New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free ECCouncil EC0-350 Practice Exam with Questions & Answers | Set: 12

Questions 221

Fred is scanning his network to ensure it is as secure as possible. Fred sends a TCP probe packet to a host with a FIN flag and he receives a RST/ACK response. What does this mean?

Options:
A.

This response means the port he is scanning is open.

B.

The RST/ACK response means the port Fred is scanning is disabled.

C.

This means the port he is scanning is half open.

D.

This means that the port he is scanning on the host is closed.

ECCouncil EC0-350 Premium Access
Questions 222

E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient.

EC0-350 Question 222

Select a feature, which you will NOT be able to accomplish with this probe?

Options:
A.

When the e-mail was received and read

B.

Send destructive e-mails

C.

GPS location and map of the recipient

D.

Time spent on reading the e-mails

E.

Whether or not the recipient visited any links sent to them

F.

Track PDF and other types of attachments

G.

Set messages to expire after specified time

Questions 223

Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?

Options:
A.

These ports are open because they do not illicit a response.

B.

He can tell that these ports are in stealth mode.

C.

If a port does not respond to an XMAS scan using NMAP, that port is closed.

D.

The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.

Questions 224

You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker?

Options:
A.

16 million years

B.

5 minutes

C.

23 days

D.

200 years

Questions 225

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn's physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

Options:
A.

Brute force attack

B.

Birthday attack

C.

Dictionary attack

D.

Brute service attack

Questions 226

In which step Steganography fits in CEH System Hacking Cycle (SHC)

Options:
A.

Step 2: Crack the password

B.

Step 1: Enumerate users

C.

Step 3: Escalate privileges

D.

Step 4: Execute applications

E.

Step 5: Hide files

F.

Step 6: Cover your tracks

Questions 227

Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65, 536 bytes. What is Lee seeing here?

Options:
A.

Lee is seeing activity indicative of a Smurf attack.

B.

Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing.

C.

Lee is seeing a Ping of death attack.

D.

This is not unusual traffic, ICMP packets can be of any size.

Questions 228

Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks?

Options:
A.

ISA proxy

B.

IAS proxy

C.

TOR proxy

D.

Cheops proxy

Questions 229

Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers.

EC0-350 Question 229

A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login namE. linksys. Many FTP-specific password-guessing tools are also available from major security sites.

What defensive measures will you take to protect your network from these attacks?

Options:
A.

Never leave a default password

B.

Never use a password that can be found in a dictionary

C.

Never use a password related to your hobbies, pets, relatives, or date of birth.

D.

Use a word that has more than 21 characters from a dictionary as the password

E.

Never use a password related to the hostname, domain name, or anything else that can be found with whois

Questions 230

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Options:
A.

Social Engineering is the act of publicly disclosing information

B.

Social Engineering is the means put in place by human resource to perform time accounting

C.

Social Engineering is the act of getting needed information from a person rather than breaking into a system

D.

Social Engineering is a training program within sociology studies

Questions 231

In this type of Man-in-the-Middle attack, packets and authentication tokens are captured using a sniffer. Once the relevant information is extracted, the tokens are placed back on the network to gain access.

EC0-350 Question 231

Options:
A.

Token Injection Replay attacks

B.

Shoulder surfing attack

C.

Rainbow and Hash generation attack

D.

Dumpster diving attack

Questions 232

How do you defend against MAC attacks on a switch?

EC0-350 Question 232

Options:
A.

Disable SPAN port on the switch

B.

Enable SNMP Trap on the switch

C.

Configure IP security on the switch

D.

Enable Port Security on the switch

Questions 233

What is the command used to create a binary log file using tcpdump?

Options:
A.

tcpdump -w ./log

B.

tcpdump -r log

C.

tcpdump -vde logtcpdump -vde ? log

D.

tcpdump -l /var/log/

Questions 234

Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords. Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold's boss this new password policy should not apply to them. To comply with the management's wishes, the IT department creates another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.

Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC's on the original domain and the new domain using Pwdump6.

Harold uses the password cracking software John the Ripper to crack users' passwords to make sure they are strong enough. Harold expects that the users' passwords in the original domain will take much longer to crack than the management's passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords.

Why did the 14 character passwords not take much longer to crack than the 8 character passwords?

Options:
A.

Harold should have used Dumpsec instead of Pwdump6

B.

Harold's dictionary file was not large enough

C.

Harold should use LC4 instead of John the Ripper

D.

LanManger hashes are broken up into two 7 character fields

Questions 235

On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner?

Options:
A.

Use "Is"

B.

Use "lsof"

C.

Use "echo"

D.

Use "netstat"

Questions 236

What is Hunt used for?

Options:
A.

Hunt is used to footprint networks

B.

Hunt is used to sniff traffic

C.

Hunt is used to hack web servers

D.

Hunt is used to intercept traffic i.e. man-in-the-middle traffic

E.

Hunt is used for password cracking

Questions 237

What is the tool Firewalk used for?

Options:
A.

To test the IDS for proper operation

B.

To test a firewall for proper operation

C.

To determine what rules are in place for a firewall

D.

To test the webserver configuration

E.

Firewalk is a firewall auto configuration tool

Questions 238

Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.

Options:
A.

Linux passwords can be encrypted with MD5

B.

Linux passwords can be encrypted with SHA

C.

Linux passwords can be encrypted with DES

D.

Linux passwords can be encrypted with Blowfish

E.

Linux passwords are encrypted with asymmetric algrothims

Questions 239

What do you conclude from the nmap results below?

Staring nmap V. 3.10ALPHA0 (www.insecure.org/map/)

(The 1592 ports scanned but not shown below are in state: closed)

Port State Service

21/tcp open ftp

25/tcp open smtp

80/tcp open http

443/tcp open https

Remote operating system guess: Too many signatures match the reliability guess the OS. Nmap run completed – 1 IP address (1 host up) scanned in 91.66 seconds

Options:
A.

The system is a Windows Domain Controller.

B.

The system is not firewalled.

C.

The system is not running Linux or Solaris.

D.

The system is not properly patched.

Questions 240

What is the expected result of the following exploit?

EC0-350 Question 240

Options:
A.

Opens up a telnet listener that requires no username or password.

B.

Create a FTP server with write permissions enabled.

C.

Creates a share called “sasfile” on the target system.

D.

Creates an account with a user name of Anonymous and a password of noone@nowhere.com.