Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50

EC-Council 312-50 Exam Questions
Ethical Hacker Certified (Page 12 )

Updated On: 17-Feb-2026
Page 12 of 154
PDF with 765 Questions

What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

  1. Blind Port Scanning
  2. Idle Scanning
  3. Bounce Scanning
  4. Stealth Scanning
  5. UDP Scanning

Answer(s): B

Explanation:

From NMAP:-sI <zombie host[:probeport]> Idlescan: This advanced scan method allows fora truly blind TCP port scan of the target (meaning no packets are sent tothe tar- get from your real IP address). Instead, a unique side-channelattack exploits predictable "IP fragmentation ID" sequence generation onthe zombie host to glean information about the open ports on the target.



What port scanning method is the most reliable but also the most detectable?

  1. Null Scanning
  2. Connect Scanning
  3. ICMP Scanning
  4. Idlescan Scanning
  5. Half Scanning
  6. Verbose Scanning

Answer(s): B

Explanation:

A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection.



What does an ICMP (Code 13) message normally indicates?

  1. It indicates that the destination host is unreachable
  2. It indicates to the host that the datagram which triggered the source quench message will need to be re-sent
  3. It indicates that the packet has been administratively dropped in transit
  4. It is a request to the host to cut back the rate at which it is sending traffic to the Internet destination

Answer(s): C

Explanation:

CODE 13 and type 3 is destination unreachable due to communication administratively prohibited by filtering hence maybe they meant "code 13", therefore would be C). Note:A - Type 3B - Type 4C - Type 3 Code 13D - Typ4 4



Because UDP is a connectionless protocol: (Select 2)

  1. UDP recvfrom() and write() scanning will yield reliable results
  2. It can only be used for Connect scans
  3. It can only be used for SYN scans
  4. There is no guarantee that the UDP packets will arrive at their destination
  5. ICMP port unreachable messages may not be returned successfully

Answer(s): D,E

Explanation:

Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives).



You are scanning into the target network for the first time. You find very few conventional ports open. When you attempt to perform traditional service identification by connecting to the open ports, it yields either unreliable or no results. You are unsure of what protocols are being used. You need to discover as many different protocols as possible. Which kind of scan would you use to do this?

  1. Nmap with the –sO (Raw IP packets) switch
  2. Nessus scan with TCP based pings
  3. Nmap scan with the –sP (Ping scan) switch
  4. Netcat scan with the –u –e switches

Answer(s): A

Explanation:

Running Nmap with the –sO switch will do a IP Protocol Scan. The IP protocol scan is a bit different than the other nmap scans. The IP protocol scan is searching for additional IP protocols in use by the remote station, such as ICMP, TCP, and UDP. If a router is scanned, additional IP protocols such as EGP or IGP may be identified.






Post your Comments and Discuss EC-Council 312-50 exam dumps with other Community members:

Join the 312-50 Discussion