[Lead2pass New] Lead2pass 312-50v9 Dumps PDF Free Download (321-340)

Lead2pass 2017 November New EC-Council 312-50v9 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

312-50v9 exam questions and answers provided by Lead2pass will guarantee you pass 312-50v9 exam, because Lead2pass is the top IT Certification study training materials vendor. Many candidates have passed exam with the help of Lead2pass. We offer the latest 312-50v9 PDF and VCE dumps with new version VCE player for free download, you can pass the exam beyond any doubt.

Following questions and answers are all new published by EC-Council Official Exam Center: https://www.lead2pass.com/312-50v9.html

QUESTION 321
As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

A.    request smtp 25
B.    tcp.port eq 25
C.    smtp port
D.    tcp.contains port 25

Answer: B

QUESTION 322
Which service in a PKI will vouch for the identity of an individual or company?

A.    KDC
B.    CA
C.    CR
D.    CBC

Answer: B

QUESTION 323
In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?

A.    Implementing IPv4 security in a dual-stack network offers protection from IPv6 attacks too.
B.    Vulnerabilities in the application layer are independent of the network layer. Attacks and mitigation techniques are almost identical.
C.    Due to the extensive security measures built in IPv6, application layer vulnerabilities need not be addresses.
D.    Vulnerabilities in the application layer are greatly different from IPv4.

Answer: B

QUESTION 324
In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.

Example:
allintitle: root passwd

A.    Maintaining Access
B.    Gaining Access
C.    Reconnaissance
D.    Scanning and Enumeration

Answer: C

QUESTION 325
Which type of security feature stops vehicles from crashing through the doors of a building?

A.    Turnstile
B.    Bollards
C.    Mantrap
D.    Receptionist

Answer: B

QUESTION 326
……..is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.

Fill in the blank with appropriate choice.

A.    Collision Attack
B.    Evil Twin Attack
C.    Sinkhole Attack
D.    Signal Jamming Attack

Answer: B

QUESTION 327
Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?

A.    Role Based Access Control (RBAC)
B.    Discretionary Access Control (DAC)
C.    Windows authentication
D.    Single sign-on

Answer: D

QUESTION 328
What attack is used to crack passwords by using a precomputed table of hashed passwords?

A.    Brute Force Attack
B.    Hybrid Attack
C.    Rainbow Table Attack
D.    Dictionary Attack

Answer: C

QUESTION 329
Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network’s SSID and password and you hear them both clearly. What do you do with this information?

A.    Nothing, but suggest to him to change the network’s SSID and password.
B.    Sell his SSID and password to friends that come to your house, so it doesn’t slow down your network.
C.    Log onto to his network, after all it’s his fault that you can get in.
D.    Only use his network when you have large downloads so you don’t tax your own network.

Answer: A

QUESTION 330
Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet- facing services, which OS did it not directly affect?

A.    Windows
B.    Unix
C.    Linux
D.    OS X

Answer: D

QUESTION 331
You want to analyze packets on your wireless network. Which program would you use?

A.    Wireshark with Airpcap
B.    Airsnort with Airpcap
C.    Wireshark with Winpcap
D.    Ethereal with Winpcap

Answer: A

QUESTION 332
It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse, and power it down. What step in incident handling did you just complete?

A.    Containment
B.    Eradication
C.    Recovery
D.    Discovery

Answer: A

QUESTION 333
What is the code written for?

#!/usr/bin/python
import socket
buffer=[“A”]
counter=50
while len(buffer)<=100:
buffer.apend (“A”*counter)
counter=counter+50
commands=[“HELP”,“STATS.”,“RTIME.”,“LTIME.”,“SRUN.”,“TRUN.”,“GMON.”,“GDOG.”,“KSTET.”,“GTER.”,“HTER.”,“LTER.”,“KSTAN.”]
for command in commands:
for buffstring in buffer:
  print “Exploiting” +command+“:”+str(len(buffstring))
  s=socket.socket(socket.AF_INET.socket.SOCK_STREAM)
  s.connect((‘127.0.0.1’,9999))
  s.recv(50)
  s.send(command+buffstring)
  s.close()

A.    Buffer Overflow
B.    Encryption
C.    Bruteforce
D.    Denial-of-service (Dos)

Answer: A
Explanation:

QUESTION 334
An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

A.    Use fences in the entrance doors.
B.    Install a CCTV with cameras pointing to the entrance doors and the street.
C.    Use an IDS in the entrance doors and install some of them near the corners.
D.    Use lights in all the entrance doors and along the company’s perimeter.

Answer: B

QUESTION 335
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

A.    Heartbleed Bug
B.    POODLE
C.    SSL/TLS Renegotiation Vulnerability
D.    Shellshock

Answer: A

QUESTION 336
There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same value is?

A.    Collision
B.    Collusion
C.    Polymorphism
D.    Escrow

Answer: C

QUESTION 337
Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?

A.    Network security policy
B.    Remote access policy
C.    Information protection policy
D.    Access control policy

Answer: B

QUESTION 338
One of the Forbes 500 companies has been subjected to a large scale attack. You are one of the shortlisted pen testers that they may hire. During the interview with the CIO, he emphasized that he wants to totally eliminate all risks. What is one of the first things you should do when hired?

A.    Interview all employees in the company to rule out possible insider threats.
B.    Establish attribution to suspected attackers.
C.    Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.
D.    Start the Wireshark application to start sniffing network traffic.

Answer: C

QUESTION 339
Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?

A.    http-git
B.    http-headers
C.    http enum
D.    http-methods

Answer: D

QUESTION 340
Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?

A.    Gaining access
B.    Escalating privileges
C.    Network mapping
D.    Footprinting

Answer: D

More free Lead2pass 312-50v9 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDTVZJRHRvblhycms

Lead2pass is the leader in supplying candidates with current and up-to-date training materials for EC-Council certification and exam preparation. Comparing with others, our 312-50v9 exam questions are more authoritative and complete. We offer the latest 312-50v9 PDF and VCE dumps with new version VCE player for free download, and the new 312-50v9 dump ensures your exam 100% pass.

2017 EC-Council 312-50v9 (All 589 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/312-50v9.html [100% Exam Pass Guaranteed]