[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 312-50 Dumps with VCE and PDF 31-40

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 31 – (Topic 2)

Your company trainee Sandra asks you which are the four existing Regional Internet Registry (RIR#39;s)?





Answer: B

Explanation: All other answers include non existing organizations (PICNIC, NANIC, LATNIC). See http://www.arin.net/library/internet_info/ripe.html

Question No: 32 – (Topic 2)

You are footprinting an organization to gather competitive intelligence. You visit the company’s website for contact information and telephone numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but not it is not there.

How would it be possible for you to retrieve information from the website that is outdated?

  1. Visit google’s search engine and view the cached copy.

  2. Visit Archive.org web site to retrieve the Internet archive of the company’s website.

  3. Crawl the entire website and store them into your computer.

  4. Visit the company’s partners and customers website for this information.

Answer: B

Explanation: Explanation: Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that#39;s the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org

Question No: 33 – (Topic 2)

Bill has started to notice some slowness on his network when trying to update his company’s website while trying to access the website from the Internet. Bill asks the help desk manager if he has received any calls about slowness from the end users, but the help desk manager says that he has not. Bill receives a number of calls from customers that can’t access the company website and can’t purchase anything online. Bill logs on to a couple of this routers and notices that the logs shows network traffic is at all time high. He also notices that almost all the traffic is originating from a specific address.

Bill decides to use Geotrace to find out where the suspect IP is originates from. The Geotrace utility runs a traceroute and finds that IP is coming from Panama. Bill knows that none of his customers are in Panama so he immediately thinks that his company is under a Denial of Service attack. Now Bill needs to find out more about the originating IP Address.

What Internet registry should Bill look in to find the IP Address?


  2. ARIN


  4. APNIC

Answer: A

Explanation: LACNIC is the Latin American and Caribbean Internet Addresses Registry that administers IP addresses, autonomous system numbers, reverse DNS, and other network resources for that region.

Question No: 34 – (Topic 2)

Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first?


  2. ARIN

  3. APNIC

  4. RIPE

  5. AfriNIC

Answer: B

Explanation: Regional registries maintain records from the areas from which they govern. ARIN is responsible for domains served within North and South America and therefore, would be a good starting point for a .com domain.

Topic 3, Scanning

Question No: 35 – (Topic 3)

The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log


Ensurepass 2018 PDF and VCE

What can you infer from the above log?

  1. The system is a windows system which is being scanned unsuccessfully.

  2. The system is a web application server compromised through SQL injection.

  3. The system has been compromised and backdoored by the attacker.

  4. The actual IP of the successful attacker is

Answer: A

Question No: 36 – (Topic 3)

What is the proper response for a X-MAS scan if the port is closed?

  1. SYN

  2. ACK

  3. FIN

  4. PSH

  5. RST

  6. No response

Answer: E

Explanation: Closed ports respond to a X-MAS scan with a RST.

Question No: 37 – (Topic 3)

You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of which protocols are being used. You need to discover as many different protocols as possible.

Which kind of scan would you use to achieve this? (Choose the best answer)

  1. Nessus scan with TCP based pings.

  2. Nmap scan with the -sP (Ping scan) switch.

  3. Netcat scan with the -u -e switches.

  4. Nmap with the -sO (Raw IP packets) switch.

Answer: D

Explanation: Running Nmap with the -sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified.

Question No: 38 – (Topic 3)

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

  1. The zombie you are using is not truly idle.

  2. A stateful inspection firewall is resetting your queries.

  3. Hping2 cannot be used for idle scanning.

  4. These ports are actually open on the target system.

Answer: A

Explanation: If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you.

Question No: 39 – (Topic 3)

Which Type of scan sends a packets with no flags set ? Select the Answer

  1. Open Scan

  2. Null Scan

  3. Xmas Scan

  4. Half-Open Scan

Answer: B Explanation:

The types of port connections supported are:

->TCP Full Connect. This mode makes a full connection to the target#39;s TCP ports and can save any data or banners returned from the target. This mode is the most accurate for determining TCP services, but it is also easily recognized by Intrusion Detection Systems (IDS).

->UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target#39;s UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used, or the target does not return the ICMP message which can lead to false positives. It can save any data or banners returned from the target. This mode is also easily recognized by IDS.

->TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation.

->TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is

less likely to be noted by IDS, but since the connection is never fully completed, it cannot gather data or banner information. However, the attacker has full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet.

->TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any

combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. Again, the attacker can have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps with analyzing the response based on the flag settings chosen. Each operating system responds differently to these special combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag settings.

Question No: 40 – (Topic 3)

Which of the following commands runs snort in packet logger mode?

  1. ./snort -dev -h ./log

  2. ./snort -dev -l ./log

  3. ./snort -dev -o ./log

  4. ./snort -dev -p ./log

Answer: B

Explanation: Note: If you want to store the packages in binary mode for later analysis use

./snort -l ./log -b

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No