Latest Certified Success Dumps Download

312-50 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Testinsides ECCouncil 312-50 Dumps with VCE and PDF 91-100

September 22, 2017

2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 91 – (Topic 3)

An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system.

What is the most probable reason?

  1. The firewall is blocking port 23 to that system.

  2. He cannot spoof his IP and successfully use TCP.

  3. He needs to use an automated tool to telnet in.

  4. He is attacking an operating system that does not reply to telnet even when open.

Answer: B

Explanation: Spoofing your IP will only work if you don’t need to get an answer from the target system. In this case the answer (login prompt) from the telnet session will be sent to the “real” location of the IP address that you are showing as the connection initiator.

Question No: 92 – (Topic 3)

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

  1. SYN scan

  2. ACK scan

  3. RST scan

  4. Connect scan

  5. FIN scan

Answer: D

Explanation: The TCP full connect (-sT) scan is the most reliable.

Question No: 93 – (Topic 3)

Nathalie would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. Which of the following type of scans would be the most accurate and reliable?

  1. A FIN Scan

  2. A Half Scan

  3. A UDP Scan

  4. The TCP Connect Scan

Answer: D

Explanation: The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect() will succeed, otherwise the port isn#39;t reachable. One strong advantage to this technique is that you don#39;t need any special privileges. This is the fastest scanning method supported by nmap, and is available with the -t (TCP) option. The big downside is that this sort of scan is easily detectable and filterable.

Question No: 94 – (Topic 3)

What does ICMP (type 11, code 0) denote?

  1. Unknown Type

  2. Time Exceeded

  3. Source Quench

  4. Destination Unreachable

Answer: B

Explanation: An ICMP Type 11, Code 0 means Time Exceeded [RFC792], Code 0 = Time to Live exceeded in Transit and Code 1 = Fragment Reassembly Time Exceeded.

Question No: 95 – (Topic 3)

One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker source IP address.

You send a ping request to the broadcast address [root@ceh/root]# ping -b

WARNING: pinging broadcast address

PING ( from : 56(84) bytes of data.

64 bytes from icmp_seq=0 ttl=255 time=4.1 ms 64 bytes from icmp_seq=0 ttl=255 time=5.7 ms

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

  1. You cannot ping a broadcast address. The above scenario is wrong.

  2. You should send a ping request with this command ping

  3. Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

  4. Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

Answer: D

Explanation: As stated in the correct option, Microsoft Windows does not handle pings to a broadcast address correctly and therefore ignores them.

Question No: 96 – (Topic 3)

Which of the following ICMP message types are used for destinations unreachables?

  1. 0

  2. 3

  3. 11

  4. 13

  5. 17

Answer: B

Explanation: Type 3 messages are used for unreachable messages. 0 is Echo Reply, 8 is Echo request, 11 is time exceeded, 13 is timestamp and 17 is subnet mask request.

Learning these would be advisable for the test.

Question No: 97 – (Topic 3)


Ensurepass 2017 PDF and VCE

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

  1. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

  2. This is back orifice activity as the scan comes form port 31337.

  3. The attacker wants to avoid creating a sub-carries connection that is not normally valid.

  4. These packets were crafted by a tool, they were not created by a standard IP stack.

Answer: B

Explanation: Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of ‘elite’, meaning ‘elite hackers’.

Question No: 98 – (Topic 3)


Ensurepass 2017 PDF and VCE

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

  1. The first column reports the sequence number

  2. The second column reports the difference between the current and last sequence number

  3. The second column reports the next sequence number

  4. The first column reports the difference between current and last sequence number

Answer: A,B

Question No: 99 – (Topic 3)

Your are trying the scan a machine located at ABC company’s LAN named Actually that machine located behind the firewall. Which port is used by nmap to send the TCP synchronize frame to on

A. 443

B. 80

C. 8080

D. 23

Answer: A

Question No: 100 – (Topic 3)

is one of the programs used to wardial.

  1. DialIT

  2. Netstumbler

  3. TooPac

  4. Kismet

  5. ToneLoc

Answer: E

Explanation: ToneLoc is one of the programs used to wardial. While this is considered an quot;old schoolquot; technique, it is still effective at finding backdoors and out of band network entry points.

100% Free Download!
Download Free Demo:312-50 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 312-50 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE