What flags are set in a X-MAS scan? (Choose all that apply.)


A.     SYN

B.     ACK

C.     FIN

D.     PSH

E.      RST

F.      URG


Correct Answer: CDF




Which of the following is an automated vulnerability assessment tool?


A.     Whack a Mole

B.     Nmap

C.     Nessus

D.     Kismet

E.      Jill32


Correct Answer: C




John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?


A.     nmap

B.     hping

C.     nessus

D.     make


Correct Answer: C




What is the disadvantage of an automated vulnerability assessment tool?


A.     Ineffective

B.     Slow

C.     Prone to false positives

D.     Prone to false negatives

E.      Noisy


Correct Answer: E




What are two things that are possible when scanning UDP ports? (Choose two.)


A.     A reset will be returned.

B.     An ICMP message will be returned.

C.     The four-way handshake will not be completed.

D.     An RFC 1294 message will be returned.

E.      Nothing


Correct Answer: BE




What does a type 3 code 13 represent? (Choose two.)


A.     Echo request

B.     Destination unreachable

C.     Network unreachable

D.     Administratively prohibited

E.      Port unreachable

F.      Time exceeded


Correct Answer: BD




Destination unreachable administratively prohibited messages can inform the hacker to what?


A.     That a circuit level proxy has been installed and is filtering traffic.

B.     That his/her scans are being blocked by a honeypot or jail.

C.     That the packets are being malformed by the scanning software.

D.   &nbsp
That a router or other packet-filtering device is blocking traffic.

E.      That the network is functioning normally.


Correct Answer: D




Which of the following Nmap commands would be used to perform a stack fingerprinting?


A.     Nmap -O -p80 <host(s.>

B.     Nmap -hU -Q<host(s.>

C.     Nmap -sT -p <host(s.>

D.     Nmap -u -o -w2 <host>

E.      Nmap -sS -0p target


Correct Answer: A




(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)


Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal? What is odd about this attack? Choose the best answer.




A.     This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.     This is back orifice activity as the scan comes from port 31337.

C.     The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.     These packets were crafted by a tool, they were not created by a standard IP stack.


Correct Answer: B




Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?


A.     SYN scan

B.     ACK scan

C.     RST scan

D.     Connect scan

E.      FIN scan


Correct Answer: D


Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.