EC-Council 312-50 exam lastest demo for share

Exam:EC-Council 312-50
Title:Ethical Hacking and Countermeasures (CEHv6)

Exam 312-50 Summary

EC-Council 312-50 certification is designed to provide the foundation needed by every IT Security Professional. EC-Council curriculum provides broad range of skills and knowledge needed to build and manage an organization’s networking and security operations and to effectively utilize various resources to achieve operation excellence.

The EC-Council Certified Ethical Hacker has emerged as one of today's most sought-after certifications.
This is the only official review guide to the test, covering all CEH exam objectives, from ethics and testing to securing wired and wireless networks.
Written industry expert Kimberly Graves, this concise, focused guide is ideal for people who have taken CEH classes and need a last-minute review.
The CD-ROM features two bonus exams, 150 flashcard questions, a searchable glossary of key terms, and hacking tools used in the EC-Council's CEH training.

By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide to system security provides the tools necessary for approaching computers with the skill and understanding of an outside hacker. A useful tool for those involved in securing networks from outside tampering, this guide to CEH 312-50 certification provides a vendor-neutral perspective for security officers, auditors, security professionals, site admistrators, and others concerned with the integrity of network infrastructures. Complete coverage of footprinting, trojans and backdoors, sniffers, viruses and worms, and hacking Novell and Linux exposes common vulnerabilities and reveals the tools and methods used by security professionals when implementing countermeasures.

If you are reading this courseware, it is quite possible that you realize the importance of information systems security.

However, we would like to put forth our motive behind compiling a resource such as this one, and what you can gain from this course.

You might find yourself asking, why choose this course, when there are several out there. The truth is that there cannot be any single courseware that can address all the issues in a detailed manner. Moreover, the rate at which exploits/tools/methods are being discovered by the security community makes it difficult for anybody to cover it at one go. This doesn't mean that this course is inadequate in any way.

We have tried to cover all major domains in such a manner that the reader will be able to appreciate the way security has evolved over time; as well as gain insight into the fundamental workings relevant to each domain. It is a blend of academic and practical wisdom, supplemented with tools that the reader can readily access and obtain a hands-on experience. The emphasis is on gaining the know-how, and this explains the leaning towards free and accessible tools. You will read about some of the most widespread attacks seen; the popular tools used by attackers and how attacks have been carried out from ordinary resources.

You may also want to know "After this course, what?" This courseware is a resource material. Any penetration tester can tell you that there is no one straight methodology or sequence of steps that you can follow while auditing a client site. There is no ONE template that will meet all your needs. Your testing strategy will vary with client, basic information enumeration, firewall penetration or other domains, you will find something in this courseware that you can definitely use.

Finally, this is not the end! This courseware is to be considered as a 'work-in-progress', because we will be adding value to this courseware over time. You may find some aspects detailed, while others may find it brief. The yardstick that we have used in this respect is simple - "does the content help explain the point at hand?" This doesn't mean that we would not love to hear from you regarding your viewpoints and suggestions. Do send us your feedback so that we can make this course a more useful one.

TABLE OF CONTENT:
Module 01 - Introduction to Ethical Hacking
Module 02 - Footprinting
Module 03 - Scanning
Module 04 - Enumeration
Module 05 - System Hacking
Module 06 - Trojans and Backdoors
Module 07 - Sniffers
Module 08 - Denial of Service
Module 09 - Social Engineering
Module 10 - Session Hijacking
Module 11 - Hacking Web Servers
Module 12 - Web Application Vulnerabilities
Module 13 - Web Based Password Cracking Techniques
Module 14 - SQL Injection
Module 15 - Hacking Wireless Networks
Module 16 - Viruses
Module 17 - Novell Hacking
Module 18 - Linux Hacking
Module 19 - Evading IDS, Firewalls and Honeypots
Module 20 - Buffer Overflows
Module 21 - Cryptography

EC-Council  312-50 exam demo for share

1. What is the essential difference between an 'Ethical Hacker' and a 'Cracker'?

A. The ethical hacker does not use the same techniques or skills as a cracker.

B. The ethical hacker does it strictly for financial motives unlike a cracker.

C. The ethical hacker has authorization from the owner of the target.

D. The ethical hacker is just a cracker who is getting paid.

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find

the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for

the  work  he  does, a ethical  hacker  has  the  owners  authorization  and  will get paid  even if he  does not

succeed to penetrate the target.

