[Free] 2017(Sep) EnsurePass Braindumps ECCouncil 312-50 Dumps with VCE and PDF 161-170

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/312-50.html

Ethical Hacking and Countermeasures

Question No: 161 – (Topic 4)

What is the proper response for a NULL scan if the port is open?

  1. SYN

  2. ACK

  3. FIN

  4. PSH

  5. RST

  6. No response

Answer: F

Explanation: A NULL scan will have no response if the port is open.

Question No: 162 – (Topic 4)

Which DNS resource record can indicate how long any quot;DNS poisoningquot; could last?

  1. MX

  2. SOA

  3. NS

  4. TIMEOUT

Answer: B

Explanation: The SOA contains information of secondary servers, update intervals and expiration times.

Question No: 163 – (Topic 4)

A zone file consists of which of the following Resource Records (RRs)?

  1. DNS, NS, AXFR, and MX records

  2. DNS, NS, PTR, and MX records

  3. SOA, NS, AXFR, and MX records

  4. SOA, NS, A, and MX records

Answer: D

Explanation: The zone file typically contains the following records: SOA – Start Of Authority

NS – Name Server record MX – Mail eXchange record A – Address record

Question No: 164 – (Topic 4)

What sequence of packets is sent during the initial TCP three-way handshake?

  1. SYN, URG, ACK

  2. FIN, FIN-ACK, ACK

  3. SYN, ACK, SYN-ACK

  4. SYN, SYN-ACK, ACK

Answer: D

Explanation: This is referred to as a quot;three way handshake.quot; The quot;SYNquot; flags are requests by the TCP stack at one end of a socket to synchronize themselves to the sequence numbering for this new sessions. The ACK flags acknowlege earlier packets in this session. Obviously only the initial packet has no ACK flag, since there are no previous packets to acknowlege. Only the second packet (the first response from a server to a client) has both the SYN and the ACK bits set.

Question No: 165 – (Topic 4)

Which of the following tools can be used to perform a zone transfer?

  1. NSLookup

  2. Finger

  3. Dig

  4. Sam Spade

  5. Host

  6. Netcat

  7. Neotrace

Answer: A,C,D,E

Explanation: There are a number of tools that can be used to perform a zone transfer. Some of these include: NSLookup, Host, Dig, and Sam Spade.

Question No: 166 – (Topic 4)

What does FIN in TCP flag define?

  1. Used to close a TCP connection

  2. Used to abort a TCP connection abruptly

  3. Used to indicate the beginning of a TCP connection

  4. Used to acknowledge receipt of a previous packet or transmission

Answer: A

Explanation: The FIN flag stands for the word FINished. This flag is used to tear down the virtual connections created using the previous flag (SYN), so because of this reason, the FIN flag always appears when the last packets are exchanged between a connection.

Question No: 167 – (Topic 4)

Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

  1. Finger

  2. FTP

  3. Samba

  4. SMB

Answer: D

Explanation: The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.

Question No: 168 – (Topic 4)

Exhibit:

Ensurepass 2017 PDF and VCE

What type of attack is shown in the above diagram?

  1. SSL Spoofing Attack

  2. Identity Stealing Attack

  3. Session Hijacking Attack

  4. Man-in-the-Middle (MiTM) Attack

Answer: D

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised.

Question No: 169 – (Topic 4)

What port number is used by LDAP protocol?

A. 110

B. 389

C. 445

D. 464

Answer: B

Explanation: Active Directory and Exchange use LDAP via TCP port 389 for clients.

Question No: 170 – (Topic 4)

Jess the hacker runs L0phtCrack’s built-in sniffer utility which grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to.

But Jess is not picking up hashed from the network. Why?

  1. The network protocol is configured to use SMB Signing.

  2. The physical network wire is on fibre optic cable.

  3. The network protocol is configured to use IPSEC.

  4. L0phtCrack SMB filtering only works through Switches and not Hubs.

Answer: A

Explanation: To protect against SMB session hijacking, NT supports a cryptographic integrity mechanism, SMB Signing, to prevent active network taps from interjecting themselves into an already established session.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass 312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.