EC-COUNCIL 312-50 Online Practice
Questions and Exam Preparation
312-50 Exam Details
Exam Code
:312-50
Exam Name
:Certified Ethical Hacker
Certification
:EC-COUNCIL Certifications
Vendor
:EC-COUNCIL
Total Questions
:765 Q&As
Last Updated
:Jan 18, 2026
EC-COUNCIL 312-50 Online Questions &
Answers
Question 1:
Bob is going to perform an active session hijack against company. He has acquired the target that allows session oriented connections (Telnet) and performs sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.
So, what is Bob most likely to do next?
A. Take over the session. B. Reverse sequence prediction. C. Guess the sequence numbers. D. Take one of the parties' offline.
C. Guess the sequence numbers.
Question 2:
John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. In the context of Session hijacking why would you consider this as a false sense of security?
A. The token based security cannot be easily defeated. B. The connection can be taken over after authentication. C. A token is not considered strong authentication. D. Token security is not widely used in the industry.
B. The connection can be taken over after authentication. explanation:
A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated.
Question 3:
What is the key advantage of Session Hijacking?
A. It can be easily done and does not require sophisticated skills. B. You can take advantage of an authenticated connection. C. You can successfully predict the sequence number generation. D. You cannot be traced in case the hijack is detected.
B. You can take advantage of an authenticated connection. explanation:
As an attacker you don't have to steal an account and password in order to take advantage of an authenticated connection.
Question 4:
What type of cookies can be generated while visiting different web sites on the Internet?
A. Permanent and long term cookies. B. Session and permanent cookies. C. Session and external cookies. D. Cookies are all the same, there is no such thing as different type of cookies.
B. Session and permanent cookies. explanation:
There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser.
Question 5:
Which is the right sequence of packets sent during the initial TCP three way handshake?
A. FIN, FIN-ACK, ACK B. SYN, URG, ACK C. SYN, ACK, SYN-ACK D. SYN, SYN-ACK, ACK
D. SYN, SYN-ACK, ACK explanation:
A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.
Question 6:
What is Hunt used for?
A. Hunt is used to footprint networks B. Hunt is used to sniff traffic C. Hunt is used to hack web servers D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic E. Hunt is used for password cracking
D. Hunt is used to intercept traffic i.e. man-in-the-middle traffic explanation:
Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions.
Question 7:
You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250. Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?
A. 200-250 B. 121-371 C. 120-321 D. 121-231 E. 120-370
B. 121-371 explanation:
Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121 +250).
Question 8:
How would you prevent session hijacking attacks?
A. Using biometrics access tokens secures sessions against hijacking B. Using non-Internet protocols like http secures sessions against hijacking C. Using hardware-based authentication secures sessions against hijacking D. Using unpredictable sequence numbers secures sessions against hijacking
D. Using unpredictable sequence numbers secures sessions against hijacking explanation:
Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.
Question 9:
Which of the following attacks takes best advantage of an existing authenticated connection
A. Spoofing B. Session Hijacking C. Password Sniffing D. Password Guessing
B. Session Hijacking explanation:
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.
Question 10:
After a client sends a connection request (SYN) packet to the server, the server will respond (SYN- ACK) with a sequence number of its choosing, which then must be acknowledge (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen and then opens a second connection from a forget IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP Address is used for authentication, the attacker can use the one-side communication to break into the server.
What attacks can you successfully launch against a server using the above technique?
A. Session Hijacking attacks B. Denial of Service attacks C. Web Page defacement attacks D. IP Spoofing Attacks
A. Session Hijacking attacks explanation:
The term Session Hijacking refers to the exploitation of a valid computer session - sometimes also called a session key - to gain unauthorised access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-50 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.