2. What does the term "Ethical Hacking" mean?

A. Someone who is hacking for ethical reasons.

B. Someone who is using his/her skills for ethical reasons.

C. Someone who is using his/her skills for defensive purposes.

D. Someone who is using his/her skills for offensive purposes.

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer against malicious persons

by using the same techniques and skills.

3. Who is an Ethical Hacker?

A. A person whohacksfor ethical reasons

B. A person whohacksfor an ethical cause

C. A person whohacksfor defensive purposes

D. A person whohacksfor offensive purposes

Answer: C

Explanation:  The  Ethical  hacker  is  a  security  professional  who  applies  his  hacking  skills  for  defensive

purposes.

4. What is "Hacktivism"?

A. Hacking for a cause

B. Hacking ruthlessly

C. An association which groups activists

D. None of the above

Answer: A

Explanation: The term was coined by author/critic Jason Logan Bill Sack in an article about media artist Shu

Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged

effects similar to regular activism or civil disobedience.

5. Where should a security tester be looking for information that could be used by an attacker against an

organization? (Select all that apply)

A. CHAT rooms

B. WHOIS database

C. News groups

D. Web sites

E. Search engines

F. Organization's own web site

Answer: ABCDEF

Explanation: A Security tester should search for information everywhere that he/she can access. You never

know where you find that small piece of information that could penetrate a strong defense.

6. What are the two basic types of attacks?(Choose two.

A. DoS

B. Passive

C. Sniffing

D. Active

E. Cracking

Answer: BD

Explanation: Passive and active attacks are the two basic types of attacks.

7. You are footprinting Acme.com to gather competitive intelligence. You visit the acme.com websire for

contact information and telephone number numbers but do not find it listed there. You know that they had

the entire staff directory listed on their website 12 months ago but now it is not there. How would it be

possible for you to retrieve information from the website that is outdated?

A. Visit google search engine and view the cached copy.

B. Visit Archive.org site to retrieve the Internet archive of the acme website.

C. Crawl the entire website and store them into your computer.

D. Visit the company's partners and customers website for this information.

Answer: B

Explanation: The Internet Archive (IA) is a non-profit organization dedicated to maintaining an archive of

Web and multimedia resources. Located at the Presidio in San Francisco, California, this archive includes

"snapshots of the World Wide Web" (archived copies of pages, taken at various points in time), software,

movies, books, and audio recordings (including recordings of live concerts from bands that allow it). This

site is found at www.archive.org.

8. User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail

fraud?

A. 18 U.S.C 1029 Possession of Access Devices

B. 18 U.S.C 1030 Fraud and related activity in connection with computers

C. 18 U.S.C 1343 Fraud by wire, radio or television

D. 18 U.S.C 1361 Injury to Government Property

E. 18 U.S.C 1362 Government communication systems

F. 18 U.S.C 1831 Economic Espionage Act

G. 18 U.S.C 1832 Trade Secrets Act

Answer: B

Explanation:http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html

9. Which of the following activities will NOT be considered as passive footprinting?

A. Go through the rubbish to find out any information that might have been discarded.

B. Search on financial site such as Yahoo Financial to identify assets.

C. Scan the range of IP address found in the target DNS database.

D. Perform multiples queries using a search engine.

Answer: C

Explanation:Passive  footprinting  is  a method  in  which  the  attacker  never  makes  contact with  the  target

systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the

systems behind the IP addresses that is targeted by the scan.

10. Which  one  of  the  following  is  defined  as  the  process  of  distributing  incorrect  Internet  Protocol  (IP)

addresses/names with the intent of diverting traffic?

A. Network aliasing

B. Domain Name Server (DNS) poisoning

C. Reverse Address Resolution Protocol (ARP)

D. Port scanning

Answer: B

Explanation:This reference is close to the one listed DNS poisoning is the correct answer. This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning.

www.test4pass.com