EC-COUNCIL Certified Ethical Hacker 312-50 Questions & Answers

• Question 41:

  Nathalie would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. Which of the following type of scans would be the most accurate and reliable?

  A. A FIN Scan

  B. A Half Scan

  C. A UDP Scan

  D. The TCP Connect Scan

  Correct Answer: D

  The connect() system call provided by your operating system is used to open a connection to every interesting port on the machine. If the port is listening, connect () will succeed, otherwise the port isn't reachable. One strong advantage to this technique is that you don't need any special privileges. This is the fastest scanning method supported by nmap, and is available with the -t (TCP) option. The big downside is that this sort of scan is easily detectable and filterable.

• Question 42:

  You want to scan the live machine on the LAN, what type of scan you should use?

  A. Connect

  B. SYN

  C. TCP

  D. UDP

  E. PING

  Correct Answer: E

  The ping scan is one of the quickest scans that nmap performs, since no actual ports are queried. Unlike a port scan where thousands of packets are transferred between two stations, a ping scan requires only two frames. This scan is useful for locating active devices or determining if ICMP is passing through a firewall.

• Question 43:

  Jenny a well known hacker scanning to remote host of 204.4.4.4 using nmap. She got the scanned output but she saw that 25 port states is filtered. What is the meaning of filtered port State?

  A. Can Accessible

  B. Filtered by firewall

  C. Closed

  D. None of above

  Correct Answer: B

  The state is either open, filtered, closed, or unfiltered. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.

• Question 44:

  Your are trying the scan a machine located at ABC company's LAN named mail.abc.com. Actually that machine located behind the firewall. Which port is used by nmap to send the TCP synchronize frame to on mail.abc.com?

  A. 443

  B. 80

  C. 8080

  D. 23

  Correct Answer: A

• Question 45:

  What are the four steps is used by nmap scanning?

  A. DNS Lookup

  B. ICMP Message

  C. Ping

  D. Reverse DNS lookup

  E. TCP three way handshake

  F. The Actual nmap scan

  Correct Answer: ACDF

  Nmap performs four steps during a normal device scan. Some of these steps can be modified or disabled using options on the nmap command line.

• Question 46:

  Exhibit:

  

  Please study the exhibit carefully.

  Which Protocol maintains the communication on that way?

  A. UDP

  B. IP

  C. TCP

  D. ARP

  E. RARP

  Correct Answer: C

  A TCP connection is always initiated with the 3-way handshake, which establishes and negotiates the actual connection over which data will be sent.

• Question 47:

  Bob is a Junior Administrator at ABC.com is searching the port number of POP3 in a file. The partial output of the file is look like:

  

  In which file he is searching?

  A. services

  B. protocols

  C. hosts

  D. resolve.conf

  Correct Answer: A

  The port numbers on which certain standard services are offered are defined in the RFC 1700 Assigned Numbers. The /etc/services file enables server and client programs to convert service names to these numbers -ports. The list is kept on each host and it is stored in the file /etc/services.

• Question 48:

  While doing fast scan using F option, which file is used to list the range of ports to scan by nmap?

  A. services

  B. nmap-services

  C. protocols

  D. ports

  Correct Answer: B

  Nmap uses the nmap-services file to provide additional port detail for almost every scanning method. Every time a port is referenced, it's compared to an available description in this support file. If the nmap-services file isn't available, nmap reverts to the /etc/services file applicable for the current operating system.

• Question 49:

  You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?

  A. Use NetScan Tools Pro to conduct the scan

  B. Run nmap XMAS scan against 192.168.1.10

  C. Run NULL TCP hping2 against 192.168.1.10

  D. The firewall is blocking all the scans to 192.168.1.10

  Correct Answer: C

• Question 50:

  Which Type of scan sends a packets with no flags set ? Select the Answer

  A. Open Scan

  B. Null Scan

  C. Xmas Scan

  D. Half-Open Scan

  Correct Answer: B

  The types of port connections supported are: