Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50

EC-Council 312-50 Exam Questions
Ethical Hacker Certified (Page 10 )

Updated On: 17-Feb-2026
Page 10 of 154
PDF with 765 Questions

You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.
What should be the next logical step that should be performed?

  1. Connect to open ports to discover applications.
  2. Perform a ping sweep to identify any additional systems that might be up.
  3. Perform a SYN scan on port 21 to identify any additional systems that might be up.
  4. Rescan every computer to verify the results.

Answer(s): C

Explanation:

As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems.



Ann would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point.
Which of the following type of scans would be the most accurate and reliable option?

  1. A half-scan
  2. A UDP scan
  3. A TCP Connect scan
  4. A FIN scan

Answer(s): C

Explanation:

A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned.
Example of a three-way handshake followed by a reset:

Source Destination Summary
-------------------------------------------------------------------------------------
[192.168.0.8] [192.168.0.10] TCP: D=80 S=49389 SYN SEQ=3362197786 LEN=0 WIN=5840 [192.168.0.10] [192.168.0.8] TCP: D=49389 S=80 SYN ACK=3362197787 SEQ=58695210 LEN=0 WIN=65535
[192.168.0.8] [192.168.0.10] TCP: D=80 S=49389 ACK=58695211 WIN<<2=5840 [192.168.0.8] [192.168.0.10] TCP: D=80 S=49389 RST ACK=58695211 WIN<<2=5840



What type of port scan is shown below?

  1. Idle Scan
  2. Windows Scan
  3. XMAS Scan
  4. SYN Stealth Scan

Answer(s): C

Explanation:

An Xmas port scan is variant of TCP port scan. This type of scan tries to obtain information about the state of a target port by sending a packet which has multiple TCP flags set to 1 - "lit as an Xmas tree". The flags set for Xmas scan are FIN, URG and PSH. The purpose is to confuse and bypass simple firewalls. Some stateless firewalls only check against security policy those packets which have the SYN flag set (that is, packets that initiate connection according to the standards). Since Xmas scan packets are different, they can pass through these simple systems and reach the target host.



War dialing is a very old attack and depicted in movies that were made years ago. Why would a modem security tester consider using such an old technique?

  1. It is cool, and if it works in the movies it must work in real life.
  2. It allows circumvention of protection mechanisms by being on the internal network.
  3. It allows circumvention of the company PBX.
  4. A good security tester would not use such a derelict technique.

Answer(s): B

Explanation:

If you are lucky and find a modem that answers and is connected to the target network, it usually is less protected (as only employees are supposed to know of its existence) and once connected you don’t need to take evasive actions towards any firewalls or IDS.



An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system.
What is the most probable reason?

  1. The firewall is blocking port 23 to that system.
  2. He cannot spoof his IP and successfully use TCP.
  3. He needs to use an automated tool to telnet in.
  4. He is attacking an operating system that does not reply to telnet even when open.

Answer(s): B

Explanation:

Spoofing your IP will only work if you don’t need to get an answer from the target system. In this case the answer (login prompt) from the telnet session will be sent to the “real” location of the IP address that you are showing as the connection initiator.






Post your Comments and Discuss EC-Council 312-50 exam dumps with other Community members:

Join the 312-50 Discussion