1. Home
  2. EC-COUNCIL
  3. 312-50

EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

312-50 Exam Details

  • Exam Code
    :312-50
  • Exam Name
    :Certified Ethical Hacker
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :765 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-50 Online Questions & Answers

  • Question 271:

    A distributed port scan operates by:

    A. Blocking access to the scanning clients by the targeted host
    B. Using denial-of-service software against a range of TCP ports
    C. Blocking access to the targeted host by each of the distributed scanning clients
    D. Having multiple computers each scan a small number of ports, then correlating the results

  • Question 272:

    You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this? GET /scripts/root.exe?/c+dir GET /MSADC/root.exe?/c+dir GET /c/winnt/system32/cmd.exe?/c+dir GET /d/winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dir GET /msadc/..%5c../..%5c../..%5c/..xc1x1c../..xc1x1c../..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc0/../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc0xaf../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x9c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%35c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%5c../winnt/system32/cmd.exe?/c+dir GET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir

    A. The Morris worm
    B. The PIF virus
    C. Trinoo
    D. Nimda
    E. Code Red
    F. Ping of Death

  • Question 273:

    Paula works as the primary help desk contact for her company. Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he ca no longer work. Paula walks over to the user's

    computer and sees the Blue Screen of Death screen. The user's computer is running Windows XP, but the Blue screen looks like a familiar one that Paula had seen a Windows 2000 Computers periodically.

    The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there. Paula also noticed that the hard drive activity light was flashing meaning that the computer was processing some thing.

    Paula knew this should not be the case since the computer should be completely frozen during a Blue screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

    What is Paula seeing happen on this computer?

    A. Paula's Network was scanned using FloppyScan
    B. Paula's Netwrok was scanned using Dumpsec
    C. There was IRQ conflict in Paula's PC
    D. Tool like Nessus will cause BSOD

  • Question 274:

    Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his network hackers on the Internet.

    But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall use.

    Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

    Samuel wants to completely block hackers brute force attempts on his network.

    What are the alternatives to defending against possible brute-force password attacks on his site?

    A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users
    B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually
    C. Enforce complex password policy on your network so that passwords are more difficult to brute force
    D. You can't completely block the intruders attempt if they constantly switch proxies

  • Question 275:

    WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use ?

    A. LibPcap
    B. WinPcap
    C. Wincap
    D. None of the above

  • Question 276:

    What are the limitations of Vulnerability scanners? (Select 2 answers)

    A. There are often better at detecting well-known vulnerabilities than more esoteric ones
    B. The scanning speed of their scanners are extremely high
    C. It is impossible for any, one scanning product to incorporate all known vulnerabilities in a timely manner
    D. The more vulnerabilities detected, the more tests required
    E. They are highly expensive and require per host scan license

  • Question 277:

    Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host's TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload?

    A. Defrag
    B. Tcpfrag
    C. Tcpdump
    D. Fragroute

  • Question 278:

    What attack is being depicted here?

    A. Cookie Stealing
    B. Session Hijacking
    C. Cross Site scripting
    D. Parameter Manipulation

  • Question 279:

    Steven, a security analyst for XYZ associates, is analyzing packets captured by Ethereal on a Linux Server inside his network when the server starts to slow down tremendously. Steven examines the following Ethereal captures:

    A. Smurf Attack
    B. ARP Spoofing
    C. Ping of Death
    D. SYN Flood

  • Question 280:

    A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

    A. Invalid Username
    B. Invalid Password
    C. Authentication Failure
    D. Login Attempt Failed
    E. Access Denied

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.