gather the following information from the host:

  • List of users and groups

  • List of machines

  • List of shares

  • Users and host SID#39; (Security Identifiers)

Question No: 130 – (Topic 4)

SNMP is a connectionless protocol that uses UDP instead of TCP packets? (True or False)

  1. True

  2. False

Answer: A

Explanation: TCP and UDP provide transport services. But UDP was preferred. This is due to TCP characteristics, it is a complicate protocol and it consume to many memory and CPU resources. Where as UDP is easy to build and run. Into devices (repeaters and modems) vendors have built simple version of IP and UDP.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE