EC-COUNCIL 312-50 Online Practice
Questions and Exam Preparation
312-50 Exam Details
Exam Code
:312-50
Exam Name
:Certified Ethical Hacker
Certification
:EC-COUNCIL Certifications
Vendor
:EC-COUNCIL
Total Questions
:765 Q&As
Last Updated
:May 31, 2026
EC-COUNCIL 312-50 Online Questions &
Answers
Question 601:
How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?
A. Covert Channel B. Crafted Channel C. Bounce Channel D. Deceptive Channel
A. Covert Channel
A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.
Question 602:
One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?
A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process B. Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack C. Replicating servers that can provide additional failsafe protection D. Load balance each server in a multiple-server architecture
A. Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process
Question 603:
You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack?
A. Configure routers to restrict the responses to Footprinting requests B. Configure Web Servers to avoid information leakage and disable unwanted protocols C. Lock the ports with suitable Firewall configuration D. Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns E. Evaluate the information before publishing it on the Website/Intranet F. Monitor every employee computer with Spy cameras, keyloggers and spy on them G. Perform Footprinting techniques and remove any sensitive information found on DMZ sites H. Prevent search engines from caching a Webpage and use anonymous registration services I. Disable directory and use split-DNS
F. Monitor every employee computer with Spy cameras, keyloggers and spy on them
Question 604:
Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean?
A. This response means the port he is scanning is open. B. The RST/ACK response means the port Fred is scanning is disabled. C. This means the port he is scanning is half open. D. This means that the port he is scanning on the host is closed.
D. This means that the port he is scanning on the host is closed.
Question 605:
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.
A. Use the same machines for DNS and other applications B. Harden DNS servers C. Use split-horizon operation for DNS servers D. Restrict Zone transfers E. Have subnet diversity between DNS servers
B. Harden DNS servers C. Use split-horizon operation for DNS servers D. Restrict Zone transfers E. Have subnet diversity between DNS servers
A is not a correct answer as it is never recommended to use a DNS server for any other application. Hardening of the DNS servers makes them less vulnerable to attack. It is recommended to split internal and external DNS servers (called
split-horizon operation). Zone transfers should only be accepted from authorized DNS servers.
By having DNS servers on different subnets, you may prevent both from going down, even if one of your networks goes down.
Question 606:
RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured.
What is the most likely cause behind this?
A. There are some flaws in the implementation. B. There is no key management. C. The IV range is too small. D. All of the above. E. None of the above.
D. All of the above.
Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets. Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed.
Question 607:
What are two things that are possible when scanning UDP ports? (Choose two.
A. A reset will be returned B. An ICMP message will be returned C. The four-way handshake will not be completed D. An RFC 1294 message will be returned E. Nothing
B. An ICMP message will be returned E. Nothing
Closed UDP ports can return an ICMP type 3 code 3 message. No response can mean the port is open or the packet was silently dropped.
Question 608:
In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?
A. WEP attack B. Drive by hacking C. Rogue access point attack D. Unauthorized access point attack
C. Rogue access point attack
The definition of a Rogue access point is:1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world.2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an "evil twin," the rogue AP picks up beacons (signals that advertise its presence) from the company's legitimate AP and transmits identical beacons, which some client machines inside the building associate with.
Question 609:
What do you call a system where users need to remember only one username and password, and be authenticated for multiple services?
A. Simple Sign-on B. Unique Sign-on C. Single Sign-on D. Digital Certificate
C. Single Sign-on
Single sign-on (SSO) is a specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Question 610:
NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish? nslookup
> server
> set type =any
> ls -d
A. Enables DNS spoofing B. Loads bogus entries into the DNS table C. Verifies zone security D. Performs a zone transfer E. Resets the DNS cache
D. Performs a zone transfer
If DNS has not been properly secured, the command sequence displayed above will perform a zone transfer.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-50 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.