1. Home
  2. EC-COUNCIL
  3. 312-50

Certified Ethical Hacker

Exam Details

  • Exam Code
    :312-50
  • Exam Name
    :Certified Ethical Hacker
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :614 Q&As
  • Last Updated
    :Apr 16, 2025

EC-COUNCIL EC-COUNCIL Certifications 312-50 Questions & Answers

  • Question 571:

    Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses?

    A. Only Windows systems will reply to this scan.

    B. A switched network will not respond to packets sent to the broadcast address.

    C. Only Linux and Unix-like (Non-Windows) systems will reply to this scan.

    D. Only servers will reply to this scan.

  • Question 572:

    Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

    How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

    A. Alternate between typing the login credentials and typing characters somewhere else in the focus window

    B. Type a wrong password first, later type the correct password on the login page defeating the keylogger recording

    C. Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.

    D. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"

    E. The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies"asdfsd"

  • Question 573:

    The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let's say that you've

    entered your credit card information into a form that uses the GET method. The URL may appear like this:

    https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234

    The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. How would you protect from this type of attack?

    A. Never include sensitive information in a script

    B. Use HTTPS SSLv3 to send the data instead of plain HTTPS

    C. Replace the GET with POST method when sending data

    D. Encrypt the data before you send using GET method

  • Question 574:

    Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

    A. hping3 -T 10.8.8.8 -S netbios -c 2 -p 80

    B. hping3 -Y 10.8.8.8 -S windows -c 2 -p 80

    C. hping3 -O 10.8.8.8 -S server -c 2 -p 80

    D. hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

  • Question 575:

    Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

    A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run

    C. HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run

    D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

  • Question 576:

    Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?

    A. Jacob is seeing a Smurf attack.

    B. Jacob is seeing a SYN flood.

    C. He is seeing a SYN/ACK attack.

    D. He has found evidence of an ACK flood.

  • Question 577:

    If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response?

    A. The zombie computer will respond with an IPID of 24334.

    B. The zombie computer will respond with an IPID of 24333.

    C. The zombie computer will not send a response.

    D. The zombie computer will respond with an IPID of 24335.

  • Question 578:

    Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access.

    Identify the correct statement related to the above Web Server installation?

    A. Lack of proper security policy, procedures and maintenance

    B. Bugs in server software, OS and web applications

    C. Installing the server with default settings

    D. Unpatched security flaws in the server software, OS and applications

  • Question 579:

    Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?

    A. Hayden is attempting to find live hosts on her company's network by using an XMAS scan

    B. She is utilizing a SYN scan to find live hosts that are listening on her network

    C. The type of scan, she is using is called a NULL scan

    D. Hayden is using a half-open scan to find live hosts on her network

  • Question 580:

    You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

    Here is the captured data in tcpdump.

    What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

    A. Sequence number: 82980070 Acknowledgement number: 17768885A.

    B. Sequence number: 17768729 Acknowledgement number: 82980070B.

    C. Sequence number: 87000070 Acknowledgement number: 85320085C.

    D. Sequence number: 82980010 Acknowledgement number: 17768885D.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.