$0.00
Eccouncil 312-50 Exam Dumps

Eccouncil 312-50 Exam Dumps

Certified Ethical Hacker Exam

614 Questions & Answers with Explanation
Update Date : July 02, 2026
PDF + Test Engine
$65 $95
Test Engine
$55 $85
PDF Only
$45 $75

Money back Guarantee

We just do not compromise with the bright future of our respected customers. PassExam4Sure takes the future of clients quite seriously and we ensure that our 312-50 exam dumps get you through the line. If you think that our exam question and answers did not help you much with the exam paper and you failed it somehow, we will happily return all of your invested money with a full 100% refund.

100% Real Questions

We verify and assure the authenticity of Eccouncil 312-50 exam dumps PDFs with 100% real and exam-oriented questions. Our exam questions and answers comprise 100% real exam questions from the latest and most recent exams in which you’re going to appear. So, our majestic library of exam dumps for Eccouncil 312-50 is surely going to push on forward on the path of success.

Security & Privacy

Free for download Eccouncil 312-50 demo papers are available for our customers to verify the authenticity of our legit helpful exam paper samples, and to authenticate what you will be getting from PassExam4Sure. We have tons of visitors daily who simply opt and try this process before making their purchase for Eccouncil 312-50 exam dumps.



Last Week 312-50 Exam Results

165

Customers Passed Eccouncil 312-50 Exam

98%

Average Score In Real 312-50 Exam

98%

Questions came from our 312-50 dumps.



Authentic 312-50 Exam Dumps


Prepare for Eccouncil 312-50 Exam like a Pro

PassExam4Sure is famous for its top-notch services for providing the most helpful, accurate, and up-to-date material for Eccouncil 312-50 exam in form of PDFs. Our 312-50 dumps for this particular exam is timely tested for any reviews in the content and if it needs any format changes or addition of new questions as per new exams conducted in recent times. Our highly-qualified professionals assure the guarantee that you will be passing out your exam with at least 85% marks overall. PassExam4Sure Eccouncil 312-50 ProvenDumps is the best possible way to prepare and pass your certification exam.

Easy Access and Friendly UI

PassExam4Sure is your best buddy in providing you with the latest and most accurate material without any hidden charges or pointless scrolling. We value your time and we strive hard to provide you with the best possible formatting of the PDFs with accurate, to the point, and vital information about Eccouncil 312-50. PassExam4Sure is your 24/7 guide partner and our exam material is curated in a way that it will be easily readable on all smartphone devices, tabs, and laptop PCs.

PassExam4Sure - The Undisputed King for Preparing 312-50 Exam

We have a sheer focus on providing you with the best course material for Eccouncil 312-50. So that you may prepare your exam like a pro, and get certified within no time. Our practice exam material will give you the necessary confidence you need to sit, relax, and do the exam in a real exam environment. If you truly crave success then simply sign up for PassExam4Sure Eccouncil 312-50 exam material. There are millions of people all over the globe who have completed their certification using PassExam4Sure exam dumps for Eccouncil 312-50.

100% Authentic Eccouncil 312-50 – Study Guide (Update 2026)

Our Eccouncil 312-50 exam questions and answers are reviewed by us on weekly basis. Our team of highly qualified Eccouncil professionals, who once also cleared the exams using our certification content does all the analysis of our recent exam dumps. The team makes sure that you will be getting the latest and the greatest exam content to practice, and polish your skills the right way. All you got to do now is to practice, practice a lot by taking our demo questions exam, and making sure that you prepare well for the final examination. Eccouncil 312-50 test is going to test you, play with your mind and psychology, and so be prepared for what’s coming. PassExam4Sure is here to help you and guide you in all steps you will be going through in your preparation for glory. Our free downloadable demo content can be checked out if you feel like testing us before investing your hard-earned money. PassExam4Sure guaranteed your success in the Eccouncil 312-50 exam because we have the newest and most authentic exam material that cannot be found anywhere else on the internet.


Eccouncil 312-50 Sample Questions

Question # 1

Which tool/utility can help you extract the application layer data from each TCP connectionfrom a log file into separate files?

A. Snort  
B. argus 
C. TCPflow 
D. Tcpdump



Question # 2

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which ofthe following lists the best options?

A. RSA, LSA, POP 
B. SSID, WEP, Kerberos 
C. SMB, SMTP, Smart card 
D. Kerberos, Smart card, Stanford SRP



Question # 3

The follows is an email header. What address is that of the true originator of the message?Return-Path: <[email protected]>Received: from smtp.com (fw.emumail.com [215.52.220.122].by raq-221-181.ev1.net (8.10.2/8.10.2. with ESMTP id h78NIn404807for <[email protected]>; Sat, 9 Aug 2003 18:18:50 -0500Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000Received: from ([19.25.19.10]. by smtp.com with SMTP Received: from unknown (HELO CHRISLAPTOP. (168.150.84.123.by localhost with SMTP; 8 Aug 2003 23:25:01 -0000From: "Bill Gates" <[email protected]>To: "mikeg" <[email protected]>Subject: We need your help!Date: Fri, 8 Aug 2003 19:12:28 -0400Message-ID: <51.32.123.21@CHRISLAPTOP>MIME-Version: 1.0Content-Type: multipart/mixed;boundary="----=_NextPart_000_0052_01C35DE1.03202950"X-Priority: 3 (Normal.X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook, Build 10.0.2627X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165Importance: Normal

A. 19.25.19.10 
B. 51.32.123.21 
C. 168.150.84.123 
D. 215.52.220.122 
E. 8.10.2/8.10.2 



Question # 4

Ethereal works best on ____________. 

A. Switched networks 
B. Linux platforms 
C. Networks using hubs 
D. Windows platforms 
E. LAN's 



Question # 5

Samantha was hired to perform an internal security test of company. She quickly realizedthat all networks are making use of switches instead of traditional hubs. This greatly limitsher ability to gather information through network sniffing.Which of the following techniques can she use to gather information from the switchednetwork or to disable some of the traffic isolation features of the switch? (Choose two)

A. Ethernet Zapping 
B. MAC Flooding 
C. Sniffing in promiscuous mode 
D. ARP Spoofing 



Question # 6

A POP3 client contacts the POP3 server:

A. To send mail 
B. To receive mail 
C. to send and receive mail 
D. to get the address to send mail to 
E. initiate a UDP SMTP connection to read mail 



Question # 7

A remote user tries to login to a secure network using Telnet, but accidently types in an invaliduser name or password. Which responses would NOT be preferred by an experienced SecurityManager? (multiple answer)

A. Invalid Username 
B. Invalid Password 
C. Authentication Failure 
D. Login Attempt Failed 
E. Access Denied 



Question # 8

ettercap –NCLzs --quietWhat does the command in the exhibit do in “Ettercap”?

A. This command will provide you the entire list of hosts in the LAN 
B. This command will check if someone is poisoning you and will report its IP. 
C. This command will detach from console and log all the collected passwords from the network toa file. 
D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs. 



Question # 9

You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c tocreate an executable file chess.exe. This Trojan when executed on the victim machine,scans the entire system (c:\) for data with the following text “Credit Card” and “password”.It then zips all the scanned files and sends an email to a predefined hotmail address.You want to make this Trojan persistent so that it survives computer reboots. Whichregistry entry will you add a key to make it persistent?

A. HKEY_LOCAL_MACHINE\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices 
B. HKEY_LOCAL_USER\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices 
C. HKEY_LOCAL_SYSTEM\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices 
D. HKEY_CURRENT_USER\SOFTWARE\MICROOSFT\Windows\CurrentVersion\RunServices 



Question # 10

John wants to try a new hacking tool on his Linux System. As the application comes from asite in his untrusted zone, John wants to ensure that the downloaded tool has not beenTrojaned. Which of the following options would indicate the best course of action for John?

A. Obtain the application via SSL 
B. Obtain the application from a CD-ROM disc 
C. Compare the files’ MD5 signature with the one published on the distribution media 
D. Compare the file’s virus signature with the one published on the distribution media 



Question # 11

Spears Technology, Inc is a software development company located in Los Angeles,California. They reported a breach in security, stating that its “security defenses has beenbreached and exploited for 2 weeks by hackers. “The hackers had accessed anddownloaded 90,000 address containing customer credit cards and password. SpearsTechnology found this attack to be so to law enforcement officials to protect theirintellectual property.How did this attack occur? The intruder entered through an employees home machine,which was connected to Spears Technology, Inc’s corporate VPN network. The applicationcalled BEAST Trojan was used in the attack to open a “Back Door” allowing the hackersundetected access. The security breach was discovered when customers complainedabout the usage of their credit cards without their knowledge.The hackers were traced back to Beijing China through e-mail address evidence. The creditcard information was sent to that same e-mail address. The passwords allowed the hackersto access Spears Technology’s network from a remote location, posing as employees. Theintent of the attacker was to steal the source code for their VOIP system and “hold ithostage” from Spears Technology, Inc exchange for ransom.The hackers had intended on selling the stolen VOIP software source code to competitors.How would you prevent such attacks from occurring in the future at Spears Technology?

A. Disable VPN access to all your employees from home machines 
B. Allow VPN access but replace the standard authentication with biometric authentication 
C. Replace the VPN access with dial-up modem access to the company’s network 
D. Enable 25 character complex password policy for employees to access the VPN network. 



Question # 12

Which definition below best describes a covert channel?

A. Making use of a Protocol in a way it was not intended to be used 
B. It is the multiplexing taking place on communication link 
C. It is one of the weak channels used by WEP that makes it insecure 
D. A Server Program using a port that is not well known 



Question # 13

Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. Heenters the following at the command prompt. $ nc -l -p 1026 -u -v In response, he sees the following message. cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION. Windows has found 47 Critical Errors. To fix the errors please do the following: 1. Download Registry Repair from: www.reg-patch.com 2. Install Registry Repair 3. Run Registry Repair 4. Reboot your computer FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION! What would you infer from this alert?

A. The machine is redirecting traffic to www.reg-patch.com using adware 
B. It is a genuine fault of windows registry and the registry needs to be backed up 
C. An attacker has compromised the machine and backdoored ports 1026 and 1027 
D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities 



Question # 14

A file integrity program such as Tripwire protects against Trojan horse attacks by:

A. Automatically deleting Trojan horse programs 
B. Rejecting packets generated by Trojan horse programs 
C. Using programming hooks to inform the kernel of Trojan horse behavior 
D. Helping you catch unexpected changes to a system utility file that might indicate it had beenreplaced by a Trojan horse



Question # 15

Sniffing is considered an active attack. 

A. True 
B. False 



Question # 16

Which of the following Netcat commands would be used to perform a UDP scan of thelower 1024 ports?

A. Netcat -h -U 
B. Netcat -hU <host(s.> 
C. Netcat -sU -p 1-1024 <host(s.> 
D. Netcat -u -v -w2 <host> 1-1024 
E. Netcat -sS -O target/1024 



Question # 17

Exhibit: * Missing*Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is thestandard "hexdump" representation of the network packet, before being decoded. Jasonwants to identify the trojan by looking at the destination port number and mapping to atrojan-port number database on the Internet. Identify the remote server's port number bydecoding the packet?

A. Port 1890 (Net-Devil Trojan) 
B. Port 1786 (Net-Devil Trojan) 
C. Port 1909 (Net-Devil Trojan) 
D. Port 6667 (Net-Devil Trojan) 



Question # 18

John wishes to install a new application onto his Windows 2000 server.He wants to ensure that any application he uses has not been Trojaned.What can he do to help ensure this?

A. Compare the file's MD5 signature with the one published on the distribution media 
B. Obtain the application via SSL 
C. Compare the file's virus signature with the one published on the distribution media 
D. Obtain the application from a CD-ROM disc 



Question # 19

In Linux, the three most common commands that hackers usually attempt to Trojan are:

A. car, xterm, grep 
B. netstat, ps, top 
C. vmware, sed, less 
D. xterm, ps, nc 



Question # 20

You suspect that your Windows machine has been compromised with a Trojan virus. Whenyou run anti-virus software it does not pick of the Trojan. Next you run netstat command tolook for open ports and you notice a strange port 6666 open.What is the next step you would do?

A. Re-install the operating system. 
B. Re-run anti-virus software. 
C. Install and run Trojan removal software. 
D. Run utility fport and look for the application executable that listens on port 6666. 



Question # 21

You have hidden a Trojan file virus.exe inside another file readme.txt using NTFSstreaming.Which command would you execute to extract the Trojan to a standalone file?

A. c:\> type readme.txt:virus.exe > virus.exe 
B. c:\> more readme.txt | virus.exe > virus.exe 
C. c:\> cat readme.txt:virus.exe > virus.exe 
D. c:\> list redme.txt$virus.exe > virus.exe 



Question # 22

Which of the following statements would not be a proper definition for a Trojan Horse?

A. An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user
B. A legitimate program that has been altered by the placement of unauthorized code within it; thiscode perform functions unknown (and probably unwanted) by the user
C. An authorized program that has been designed to capture keyboard keystrokes while the userremains unaware of such an activity being performed. 
D. Any program that appears to perform a desirable and necessary function but that (because ofunauthorized code within it that is unknown to the user) performs functions unknown (anddefinitely unwanted) by the user. 



Question # 23

After an attacker has successfully compromised a remote computer, what would be one ofthe last steps that would be taken to ensure that the compromise is not traced back to thesource of the problem?

A. Install pactehs 
B. Setup a backdoor 
C. Cover your tracks 
D. Install a zombie for DDOS 



Question # 24

In the context of Trojans, what is the definition of a Wrapper?

A. An encryption tool to protect the Trojan. 
B. A tool used to bind the Trojan with legitimate file. 
C. A tool used to encapsulated packets within a new header and footer. 
D. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan. 



Question # 25

You want to use netcat to generate huge amount of useless network data continuously forvarious performance testing between 2 hosts.Which of the following commands accomplish this?

A. Machine A #yes AAAAAAAAAAAAAAAAAAAAAA | nc –v –v –l –p 2222 > /dev/null Machine B #yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null
B. Machine A cat somefile | nc –v –v –l –p 2222 Machine B cat somefile | nc othermachine 2222
C. Machine A nc –l –p 1234 | uncompress –c | tar xvfp Machine B tar cfp - /some/dir | compress –c | nc –w 3 machinea 1234
D. Machine A while true : do nc –v –l –s –p 6000 machineb 2 Machine B while true ; do nc –v –l –s –p 6000 machinea 2 done



Question # 26

What is a Trojan Horse?

A. A malicious program that captures your username and password 
B. Malicious code masquerading as or replacing legitimate code 
C. An unauthorized user who gains access to your user database and adds themselves as a user 
D. A server that is to be sacrificed to all hacking attempts in order to log and monitor the hackingactivity 



Question # 27

Assuring two systems that are using IPSec to protect traffic over the internet, what type ofgeneral attack could compromise the data?

A. Spoof Attack 
B. Smurf Attack 
C. Man in the Middle Attack 
D. Trojan Horse Attack 
E. Back Orifice Attack 



Question # 28

You have successfully brute forced basic authentication configured on a Web Server usingBrutus hacking tool. The username/password is “Admin” and “Bettlemani@”. You logon tothe system using the brute forced password and plant backdoors and rootkits.After downloading various sensitive documents from the compromised machine, youproceed to clear the log files to hide your trace..Which event log located at C:\Windows\system32\config contains the trace of your bruteforce attempts?

A. AppEvent.Evt 
B. SecEvent.Evt 
C. SysEvent.Evt 
D. WinEvent.Evt 



Question # 29

Michael is the security administrator for the for ABC company. Michael has been chargedwith strengthening the company’s security policies, including its password policies. Due tocertain legacy applications. Michael was only able to enforce a password group policy inActive Directory with a minimum of 10 characters. He has informed the company’semployes, however that the new password policy requires that everyone must havecomplex passwords with at least 14 characters. Michael wants to ensure that everyone isusing complex passwords that meet the new security policy requirements. Michael has justlogged on to one of the network’s domain controllers and is about to run the followingcommand:What will this command accomplish?

A. Dumps SAM password hashes to pwd.txt 
B. Password history file is piped to pwd.txt 
C. Dumps Active Directory password hashes to pwd.txt 
D. Internet cache file is piped to pwd.txt 



Question # 30

John Beetlesman, the hacker has successfully compromised the Linux System of AgentTelecommunications, Inc’s WebServer running Apache. He has downloaded sensitivedocuments and database files off the machine.Upon performing various tasks, Beetlesman finally runs the following command on theLinux box before disconnecting.for ((i=0;i<1;i++));do?dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hdadoneWhat exactly is John trying to do?

