CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50

Free 312-50 Exam Braindumps (page: 13)

Page 13 of 191
PDF with 765 Questions

John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.
What would you suggest to John to help identify the OS that is being used on the remote web server?

  1. Connect to the web server with a browser and look at the web page.
  2. Connect to the web server with an FTP client.
  3. Telnet to port 8080 on the web server and look at the default page code.
  4. Telnet to an open port and grab the banner.

Answer(s): D

Explanation:

Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.



An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:

21 ftp
23 telnet
80 http
443 https

What does this suggest ?

  1. This is a Windows Domain Controller
  2. The host is not firewalled
  3. The host is not a Linux or Solaris system
  4. The host is not properly patched

Answer(s): D

Explanation:

If the answer was A nmap would guess it, it holds the MS signature database, the host not being firewalled makes no difference. The host is not linux or solaris, well it very well could be. The host is not properly patched? That is the closest; nmaps OS detection architecture is based solely off the TCP ISN issued by the operating systems TCP/IP stack, if the stack is modified to show output from randomized ISN's or if your using a program to change the ISN then OS detection will fail. If the TCP/IP IP ID's are modified then os detection could also fail, because the machine would most likely come back as being down.



What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

  1. Blind Port Scanning
  2. Idle Scanning
  3. Bounce Scanning
  4. Stealth Scanning
  5. UDP Scanning

Answer(s): B

Explanation:

From NMAP:-sI <zombie host[:probeport]> Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable "IP fragmentation ID" sequence generation onthe zombie host to glean information about the open ports on the target.



What port scanning method is the most reliable but also the most detectable?

  1. Null Scanning
  2. Connect Scanning
  3. ICMP Scanning
  4. Idlescan Scanning
  5. Half Scanning
  6. Verbose Scanning

Answer(s): B

Explanation:

A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection.



Page 13 of 191



Post your Comments and Discuss EC-Council 312-50 exam with other Community members:

Comeru commented on October 15, 2024
You pass this exam with these questions. But you need to get the full version.
UNITED STATES
upvote

ribrahim commented on June 29, 2023
Done the purchase downloaded successfully thanks!
SINGAPORE
upvote

Drew commented on March 08, 2018
need step 3 download activated
UNITED STATES
upvote

Josh commented on September 18, 2017
Just paid for it ... seamless experience ... looking forward to using the program to study for the CEH and pass it with flying colors!
UNITED STATES
upvote