Latest Certified Success Dumps Download

312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 401-410

September 22, 2017

2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 401 – (Topic 15)

Sandra is conducting a penetration test for She knows that is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.

What do you think is the reason behind this?

  1. Netstumbler does not work against 802.11g.

  2. You can only pick up 802.11g signals with 802.11a wireless cards.

  3. The access points probably have WEP enabled so they cannot be detected.

  4. The access points probably have disabled broadcasting of the SSID so they cannot be detected.

  5. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.

  6. Sandra must be doing something wrong, as there is no reason for her to not see the signals.

Answer: D Explanation:

Netstumbler can not detect networks that do not respond to broadcast requests.

Question No: 402 – (Topic 15)

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to

capture it. What kind of attack is this?

  1. Rouge access point attack

  2. Unauthorized access point attack

  3. War Chalking

  4. WEP attack

Answer: A

Explanation: The definition of a Rogue access point is:1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company#39;s network to the outside world.2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an quot;evil twin,quot; the rogue AP picks up beacons (signals that advertise its presence) from the company#39;s legitimate AP and transmits identical beacons, which some client machines inside the building associate with.

Question No: 403 – (Topic 15)

Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?

  1. All IVs are vulnerable to attack

  2. Air Snort uses a cache of packets

  3. Air Snort implements the FMS attack and only encrypted packets are counted

  4. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers

Answer: C

Explanation: Since the summer of 2001, WEP cracking has been a trivial but time consuming process. A few tools, AirSnort perhaps the most famous, that implement the Fluhrer-Mantin-Shamir (FMS) attack were released to the security community – who until then were aware of the problems with WEP but did not have practical penetration testing tools. Although simple to use, these tools require a very large number of packets to be gathered before being able to crack a WEP key. The AirSnort web site estimates the total number of packets at five to ten million, but the number actually required may be higher

than you think.

Question No: 404 – (Topic 15)

On wireless networks, a SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless network?

  1. The SSID is only 32 bits in length

  2. The SSID is transmitted in clear text

  3. The SSID is to identify a station not a network

  4. The SSID is the same as the MAC address for all vendors

Answer: B

Explanation: The use of SSIDs is a fairly weak form of security, because most access points broadcast the SSID, in clear text, multiple times per second within the body of each beacon frame. A hacker can easily use an 802.11 analysis tool (e.g., AirMagnet, Netstumbler, or AiroPeek) to identify the SSID.

Question No: 405 – (Topic 15)

In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the building. For those access points near the outer edge of the building he uses semi-directional antennas that face towards the building’s center. There is a large parking lot and outlying filed surrounding the building that extends out half a mile around the building. Ulf figures that with this and his placement of antennas, his wireless network will be safe from attack.

Which of the following statements is true?

  1. With the 300 feet limit of a wireless signal, Ulf’s network is safe.

  2. Wireless signals can be detected from miles away, Ulf’s network is not safe.

  3. Ulf’s network will be safe but only of he doesn’t switch to 802.11a.

  4. Ulf’s network will not be safe until he also enables WEP.

Answer: D

Question No: 406 – (Topic 15)

While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points. What would be the easiest way to circumvent and communicate on the WLAN?

  1. Attempt to crack the WEP key using Airsnort.

  2. Attempt to brute force the access point and update or delete the MAC ACL.

  3. Steel a client computer and use it to access the wireless network.

  4. Sniff traffic if the WLAN and spoof your MAC address to one that you captured.

Answer: D

Explanation: The easiest way to gain access to the WLAN would be to spoof your MAC address to one that already exists on the network.

Question No: 407 – (Topic 15)

In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same.

Why does this happen in the VPN over wireless implementation?

  1. The stronger encryption used by the VPN slows down the network.

  2. Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.

  3. VPNs use larger packets then wireless networks normally do.

  4. Using a VPN on wireless automatically enables WEP, which causes additional overhead.

Answer: B

Explanation: By applying VPN the access point will have to recalculate all headers destined for client and from clients twice.

Question No: 408 – (Topic 15)

Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler?

Select the best answer.

  1. GPSDrive

  2. GPSMap

  3. WinPcap

  4. Microsoft Mappoint

Answer: A

Explanation: Explanations:

GPSDrive is a Linux GPS mapping package. It recommended to be used to send PrismStumbler data to so that it can be mapped. GPSMap is a generic term and not a real software package. WinPcap is a packet capture library for Windows. It is used to capture packets and deliver them to other programs for analysis. As it is for Windows, it isn#39;t going to do what Joe Hacker is wanting to do. Microsoft Mappoint is a Windows application.

PrismStumbler is a Linux application. Thus, these two are not going to work well together.

Question No: 409 – (Topic 15)

Study the snort rule given below and interpret the rule.

alert tcp any any -gt; 111 (content:quot;|00 01 86 a5|quot;; msg: quot;mountd accessquot;;)

  1. An alert is generated when a TCP packet is originated from port 111 of any IP address to the subnet

  2. An alert is generated when any packet other than a TCP packet is seen on the network and destined for the subnet

  3. An alert is generated when a TCP packet is generated from any IP on the subnet and destined to any IP on port 111

  4. An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the subnet on port 111

Answer: D

Explanation: Refer to the online documentation on creating Snort rules at

Question No: 410 – (Topic 15)

Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption and enabling MAC filtering on hi wireless router. Paul notices when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24mbps or less. Paul connects to his wireless router’s management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router’s logs and notices that the unfamiliar machine has the same MAC address as his laptop.

What is Paul seeing here?

  1. MAC Spoofing

  2. Macof

  3. ARP Spoofing

  4. DNS Spoofing

Answer: A

Explanation: You can fool MAC filtering by spoofing your MAC address and pretending to have some other computers MAC address.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE