EC-COUNCIL 312-50 Online Practice
Questions and Exam Preparation
312-50 Exam Details
Exam Code
:312-50
Exam Name
:Certified Ethical Hacker
Certification
:EC-COUNCIL Certifications
Vendor
:EC-COUNCIL
Total Questions
:765 Q&As
Last Updated
:May 31, 2026
EC-COUNCIL 312-50 Online Questions &
Answers
Question 611:
This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate- looking e-mail asking users to update their information on the company's Web site, but the URLs in the e-mail actually point to a false Web site.
A. Wiresharp attack B. Switch and bait attack C. Phishing attack D. Man-in-the-Middle attack
C. Phishing attack
Question 612:
Exhibit:
ettercap NCLzs --quiet
What does the command in the exhibit do in "Ettercap"?
A. This command will provide you the entire list of hosts in the LAN B. This command will check if someone is poisoning you and will report its IP. C. This command will detach from console and log all the collected passwords from the network to a file. D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.
C. This command will detach from console and log all the collected passwords from the network to a file.
-N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the form "YYYYMMDD-collected-pass.log" -z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
--quiet = "demonize" ettercap. Useful if you want to log all data in background.
Question 613:
Which of these are phases of a reverse social engineering attack? Select the best answers.
A. Sabotage B. Assisting C. Deceiving D. Advertising E. Manipulating
A. Sabotage B. Assisting D. Advertising
According to "Methods of Hacking: Social
Engineering", by Rick Nelson, the three phases of reverse social engineering attacks are sabotage, advertising, and assisting.
Question 614:
William has received a Tetris game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to install the game anyway because he really likes Tetris.
After William installs the game, he plays it for a couple of hours. The next day, William plays the Tetris game again and notices that his machines have begun to slow down. He brings up his Task Manager and sees the following programs
running (see Screenshot):
What has William just installed?
A. Remote Access Trojan (RAT) B. Zombie Zapper (ZoZ) C. Bot IRC Tunnel (BIT) D. Root Digger (RD)
A. Remote Access Trojan (RAT)
RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. On a basic level, many RATs mimic the functionality of legitimate remote control programs such as Symantec's pcAnywhere but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.
Question 615:
Which definition below best describes a covert channel?
A. Making use of a Protocol in a way it was not intended to be used B. It is the multiplexing taking place on communication link C. It is one of the weak channels used by WEP that makes it insecure D. A Server Program using a port that is not well known
A. Making use of a Protocol in a way it was not intended to be used
A covert channel is a hidden communication channel not intended for information transfer at all. Redundancy can often be used to communicate in a covert way. There are several ways that hidden communication can be set up.
Question 616:
You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.
What is the next step you would do?
A. Re-install the operating system. B. Re-run anti-virus software. C. Install and run Trojan removal software. D. Run utility fport and look for the application executable that listens on port 6666.
D. Run utility fport and look for the application executable that listens on port 6666.
Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.
Question 617:
What is the purpose of firewalking?
A. It's a technique used to discover Wireless network on foot B. It's a technique used to map routers on a network link C. It's a technique used to discover interface in promiscuous mode D. It's a technique used to discover what rules are configured on a gateway
D. It's a technique used to discover what rules are configured on a gateway
Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker's host to a destination host through a packet-filtering device. This technique can be used to map `open' or `pass through' ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway.
Question 618:
In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID, it would prevent others from connecting to the wireless network. Unfortunately unauthorized users are still able to connect to the wireless network.
Why do you think this is possible?
A. Bob forgot to turn off DHCP. B. All access points are shipped with a default SSID. C. The SSID is still sent inside both client and AP packets. D. Bob's solution only works in ad-hoc mode.
B. All access points are shipped with a default SSID.
All access points are shipped with a default SSID unique to that manufacturer, for example 3com uses the default ssid comcomcom.
Question 619:
Which of the following is NOT a valid NetWare access level?
A. Not Logged in B. Logged in C. Console Access D. Administrator
D. Administrator
Administrator is an account not a access level.
Question 620:
What do you conclude from the nmap results below?
Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/)
(The 1592 ports scanned but not shown below are in state: closed)
Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed 1 IP address (1 host up) scanned in 91.66 seconds
A. The system is a Windows Domain Controller. B. The system is not firewalled. C. The system is not running Linux or Solaris. D. The system is not properly patched.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only EC-COUNCIL exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 312-50 exam preparations
and EC-COUNCIL certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.