Halloween Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

EC0-350 Ethical Hacking and Countermeasures V8 Questions and Answers

Questions 4

A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

EC0-350 Question 4

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

How do you ensure if the e-mail is authentic and sent from fedex.com?

Options:

A.

Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all

B.

Check the Sender ID against the National Spam Database (NSD)

C.

Fake mail will have spelling/grammatical errors

D.

Fake mail uses extensive images, animation and flash content

Buy Now
Questions 5

TCP SYN Flood attack uses the three-way handshake mechanism.

1. An attacker at system A sends a SYN packet to victim at system B.

2. System B sends a SYN/ACK packet to victim A.

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A.

This status of client B is called _________________

Options:

A.

"half-closed"

B.

"half open"

C.

"full-open"

D.

"xmas-open"

Buy Now
Questions 6

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

EC0-350 Question 6

The user is prompted to enter the name of a city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'

How will you delete the OrdersTable from the database using SQL Injection?

Options:

A.

Chicago'; drop table OrdersTable --

B.

Delete table'blah'; OrdersTable --

C.

EXEC; SELECT * OrdersTable > DROP --

D.

cmdshell'; 'del c:\sql\mydb\OrdersTable' //

Buy Now
Questions 7

Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?

Options:

A.

Jayden can use the commanD. ip binding set.

B.

Jayden can use the commanD. no ip spoofing.

C.

She should use the commanD. no dhcp spoofing.

D.

She can use the commanD. ip dhcp snooping binding.

Buy Now
Questions 8

June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

Options:

A.

Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus

B.

Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus

C.

No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

D.

No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus

Buy Now
Questions 9

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

Options:

A.

Fraggle

B.

MAC Flood

C.

Smurf

D.

Tear Drop

Buy Now
Questions 10

Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Options:

A.

Dictionary attack

B.

Brute forcing attack

C.

Hybrid attack

D.

Syllable attack

E.

Rule-based attack

Buy Now
Questions 11

Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city's computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill's primary responsibility is to keep PC's and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network.

Hampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill's boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill's boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company's building.

How was Bill able to get Internet access without using an agency laptop?

Options:

A.

Bill spoofed the MAC address of Dell laptop

B.

Bill connected to a Rogue access point

C.

Toshiba and Dell laptops share the same hardware address

D.

Bill brute forced the Mac address ACLs

Buy Now
Questions 12

Which type of scan measures a person's external features through a digital video camera?

Options:

A.

Iris scan

B.

Retinal scan

C.

Facial recognition scan

D.

Signature kinetics scan

Buy Now
Questions 13

Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit.

You can visit Web sites without allowing anyone to gather information on sites visited by you. Services that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address.

These services typically use a proxy server to process each HTTP request. When the user requests a Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the information using its own server. The remote server (where the requested Web page resides) receives information on the anonymous Web surfing service in place of your information.

In which situations would you want to use anonymizer? (Select 3 answers)

Options:

A.

Increase your Web browsing bandwidth speed by using Anonymizer

B.

To protect your privacy and Identity on the Internet

C.

To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.

D.

Post negative entries in blogs without revealing your IP identity

Buy Now
Questions 14

What type of port scan is shown below?

EC0-350 Question 14

Options:

A.

Idle Scan

B.

FIN Scan

C.

XMAS Scan

D.

Windows Scan

Buy Now
Questions 15

This kind of attack will let you assume a users identity at a dynamically generated web page or site:

Options:

A.

SQL Injection

B.

Cross Site Scripting

C.

Session Hijacking

D.

Zone Transfer

Buy Now
Questions 16

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

Options:

A.

Mandatory Access Control

B.

Authorized Access Control

C.

Role-based Access Control

D.

Discretionary Access Control

Buy Now
Questions 17

The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence numbers of transmitted packets from host B are lower than the packet segment containing the set FIN flag.

Options:

A.

false

B.

true

Buy Now
Questions 18

Which definition below best describes a covert channel?

Options:

A.

A server program using a port that is not well known

B.

Making use of a protocol in a way it was not intended to be used

C.

It is the multiplexing taking place on a communication link

D.

