[Free] 2017(Sep) EnsurePass Braindumps ECCouncil 312-50 Dumps with VCE and PDF 251-260

Ensurepass.com : Ensure you pass the IT Exams
2017 Sep ECCouncil Official New Released 312-50
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures

Question No: 251 – (Topic 7)

A POP3 client contacts the POP3 server:

  1. To send mail

  2. To receive mail

  3. to send and receive mail

  4. to get the address to send mail to

  5. initiate a UDP SMTP connection to read mail

Answer: B

Explanation: POP is used to receive e-mail.SMTP is used to send e-mail.

Question No: 252 – (Topic 7)

John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame?





Answer: A

Explanation: 0xFFFFFFFFFFFF is the destination MAC address of the broadcast frame.

Question No: 253 – (Topic 7)

Ethernet switches can be adversely affected by rapidly bombarding them with spoofed ARP responses. He port to MAC Address table (CAM Table) overflows on the switch and rather than failing completely, moves into broadcast mode, then the hacker can sniff all of the packets on the network.

Which of the following tool achieves this?

  1. ./macof

  2. ./sniffof

  3. ./dnsiff

  4. ./switchsnarf

Answer: A

Explanation: macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing).

Question No: 254 – (Topic 7)

Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.

Which of the following techniques can she use to gather information from the

switched network or to disable some of the traffic isolation features of the switch? (Choose two)

  1. Ethernet Zapping

  2. MAC Flooding

  3. Sniffing in promiscuous mode

  4. ARP Spoofing

Answer: B,D

Explanation: In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or #39;spoofed#39;, ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).

Question No: 255 – (Topic 7)

Windump is a Windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows Platform you must install a packet capture library. What is the name of this library?

  1. PCAP


  3. LibPCAP

  4. WinPCAP

Answer: D

Explanation: WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets

bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Question No: 256 – (Topic 7)

Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security- related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position.

Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around but the program he is using does not seem to be capturing anything. He pours through the sniffer’s manual but can’t find anything that directly relates to his problem. Harold decides to ask the network administrator if the has any thoughts on the problem. Harold is told that the sniffer was not working because the agency’s network is a switched network, which can’t be sniffed by some programs without some tweaking.

What technique could Harold use to sniff agency’s switched network?

  1. ARP spoof the default gateway

  2. Conduct MiTM against the switch

  3. Launch smurf attack against the switch

  4. Flood switch with ICMP packets

Answer: A

Explanation: ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack). The principle of ARP spoofing is to send fake, or #39;spoofed#39;, ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).

Question No: 257 – (Topic 7)

The network administrator at Spears Technology, Inc has configured the default gateway Cisco Router’s access-list as below:

Ensurepass 2017 PDF and VCE

You are tried to conduct security testing on their network. You successfully brute- force for SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco Configuration from the router. How would you proceed?

  1. Send a customized SNMP set request with spoofed source IP Address in the range-

  2. Run a network sniffer and capture the returned traffic with the configuration file from the router

  3. Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

  4. Use the Cisco’s TFTP default password to connect and download the configuration file

Answer: A,B

Explanation: SNMP is allowed only by access-list 1. Therefore you need to spoof a address and then sniff the reply from the gateway.

Question No: 258 – (Topic 7)

Ethereal works best on .

  1. Switched networks

  2. Linux platforms

  3. Networks using hubs

  4. Windows platforms

  5. LAN#39;s

Answer: C

Explanation: Ethereal is used for sniffing traffic. It will return the best results when used on an unswitched (i.e. hub. network.

Question No: 259 – (Topic 7)


Ensurepass 2017 PDF and VCE

You have captured some packets in Ethereal. You want to view only packets sent from What filter will you apply?

A. ip =

B. ip.src ==

  1. ip.equals

  2. ip.address =

Answer: B

Explanation: ip.src tells the filter to only show packets with as the source.

Question No: 260 – (Topic 7)

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

  1. Snort

  2. argus

  3. TCPflow

  4. Tcpdump

Answer: C

Explanation: Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like #39;tcpdump#39; shows a summary of packets seen on the wire, but usually doesn#39;t store the data that#39;s actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.

100% Ensurepass Free Download!
Download Free Demo:312-50 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2017 EnsurePass 312-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.