A. He is making a bit stream copy of the entire hard disk for later download 
B. He is deleting log files to remove his trace 
C. He is wiping the contents of the hard disk with zeros 
D. He is infecting the hard disk with random virus strings 



Question # 31

You are the security administrator for a large online auction company based out of LosAngeles. After getting your ENSA CERTIFICATION last year, you have steadily beenfortifying your network’s security including training OS hardening and network security.One of the last things you just changed for security reasons was to modify all the built-inadministrator accounts on the local computers of PCs and in Active Directory. Afterthrough testing you found and no services or programs were affected by the namechanges.Your company undergoes an outside security audit by a consulting company and they saidthat even through all the administrator account names were changed, the accounts couldstill be used by a clever hacker to gain unauthorized access. You argue with the auditorsand say that is not possible, so they use a tool and show you how easy it is to utilize theadministrator account even though its name was changed. What tool did the auditors use?

A. sid2user 
B. User2sid 
C. GetAcct 
D. Fingerprint 



Question # 32

You are the IT Manager of a large legal firm in California. Your firm represents manyimportant clients whose names always must remain anonymous to the public. Your boss,Mr. Smith is always concerned about client information being leaked or revealed to the presor public. You have just finished a complete security overhaul of your information systemincluding an updated IPS, new firewall, email encryption and employee security awarenesstraining. Unfortunately, many of your firm’s clients do not trust technology to completelysecure their information, so couriers routinely have to travel back and forth to and from theoffice with sensitive information.Your boss has charged you with figuring out how to secure the information the couriersmust transport. You propose that the data be transferred using burned CD’s or USB flashdrives. You initially think of encrypting the files, but decide against that method for fear theencryption keys could eventually be broken.What software application could you use to hide the data on the CD’s and USB flashdrives?

A. Snow 
B. File Snuff 
C. File Sneaker 
D. EFS 



Question # 33

Which of the following is an attack in which a secret value like a hash is captured and thenreused at a later time to gain access to a system without ever decrypting or decoding the hash.

A. Replay Attacks 
B. Brute Force Attacks 
C. Cryptography Attacks 
D. John the Ripper Attacks 



Question # 34

Travis works primarily from home as a medical transcriptions.He just bought a brand new Dual Core Pentium Computer with over 3 GB of RAM. He usesvoice recognition software is processor intensive, which is why he bought the newcomputer. Travis frequently has to get on the Internet to do research on what he is workingon. After about two months of working on his new computer, he notices that it is notrunning nearly as fast as it used to.Travis uses antivirus software, anti-spyware software and always keeps the computer upto-date with Microsoft patches.After another month of working on the computer, Travis computer is even more noticeableslow. Every once in awhile, Travis also notices a window or two pop-up on his screen, butthey quickly disappear. He has seen these windows show up, even when he has not beenon the Internet. Travis is really worried about his computer because he spent a lot ofmoney on it and he depends on it to work. Travis scans his through Windows Explorer andcheck out the file system, folder by folder to see if there is anything he can find. He spendsover four hours pouring over the files and folders and can’t find anything but before hegives up, he notices that his computer only has about 10 GB of free space available. Sincehas drive is a 200 GB hard drive, Travis thinks this is very odd.Travis downloads Space Monger and adds up the sizes for all the folders and files on hiscomputer. According to his calculations, he should have around 150 GB of free space.What is mostly likely the cause of Travi’s problems?

