1. Home
  2. EC-COUNCIL
  3. 312-50

EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

312-50 Exam Details

  • Exam Code
    :312-50
  • Exam Name
    :Certified Ethical Hacker
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :765 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-50 Online Questions & Answers

  • Question 161:

    Lyle is a systems security analyst for Gusteffson and Sons, a large law firm in Beverly Hills. Lyle's responsibilities include network vulnerability scans, Antivirus monitoring, and IDS monitoring. Lyle receives a help desk call from a user in the Accounting department. This user reports that his computer is running very slow all day long and it sometimes gives him an error message that the hard drive is almost full. Lyle runs a scan on the computer with the company antivirus software and finds nothing. Lyle downloads another free antivirus application and scans the computer again. This time a virus is found on the computer. The infected files appear to be Microsoft Office files since they are in the same directory as that software. Lyle does some research and finds that this virus disguises itself as a genuine application on a computer to hide from antivirus software. What type of virus has Lyle found on this computer?

    A. This type of virus that Lyle has found is called a cavity virus.
    B. Lyle has discovered a camouflage virus on the computer.
    C. By using the free antivirus software, Lyle has found a tunneling virus on the computer.
    D. Lyle has found a polymorphic virus on this computer

  • Question 162:

    In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

    A. EIP
    B. ESP
    C. EAP
    D. EEP

  • Question 163:

    The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

    The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

    SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'

    How will you delete the OrdersTable from the database using SQL Injection?

    A. Chicago'; drop table OrdersTable -
    B. Delete table'blah'; OrdersTable -
    C. EXEC; SELECT * OrdersTable > DROP -
    D. cmdshell'; 'del c:\sql\mydb\OrdersTable' //

  • Question 164:

    You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123. Here is the output of your scan results: Which of the following nmap command did you run?

    A. nmap -A -sV -p21,110,123 10.0.0.5
    B. nmap -F -sV -p21,110,123 10.0.0.5
    C. nmap -O -sV -p21,110,123 10.0.0.5
    D. nmap -T -sV -p21,110,123 10.0.0.5

  • Question 165:

    Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?

    A. Henry is executing commands or viewing data outside the intended target path
    B. Henry is using a denial of service attack which is a valid threat used by an attacker
    C. Henry is taking advantage of an incorrect configuration that leads to access with higher-than- expected privilege
    D. Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands

  • Question 166:

    You are conducting an idlescan manually using HPING2. During the scanning process, you notice that almost every query increments the IPID- regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of he following options would be a possible reason?

    A. Hping2 can't be used for idlescanning
    B. The Zombie you are using is not truly idle
    C. These ports are actually open on the target system
    D. A stateful inspection firewall is resetting your queries

  • Question 167:

    You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

    A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
    B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
    C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots"
    D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

  • Question 168:

    While examining audit logs, you discover that people are able to telnet into the SMTP server on port

    25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

    A. Block port 25 at the firewall.
    B. Shut off the SMTP service on the server.
    C. Force all connections to use a username and password.
    D. Switch from Windows Exchange to UNIX Sendmail.
    E. None of the above.

  • Question 169:

    Which of the following best describes session key creation in SSL?

    A. It is created by the server after verifying theuser's identity
    B. It is created by the server upon connection by the client
    C. It is created by the client from the server's public key
    D. It is created by the client after verifying the server's identity

  • Question 170:

    XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

    What is the correct code when converted to html entities?

    A. Option A
    B. Option B
    C. Option C
    D. Option D

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.