It is one of the weak channels used by WEP that makes it insecure

Buy Now
Questions 19

SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:

Options:

A.

The source and destination address having the same value

B.

A large number of SYN packets appearing on a network without the corresponding reply packets

C.

The source and destination port numbers having the same value

D.

A large number of SYN packets appearing on a network with the corresponding reply packets

Buy Now
Questions 20

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive number of functions in the source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the line in the source code that might lead to buffer overflow?

EC0-350 Question 20

Options:

A.

9A.9

B.

17B.17

C.

20C.20

D.

32D.32

E.

35E.35

Buy Now
Questions 21

This method is used to determine the Operating system and version running on a remote target system. What is it called?

Options:

A.

Service Degradation

B.

OS Fingerprinting

C.

Manual Target System

D.

Identification Scanning

Buy Now
Questions 22

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

Options:

A.

Spoofing an IP address

B.

Tunneling scan over SSH

C.

Tunneling over high port numbers

D.

Scanning using fragmented IP packets

Buy Now
Questions 23

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

Options:

A.

Firewall

B.

Honeypot

C.

Core server

D.

Layer 4 switch

Buy Now
Questions 24

In Trojan terminology, what is a covert channel?

EC0-350 Question 24

Options:

A.

A channel that transfers information within a computer system or network in a way that violates the security policy

B.

A legitimate communication path within a computer system or network for transfer of data

C.

It is a kernel operation that hides boot processes and services to mask detection

D.

It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Buy Now
Questions 25

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Buy Now
Questions 26

You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

EC0-350 Question 26

  • DNS query is sent to the DNS server to resolve www.google.com
  • DNS server replies with the IP address for Google?
  • SYN packet is sent to Google.
  • Google sends back a SYN/ACK packet
  • Your computer completes the handshake by sending an ACK
  • The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

Options:

A.

4th packet

B.

3rdpacket

C.

6th packet

D.

5th packet

Buy Now
Questions 27

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

Options:

A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Buy Now
Questions 28

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

https://foobar.com/index.html?id=%3Cscript%20src=%22https://baddomain.com/badscript.js%22%3E%3C/script%3E ">See foobar

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Buy Now
Questions 29

Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor.

Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on.

Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them.

What technique has Jason most likely used?

Options:

A.

Stealth Rootkit Technique

B.

ADS Streams Technique

C.

Snow Hiding Technique

D.

Image Steganography Technique

Buy Now
Questions 30

John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame?

Options:

A.

0xFFFFFFFFFFFF

B.

0xDDDDDDDDDDDD

C.

0xAAAAAAAAAAAA

D.

0xBBBBBBBBBBBB

Buy Now
Questions 31

John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool?

Options:

A.

hping2

B.

nessus

C.

nmap

D.

make

Buy Now
Questions 32

What type of encryption does WPA2 use?

Options:

A.

DES 64 bit

B.

AES-CCMP 128 bit

C.

MD5 48 bit

D.

SHA 160 bit

Buy Now
Questions 33

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?

Options:

A.

Host

B.

Stateful

C.

Stateless

D.

Application

Buy Now
Questions 34

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

Options:

A.

It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

B.

If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.

C.

Hashing is faster compared to more traditional encryption algorithms.

D.

Passwords stored using hashes are non-reversible, making finding the password much more difficult.

Buy Now
Questions 35

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Buy Now
Questions 36

Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.

John Stevens is in charge of information security at Bank of Timbuktu. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank's customers had been changed! However, money hasn't been removed from the bank; instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:

EC0-350 Question 36

What kind of attack did the Hacker attempt to carry out at the bank?

Options:

A.

Brute force attack in which the Hacker attempted guessing login ID and password from password cracking tools.

B.

The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason's session.

C.

The Hacker used a generator module to pass results to the Web server and exploited Web application CGI vulnerability.

D.

The Hacker first attempted logins with suspected user names, then used SQL Injection to gain access to valid bank login IDs.

Buy Now
Questions 37

A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?

Options:

A.

NMAP -P 192.168.1-5.

B.

NMAP -P 192.168.0.0/16

C.