A. Travis’s Computer is infected with stealth kernel level rootkit 
B. Travi’s Computer is infected with Stealth Torjan Virus 
C. Travis’s Computer is infected with Self-Replication Worm that fills the hard disk space 
D. Logic Bomb’s triggered at random times creating hidden data consuming junk files 



Question # 35

LAN Manager passwords are concatenated to 14 bytes and split in half. The two halves arehashed individually. If the password is 7 characters or less, than the second half of thehash is always:

A. 0xAAD3B435B51404EE 
B. 0xAAD3B435B51404AA 
C. 0xAAD3B435B51404BB 
D. 0xAAD3B435B51404CC 



Question # 36

Samuel is the network administrator of DataX communications Inc. He is trying to configurehis firewall to block password brute force attempts on his network. He enables blocking theintruder’s IP address for a period of 24 hours time after more than three unsuccessfulattempts. He is confident that this rule will secure his network hackers on the Internet.But he still receives hundreds of thousands brute-force attempts generated from various IPaddresses around the world. After some investigation he realizes that the intruders areusing a proxy somewhere else on the Internet which has been scripted to enable therandom usage of various proxies on each request so as not to get caught by the firewalluse.Later he adds another rule to his firewall and enables small sleep on the password attemptso that if the password is incorrect, it would take 45 seconds to return to the user to beginanother attempt. Since an intruder may use multiple machines to brute force the password,he also throttles the number of connections that will be prepared to accept from aparticular IP address. This action will slow the intruder’s attempts.Samuel wants to completely block hackers brute force attempts on his network.What are the alternatives to defending against possible brute-force password attacks onhis site?

A. Enforce a password policy and use account lockouts after three wrong logon attempts eventhrough this might lock out legit users
B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address ofthe intruder so that you can block them at the firewall manually 
C. Enforce complex password policy on your network so that passwords are more difficult to bruteforce
D. You can’t completely block the intruders attempt if they constantly switch proxies 



Question # 37

In the following example, which of these is the "exploit"?Today, Microsoft Corporation released a security notice. It detailed how a person couldbring down the Windows 2003 Server operating system, by sending malformed packets toit. They detailed how this malicious process had been automated using basic scripting.Even worse, the new automated method for bringing down the server has already beenused to perform denial of service attacks on many large commercial websites.Select the best answer.

A. Microsoft Corporation is the exploit. 
B. The security "hole" in the product is the exploit. 
C. Windows 2003 Server 
D. The exploit is the hacker that would use this vulnerability. 
E. The documented method of how to use the vulnerability to gain unprivileged access. 



Question # 38

One of your junior administrator is concerned with Windows LM hashes and passwordcracking. In your discussion with them, which of the following are true statements that youwould point out?Select the best answers.

A. John the Ripper can be used to crack a variety of passwords, but one limitation is that theoutput doesn't show if the password is upper or lower case.
B. BY using NTLMV1, you have implemented an effective countermeasure to password cracking. 
C. SYSKEY is an effective countermeasure. 
D. If a Windows LM password is 7 characters or less, the hash will be passed with the followingcharacters, in HEX- 00112233445566778899.
E. Enforcing Windows complex passwords is an effective countermeasure. 



Question # 39

You are a Administrator of Windows server. You want to find the port number for POP3.What file would you find the information in and where?Select the best answer.

A. %windir%\\etc\\services 
C. %windir%\\system32\\drivers\\etc\\services 
D. /etc/services 
E. %windir%/system32/drivers/etc/services 



Question # 40

_____ is the process of converting something from one representation to the simplestform. It deals with the way in which systems convert data from one form to another.

A. Canonicalization 
B. Character Mapping 
C. Character Encoding 
D. UCS transformation formats 



Question # 41

Which of the following keyloggers cannot be detected by anti-virus or anti-spywareproducts?

A. Covert keylogger 
B. Stealth keylogger 
C. Software keylogger 
D. Hardware keylogger 



Question # 42

How would you describe an attack where an attacker attempts to deliver the payload overmultiple packets over long periods of time with the purpose of defeating simple patternmatching in IDS systems without session reconstruction? A characteristic of this attackwould be a continuous stream of small packets.

A. Session Splicing
B. Session Stealing 
C. Session Hijacking 
D. Session Fragmentation 



Question # 43

LM authentication is not as strong as Windows NT authentication so you may want todisable its use, because an attacker eavesdropping on network traffic will attack the weakerprotocol. A successful attack can compromise the user's password. How do you disableLM authentication in Windows XP?

A. Stop the LM service in Windows XP 
B. Disable LSASS service in Windows XP 
C. Disable LM authentication in the registry 
D. Download and install LMSHUT.EXE tool from Microsoft website 



Our Clients Say About Eccouncil 312-50 Exam