1. Home
  2. EC-COUNCIL
  3. 312-50

EC-COUNCIL 312-50 Online Practice Questions and Exam Preparation

312-50 Exam Details

  • Exam Code
    :312-50
  • Exam Name
    :Certified Ethical Hacker
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :765 Q&As
  • Last Updated
    :May 31, 2026

EC-COUNCIL 312-50 Online Questions & Answers

  • Question 431:

    Jenny a well known hacker scanning to remote host of 204.4.4.4 using nmap. She got the scanned output but she saw that 25 port states is filtered. What is the meaning of filtered port State?

    A. Can Accessible
    B. Filtered by firewall
    C. Closed
    D. None of above

  • Question 432:

    Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first?

    A. LACNIC
    B. ARIN
    C. APNIC
    D. RIPE
    E. AfriNIC

  • Question 433:

    Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?

    A. These ports are open because they do not illicit a response.
    B. He can tell that these ports are in stealth mode.
    C. If a port does not respond to an XMAS scan using NMAP, that port is closed.
    D. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.

  • Question 434:

    Study the log below and identify the scan type.

    tcpdump -vv host 192.168.1.10

    17:34:45.802163 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 36166)

    17:34:45.802216 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 33796)

    17:34:45.802266 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 47066)

    17:34:46.111982 eth0 < 192.168.1.1 > victim: ip-proto-74 0 (ttl 48, id 35585)

    17:34:46.112039 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 32834)

    17:34:46.112092 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 26292)

    17:34:46.112143 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 51058)

    tcpdump -vv -x host 192.168.1.10

    17:35:06.731739 eth0 < 192.168.1.10 > victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c 0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000

    A. nmap -sR 192.168.1.10
    B. nmap -sS 192.168.1.10
    C. nmap -sV 192.168.1.10
    D. nmap -sO -T 192.168.1.10

  • Question 435:

    What type of encryption does WPA2 use?

    A. DES 64 bit
    B. AES-CCMP 128 bit
    C. MD5 48 bit
    D. SHA 160 bit

  • Question 436:

    Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network.

    Why would an attacker try to create a null session with a computer on a network?

    A. Enumerate users shares
    B. Install a backdoor for later attacks
    C. Escalate his/her privileges on the target server
    D. To create a user with administrative privileges for later use

  • Question 437:

    In Trojan terminology, what is a covert channel?

    A. A channel that transfers information within a computer system or network in a way that violates the security policy
    B. A legitimate communication path within a computer system or network for transfer of data
    C. It is a kernel operation that hides boot processes and services to mask detection
    D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

  • Question 438:

    Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually in place to secure the company's network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company is lacking in. This report then becomes the basis for all of Charlie's remaining tests.

    What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?

    A. Charlie has performed a BREACH analysis; showing the company where its weak points are
    B. This analysis would be considered a vulnerability analysis
    C. This type of analysis is called GAP analysis
    D. This initial analysis performed by Charlie is called an Executive Summary

  • Question 439:

    A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

    The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today's end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

    What is Rogue security software?

    A. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites
    B. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.
    C. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.
    D. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.
    E. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites
    F. This software disables firewalls and establishes reverse connecting tunnel between the victim's machine and that of the attacker

  • Question 440:

    Jim's Organization just completed a major Linux roll out and now all of the organization's systems are running Linux 2.5 Kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ, which built-in functionality of Linux can achieve this?

    A. IP ICMP
    B. IP Sniffer
    C. IP tables
    D. IP Chains

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.