CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-50

Free 312-50 Exam Braindumps (page: 26)

Page 25 of 191
PDF with 765 Questions

Study the log below and identify the scan type. tcpdump -vv host 192.168.1.10
17:34:45.802163 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 36166)
17:34:45.802216 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 33796)
17:34:45.802266 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 47066)
17:34:46.111982 eth0 < 192.168.1.1 > victim: ip-proto-74 0 (ttl 48, id 35585)
17:34:46.112039 eth0 < 192.168.1.1 > victim: ip-proto-117 0 (ttl 48, id 32834)
17:34:46.112092 eth0 < 192.168.1.1 > victim: ip-proto-25 0 (ttl 48, id 26292)
17:34:46.112143 eth0 < 192.168.1.1 > victim: ip-proto-162 0 (ttl 48, id 51058) tcpdump -vv -x host 192.168.1.10
17:35:06.731739 eth0 < 192.168.1.10 > victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c
0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000

  1. nmap -sR 192.168.1.10
  2. nmap -sS 192.168.1.10
  3. nmap -sV 192.168.1.10
  4. nmap -sO -T 192.168.1.10

Answer(s): D



Why would an attacker want to perform a scan on port 137?

  1. To discover proxy servers on a network
  2. To disrupt the NetBIOS SMB service on the target host
  3. To check for file and print sharing on Windows systems
  4. To discover information about a target host using NBTSTAT

Answer(s): D

Explanation:

Microsoft encapsulates netbios information within TCP/Ip using ports 135-139. It is trivial for an attacker to issue the following command:
nbtstat -A (your Ip address) from their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders).



Steve scans the network for SNMP enabled devices. Which port number Steve should scan?

  1. 69
  2. 150
  3. 161
  4. 169

Answer(s): C

Explanation:

The SNMP default port is 161. Port 69 is used for tftp, 150 is for SQL-NET and 169 is for SEND.



One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker source IP address.
You send a ping request to the broadcast address 192.168.5.255. [root@ceh/root]# ping -b 192.168.5.255
WARNING: pinging broadcast address
PING 192.168.5.255 (192.168.5.255) from 192.168.5.1 : 56(84) bytes of data.
64 bytes from 192.168.5.1: icmp_seq=0 ttl=255 time=4.1 ms 64 bytes from 192.168.5.5: icmp_seq=0 ttl=255 time=5.7 ms
---
---
---
There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

  1. You cannot ping a broadcast address. The above scenario is wrong.
  2. You should send a ping request with this command ping 192.168.5.0-255
  3. Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.
  4. Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

Answer(s): D

Explanation:

As stated in the correct option, Microsoft Windows does not handle pings to a broadcast address correctly and therefore ignores them.






Post your Comments and Discuss EC-Council 312-50 exam with other Community members:

312-50 Discussions & Posts