NMAP -P 192.168.1.0, 2.0, 3.0, 4.0, 5.0

D.

NMAP -P 192.168.1/17

Buy Now
Questions 38

An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?

Options:

A.

The firewall is blocking port 23 to that system

B.

He needs to use an automated tool to telnet in

C.

He cannot spoof his IP and successfully use TCP

D.

He is attacking an operating system that does not reply to telnet even when open

Buy Now
Questions 39

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

Options:

A.

nessus +

B.

nessus *s

C.

nessus &

D.

nessus -d

Buy Now
Questions 40

One way to defeat a multi-level security solution is to leak data via

Options:

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Buy Now
Questions 41

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Options:

A.

Usernames

B.

File permissions

C.

Firewall rulesets

D.

Passwords

Buy Now
Questions 42

You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack?

Options:

A.

Configure routers to restrict the responses to Footprinting requests

B.

Configure Web Servers to avoid information leakage and disable unwanted protocols

C.

Lock the ports with suitable Firewall configuration

D.

Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns

E.

Evaluate the information before publishing it on the Website/Intranet

F.

Monitor every employee computer with Spy cameras, keyloggers and spy on them

G.

Perform Footprinting techniques and remove any sensitive information found on DMZ sites

Buy Now
Questions 43

Which type of antenna is used in wireless communication?

Options:

A.

Omnidirectional

B.

Parabolic

C.

Uni-directional

D.

Bi-directional

Buy Now
Questions 44

Which set of access control solutions implements two-factor authentication?

Options:

A.

USB token and PIN

B.

Fingerprint scanner and retina scanner

C.

Password and PIN

D.

Account and password

Buy Now
Questions 45

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

Options:

A.

Man-in-the-middle attack

B.

Brute-force attack

C.

Dictionary attack

D.

Session hijacking

Buy Now
Questions 46

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

Options:

A.

Validate web content input for query strings.

B.

Validate web content input with scanning tools.

C.

Validate web content input for type, length, and range.

D.

Validate web content input for extraneous queries.

Buy Now
Questions 47

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options:

A.

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

B.

The root CA stores the user's hash value for safekeeping.

C.

The CA is the trusted root that issues certificates.

D.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Buy Now
Questions 48

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

Options:

A.

Cupp

B.

Nessus

C.

Cain and Abel

D.

John The Ripper Pro

Buy Now
Questions 49

An NMAP scan of a server shows port 69 is open. What risk could this pose?

Options:

A.

Unauthenticated access

B.

Weak SSL version

C.

Cleartext login

D.

Web portal data leak

Buy Now
Questions 50

Which of the following cryptography attack methods is usually performed without the use of a computer?

Options:

A.

Ciphertext-only attack

B.

Chosen key attack

C.

Rubber hose attack

D.

Rainbow table attack

Buy Now
Questions 51

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Options:

A.

Teardrop

B.

SYN flood

C.

Smurf attack

D.

Ping of death

Buy Now
Questions 52

From the two screenshots below, which of the following is occurring?

Options:

A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Buy Now
Questions 53

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Options:

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Buy Now
Questions 54

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

Options:

A.

UDP 123

B.

UDP 541

C.

UDP 514

D.

UDP 415

Buy Now
Questions 55

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

Options:

A.

ARP spoofing

B.

MAC duplication

C.

MAC flooding

D.

SYN flood

E.

Reverse smurf attack

F.

ARP broadcasting

Buy Now
Questions 56

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Options:

A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

Buy Now
Questions 57

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

Options:

A.

Unplug the network connection on the company’s web server.

B.

Determine the origin of the attack and launch a counterattack.

C.

Record as much information as possible from the attack.

D.

Perform a system restart on the company’s web server.

Buy Now
Questions 58

Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

Options:

A.

A reduction in password fatigue for users because they do not need to know multiple passwords when accessing multiple applications

B.

A reduction in network and application monitoring since all recording will be completed at the SSO system

C.

A reduction in system administration overhead since any user login problems can be resolved at the SSO system 

D.

A reduction in overall risk to the system since network and application attacks can only happen at the SSO point

Buy Now
Questions 59

Which of the following examples best represents a logical or technical control?

Options:

A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Buy Now
Questions 60

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Buy Now
Questions 61

What are common signs that a system has been compromised or hacked? (Choose three.)

Options:

A.

Increased amount of failed logon events

B.

Patterns in time gaps in system and/or event logs

C.

New user accounts created

D.

Consistency in usage baselines

E.

Partitions are encrypted

F.

Server hard drives become fragmented

Buy Now
Questions 62

How many bits encryption does SHA-1 use?

Options:

A.

64 bits

B.

128 bits

C.

256 bits

D.

160 bits

Buy Now
Questions 63

Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to verify her password with him ''just to double check our records.'' Jane does not suspect anything amiss, and parts with her password. Jack can now access Brown Co.'s computers with a valid user name and password, to steal the cookie recipe. What kind of attack is being illustrated here?

Options:

A.

Reverse Psychology

B.

Reverse Engineering

C.

Social Engineering

D.

Spoofing Identity

E.

Faking Identity

Buy Now
Questions 64

Which type of hacker represents the highest risk to your network?

Options:

A.

black hat hackers

B.

grey hat hackers

C.

disgruntled employees

D.

script kiddies

Buy Now
Questions 65

Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company came out with an exact duplicate product right before Kiley Innovators was about to release it. The executive team believes that an employee is leaking information to the rival company. Lori questions all employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given permission to search through the corporate email system. She searches by email being sent to and sent from the rival marketing company.

She finds one employee that appears to be sending very large email to this other marketing company, even though they should have no reason to be communicating with them. Lori tracks down the actual emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly harmless, usually containing some kind of joke. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture.

What technique was used by the Kiley Innovators employee to send information to the rival marketing company?

Options:

A.

The Kiley Innovators employee used cryptography to hide the information in the emails sent

B.

The method used by the employee to hide the information was logical watermarking

C.

The employee used steganography to hide information in the picture attachments

D.

By using the pictures to hide information, the employee utilized picture fuzzing

Buy Now
Questions 66

Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out vulnerabilities.

What are some of the common vulnerabilities in web applications that he should be concerned about?

Options:

A.

Non-validated parameters, broken access control, broken account and session management, cross-site scripting and buffer overflows are just a few common vulnerabilities

B.

Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities

C.

No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities

D.

No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities

Buy Now
Questions 67

Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys

Which step would you perform to detect this type of Trojan?

EC0-350 Question 67

Options:

A.

Scan for suspicious startup programs using msconfig

B.

Scan for suspicious network activities using Wireshark

C.

Scan for suspicious device drivers in c:\windows\system32\drivers

D.

Scan for suspicious open ports using netstat

Buy Now
Questions 68

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.

How does a polymorphic shellcode work?

Options:

A.

They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode

B.

They convert the shellcode into Unicode, using loader to convert back to machine code then executing them

C.

They reverse the working instructions into opposite order by masking the IDS signatures

D.

They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

Buy Now
Questions 69

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

Options:

A.

Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B.

Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C.

Configure the firewall to allow traffic on TCP port 53.

D.

Configure the firewall to allow traffic on TCP port 8080.

Buy Now
Questions 70

XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

EC0-350 Question 70

EC0-350 Question 70

What is the correct code when converted to html entities?

EC0-350 Question 70

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 71

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Options:

A.

Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card

B.

Educate and enforce physical security policies of the company to all the employees on a regular basis

C.

Setup a mock video camera next to the special card reader adjacent to the secure door

D.

Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door

Buy Now
Questions 72

What is the purpose of conducting security assessments on network resources?

Options:

A.

Documentation

B.

Validation

C.

Implementation

D.

Management

Buy Now
Questions 73

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

Options:

A.

Locate type=ns

B.

Request type=ns

C.

Set type=ns

D.

Transfer type=ns

Buy Now
Questions 74

Which of the following is an example of IP spoofing?

Options:

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Buy Now
Questions 75

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying.  What actions should the CEH take?

Options:

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Buy Now
Questions 76

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

Options:

A.

HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

B.

NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

C.

NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

D.

CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)

Buy Now
Questions 77

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

Options:

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Buy Now
Questions 78

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options:

A.

A bottom-up approach

B.

A top-down approach

C.

A senior creation approach

D.

An IT assurance approach

Buy Now
Questions 79

How is sniffing broadly categorized?

Options:

A.

Active and passive

B.

Broadcast and unicast

C.

Unmanaged and managed

D.

Filtered and unfiltered

Buy Now
Questions 80

Fingerprinting an Operating System helps a cracker because:

Options:

A.

It defines exactly what software you have installed

B.

It opens a security-delayed window based on the port being scanned

C.

It doesn't depend on the patches that have been applied to fix existing security holes

D.

It informs the cracker of which vulnerabilities he may be able to exploit on your system

Buy Now
Questions 81

In the following example, which of these is the "exploit"?

Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.

Select the best answer.

Options:

A.

Microsoft Corporation is the exploit.

B.

The security "hole" in the product is the exploit.

C.

Windows 2003 Server

D.

The exploit is the hacker that would use this vulnerability.

E.

The documented method of how to use the vulnerability to gain unprivileged access.

Buy Now
Questions 82

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two.

What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Buy Now
Questions 83

What is GINA?

Options:

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

Buy Now
Questions 84

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site.

One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:

H@cker Mess@ge:

Y0u @re De@d! Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Buy Now
Questions 85

_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes.

Options:

A.

Trojan

B.

RootKit

C.

DoS tool

D.

Scanner

E.

Backdoor

Buy Now
Questions 86

Which of the following is the primary objective of a rootkit?

Options:

A.

It opens a port to provide an unauthorized service

B.

It creates a buffer overflow

C.

It replaces legitimate programs

D.

It provides an undocumented opening in a program

Buy Now
Questions 87

Which definition among those given below best describes a covert channel?

Options:

A.

A server program using a port that is not well known.

B.

Making use of a protocol in a way it is not intended to be used.

C.

It is the multiplexing taking place on a communication link.

D.

It is one of the weak channels used by WEP which makes it insecure.

Buy Now
Questions 88

You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts.

Which of the following commands accomplish this?

Options:

A.

Machine A

#yes AAAAAAAAAAAAAAAAAAAAAA | nc –v –v –l –p 2222 > /dev/null

Machine B

#yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null

B.

Machine A

cat somefile | nc –v –v –l –p 2222

Machine B

cat somefile | nc othermachine 2222

C.

Machine A

nc –l –p 1234 | uncompress –c | tar xvfp

Machine B

tar cfp - /some/dir | compress –c | nc –w 3 machinea 1234

D.

Machine A

while true : do

nc –v –l –s –p 6000 machineb 2

Machine B

while true ; do

nc –v –l –s –p 6000 machinea 2

done

Buy Now
Questions 89

A zone file consists of which of the following Resource Records (RRs)?

Options:

A.

DNS, NS, AXFR, and MX records

B.

DNS, NS, PTR, and MX records

C.

SOA, NS, AXFR, and MX records

D.

SOA, NS, A, and MX records

Buy Now
Questions 90

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

Options:

A.

macof

B.

webspy

C.

filesnarf

D.

nfscopy

Buy Now
Questions 91

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

Options:

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

Buy Now
Questions 92

Which of the following are well know password-cracking programs?(Choose all that apply.

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Buy Now
Questions 93

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Buy Now
Questions 94

Which of the following algorithms can be used to guarantee the integrity of messages being sent, in transit, or stored? (Choose the best answer)

Options:

A.

symmetric algorithms

B.

asymmetric algorithms

C.

hashing algorithms

D.

integrity algorithms

Buy Now
Questions 95

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 96

Exhibit:

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Options:

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Buy Now
Questions 97

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

Options:

A.

CHAT rooms

B.

WHOIS database

C.

News groups

D.

Web sites

E.

Search engines

F.

Organization’s own web site

Buy Now
Questions 98

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

EC0-350 Question 98

Remote operating system guess: Too many signatures match to reliably guess the OS.

Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

What should be your next step to identify the OS?

Options:

A.

Perform a firewalk with that system as the target IP

B.

