EC-COUNCIL 312-50 Online Practice
Questions and Exam Preparation
312-50 Exam Details
Exam Code
:312-50
Exam Name
:Certified Ethical Hacker
Certification
:EC-COUNCIL Certifications
Vendor
:EC-COUNCIL
Total Questions
:765 Q&As
Last Updated
:May 31, 2026
EC-COUNCIL 312-50 Online Questions &
Answers
Question 171:
Sabotage, Advertising and Covering are the three stages of _____
A. Social engineering B. Reverse Social Engineering C. Reverse Software Engineering D. Rapid Development Engineering
B. Reverse Social Engineering
Typical social interaction dictates that if someone gives us something then it is only right for us to return the favour. This is known as reverse social engineering, when an attacker sets up a situation where the victim encounters a problem, they ask the attacker for help and once the problem is solved the victim then feels obliged to give the information requested by the attacker.
Question 172:
You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?
A. System services B. EXEC master access C. xp_cmdshell D. RDC
C. xp_cmdshell
Question 173:
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters.
With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results?
A. Online Attack B. Dictionary Attack C. Brute Force Attack D. Hybrid Attack
D. Hybrid Attack
A dictionary attack will not work as strong passwords are enforced, also the minimum length of 8 characters in the password makes a brute force attack time consuming. A hybrid attack where you take a word from a dictionary and exchange a number of letters with numbers and special characters will probably be the fastest way to crack the passwords.
Question 174:
You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assesments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?
A. Reconfigure the firewall B. Conduct a needs analysis C. Install a network-based IDS D. Enforce the corporate security policy
D. Enforce the corporate security policy
The security policy is meant to always be followed until changed. If a need rises to perform actions that might violate the security policy you'll have to find another way to accomplish the task or wait until the policy has been changed.
Question 175:
What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?
A. Fraggle Attack B. Man in the Middle Attack C. Trojan Horse Attack D. Smurf Attack E. Back Orifice Attack
D. Smurf Attack
Trojan and Back orifice are Trojan horse attacks. Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP's capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address. Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The "smurf" attack's cousin is called "fraggle", which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of "smurf".
Question 176:
Which of the following commands runs snort in packet logger mode?
A. ./snort -dev -h ./log B. ./snort -dev -l ./log C. ./snort -dev -o ./log D. ./snort -dev -p ./log
B. ./snort -dev -l ./log
Note: If you want to store the packages in binary mode for later analysis use ./snort -l ./log -b
Question 177:
What port scanning method is the most reliable but also the most detectable?
A. Null Scanning B. Connect Scanning C. ICMP Scanning D. Idlescan Scanning E. Half Scanning F. Verbose Scanning
B. Connect Scanning
A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection.
Question 178:
What is the best means of prevention against viruses?
A. Assign read only permission to all files on your system. B. Remove any external devices such as floppy and USB connectors. C. Install a rootkit detection tool. D. Install and update anti-virus scanner.
D. Install and update anti-virus scanner.
Although virus scanners only can find already known viruses this is still the best defense, together with users that are informed about risks with the internet.
Question 179:
Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?
A. 137 and 139 B. 137 and 443 C. 139 and 443 D. 139 and 445
D. 139 and 445
NULL sessions take advantage of "features" in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Primarily the following ports are vulnerable if they are accessible: TCP NETBIOS Session Service UDP NETBIOS Session Service TCP SMB/CIFS
Question 180:
Under what conditions does a secondary name server request a zone transfer from a primary name server?
A. When a primary SOA is higher that a secondary SOA B. When a secondary SOA is higher that a primary SOA C. When a primary name server has had its service restarted D. When a secondary name server has had its service restarted E. When the TTL falls to zero
A. When a primary SOA is higher that a secondary SOA
Understanding DNS is critical to meeting the requirements of the CEH. When the serial number that is within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-50 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.