Perform a tcp traceroute to the system using port 53

C.

Run an nmap scan with the -v-v option to give a better output

D.

Connect to the active services and review the banner information

Buy Now
Questions 99

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? (Choose the most appropriate statement)

Options:

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carrier connection that is not normally valid.

D.

There packets were created by a tool; they were not created by a standard IP stack.

Buy Now
Questions 100

Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

Options:

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Buy Now
Questions 101

Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?

Options:

A.

Network aliasing

B.

Domain Name Server (DNS) poisoning

C.

Reverse Address Resolution Protocol (ARP)

D.

Port scanning

Buy Now
Questions 102

Who is an Ethical Hacker?

Options:

A.

A person who hacks for ethical reasons

B.

A person who hacks for an ethical cause

C.

A person who hacks for defensive purposes

D.

A person who hacks for offensive purposes

Buy Now
Questions 103

Exhibit

EC0-350 Question 103

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

Options:

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes form port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

Buy Now
Questions 104

You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet?

EC0-350 Question 104

Options:

A.

Ping packets cannot bypass firewalls

B.

You must use ping 10.2.3.4 switch

C.

Hping2 uses stealth TCP packets to connect

D.

Hping2 uses TCP instead of ICMP by default

Buy Now
Questions 105

What statement is true regarding LM hashes?

Options:

A.

LM hashes consist in 48 hexadecimal characters.

B.

LM hashes are based on AES128 cryptographic standard.

C.

Uppercase characters in the password are converted to lowercase.

D.

LM hashes are not generated when the password length exceeds 15 characters.

Buy Now
Questions 106

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process.  Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Options:

A.

768 bit key

B.

1025 bit key

C.

1536 bit key

D.

2048 bit key

Buy Now
Questions 107

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Options:

A.

Microsoft Security Baseline Analyzer

B.

Retina  

C.

Core Impact

D.

Microsoft Baseline Security Analyzer

Buy Now
Questions 108

A penetration tester was hired to perform a penetration test for a bank.  The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Options:

A.

Information reporting

B.

Vulnerability assessment

C.

Active information gathering

D.

Passive information gathering

Buy Now
Questions 109

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Buy Now
Questions 110

Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms. What is this document called?

Options:

A.

Information Audit Policy (IAP)

B.

Information Security Policy (ISP)

C.

Penetration Testing Policy (PTP)

D.

Company Compliance Policy (CCP)

Buy Now
Questions 111

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them:

FIN = 1

SYN = 2

RST = 4

PSH = 8

ACK = 16

URG = 32

ECE = 64

CWR =128

Example: To calculate SYN/ACK flag decimal value, add 2 (which is the decimal value of the SYN flag) to 16 (which is the decimal value of the ACK flag), so the result would be 18.

Based on the above calculation, what is the decimal value for XMAS scan?

Options:

A.

23

B.

24

C.

41

D.

64

Buy Now
Questions 112

What is the tool Firewalk used for?

Options:

A.

To test the IDS for proper operation

B.

To test a firewall for proper operation

C.

To determine what rules are in place for a firewall

D.

To test the webserver configuration

E.

Firewalk is a firewall auto configuration tool

Buy Now
Questions 113

Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program. However, he is aware that not all inbound ports on the firewall are in the open state.

From the list given below, identify the port that is most likely to be open and allowed to reach the server that Carl has just compromised.

Options:

A.

53

B.

110

C.

25

D.

69

Buy Now
Questions 114

What is the name of the software tool used to crack a single account on Netware Servers using a dictionary attack?

Options:

A.

NPWCrack

B.

NWPCrack

C.

NovCrack

D.

CrackNov

E.

GetCrack

Buy Now
Questions 115

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The file Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.

He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below:

EC0-350 Question 115

What can you infer from the exploit given?

Options:

A.

It is a local exploit where the attacker logs in using username johna2k.

B.

There are two attackers on the system – johna2k and haxedj00.

C.

The attack is a remote exploit and the hacker downloads three files.

D.

The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port.

Buy Now
Questions 116

Jackson discovers that the wireless AP transmits 128 bytes of plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network traffic. What authentication mechanism is being followed here?

Options:

A.

no authentication

B.

single key authentication

C.

shared key authentication

D.

open system authentication

Buy Now
Questions 117

To scan a host downstream from a security gateway, Firewalking:

Options:

A.

Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

B.

Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

C.

Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment.

D.

Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

Buy Now
Questions 118

You work as security technician at XYZ.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?

Options:

A.

Use mget to download all pages locally for further inspection.

B.

Use wget to download all pages locally for further inspection.

C.

Use get* to download all pages locally for further inspection.

D.

Use get() to download all pages locally for further inspection.

Buy Now
Questions 119

In which of the following should be performed first in any penetration test?

Options:

A.

System identification

B.

Intrusion Detection System testing

C.

Passive information gathering

D.

Firewall testing

Buy Now
Questions 120

Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error?

Select the best answer.

Options:

A.

archive.org

B.

There is no way to get the changed webpage unless you contact someone at the company

C.

Usenet

D.

Javascript would not be in their html so a service like usenet or archive wouldn't help you

Buy Now
Questions 121

Which is the Novell Netware Packet signature level used to sign all packets ?

Options:

A.

0

B.

1

C.

2

D.

3

Buy Now
Questions 122

You have just installed a new Linux file server at your office. This server is going to be used by several individuals in the organization, and unauthorized personnel must not be able to modify any data.

What kind of program can you use to track changes to files on the server?

Options:

A.

Network Based IDS (NIDS)

B.

Personal Firewall

C.

System Integrity Verifier (SIV)

D.

Linux IP Chains

Buy Now
Questions 123

Jim is having no luck performing a penetration test in XYZ’s network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.

Why is Jim having these problems?

Options:

A.

Security scanners are not designed to do testing through a firewall.

B.

Security scanners cannot perform vulnerability linkage.

C.

Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.

D.

All of the above.

Buy Now
Questions 124

Which of the following is the best way an attacker can passively learn about technologies used in an organization?

Options:

A.

By sending web bugs to key personnel

B.

By webcrawling the organization web site

C.

By searching regional newspapers and job databases for skill sets technology hires need to possess in the organization

D.

By performing a port scan on the organization's web site

Buy Now
Questions 125

Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

Options:

A.

There is no mutual authentication between wireless clients and access points

B.

Automated tools like AirSnort are available to discover WEP keys

C.

The standard does not provide for centralized key management

D.

The 24 bit Initialization Vector (IV) field is too small

Buy Now
Questions 126

What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

Options:

A.

Blind Port Scanning

B.

Idle Scanning

C.

Bounce Scanning

D.

Stealth Scanning

E.

UDP Scanning

Buy Now
Questions 127

What does the term “Ethical Hacking” mean?

Options:

A.

Someone who is hacking for ethical reasons.

B.

Someone who is using his/her skills for ethical reasons.

C.

Someone who is using his/her skills for defensive purposes.

D.

Someone who is using his/her skills for offensive purposes.

Buy Now
Questions 128

You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open.

Which one of the following statements is probably true?

Options:

A.

The systems have all ports open.

B.

The systems are running a host based IDS.

C.

The systems are web servers.

D.

The systems are running Windows.

Buy Now
Questions 129

Why would an attacker want to perform a scan on port 137?

Options:

A.

To discover proxy servers on a network

B.

To disrupt the NetBIOS SMB service on the target host

C.

To check for file and print sharing on Windows systems

D.

To discover information about a target host using NBTSTAT

Buy Now
Questions 130

What port scanning method is the most reliable but also the most detectable?

Options:

A.

Null Scanning

B.

Connect Scanning

C.

ICMP Scanning

D.

Idlescan Scanning

E.

Half Scanning

F.

Verbose Scanning

Buy Now
Exam Code: EC0-350
Exam Name: Ethical Hacking and Countermeasures V8
Last Update: Oct 29, 2024
Questions: 878

PDF + Testing Engine

$48  $159.99

Testing Engine

$36  $119.99
buy now EC0-350 testing engine

PDF (Q&A)

$30  $99.99
buy now EC0-350 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 01 Nov 2024