Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil EC0-350 Exam: A Detailed Ethical Hacking and Countermeasures V8 Guide

Questions 241

Exhibit:

EC0-350 Question 241

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

Options:

A.

A new port was opened

B.

A new user id was created

C.

The exploit was successful

D.

The exploit was not successful

Buy Now
Questions 242

Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to johndoe@gmail.com". What do you think has occurred?

Options:

A.

The web application picked up a record at random

B.

The web application returned the first record it found

C.

The server error has caused the application to malfunction

D.

The web application emailed the administrator about the error

Buy Now
Questions 243

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

EC0-350 Question 243

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

Options:

A.

Create a SYN flood

B.

Create a network tunnel

C.

Create multiple false positives

D.

Create a ping flood

Buy Now
Questions 244

Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?

Options:

A.

An integer variable

B.

A 'hidden' price value

C.

A 'hidden' form field value

D.

A page cannot be changed locally; it can only be served by a web server

Buy Now
Questions 245

Jacob would like your advice on using a wireless hacking tool that can save him time and get him better results with lesser packets. You would like to recommend a tool that uses KoreK's implementation. Which tool would you recommend from the list below?

Options:

A.

Kismet

B.

Shmoo

C.

Aircrack

D.

John the Ripper

Buy Now
Questions 246

Joe Hacker is going wardriving. He is going to use PrismStumbler and wants it to go to a GPS mapping software application. What is the recommended and well-known GPS mapping package that would interface with PrismStumbler?

Select the best answer.

Options:

A.

GPSDrive

B.

GPSMap

C.

WinPcap

D.

Microsoft Mappoint

Buy Now
Questions 247

Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of attack is Henry using?

Options:

A.

Henry is executing commands or viewing data outside the intended target path

B.

Henry is using a denial of service attack which is a valid threat used by an attacker

C.

Henry is taking advantage of an incorrect configuration that leads to access with higher-than-expected privilege

D.

Henry uses poorly designed input validation routines to create or alter commands to gain access to unintended data or execute commands

Buy Now
Questions 248

Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host?

Options:

A.

Honeypot

B.

DMZ host

C.

DWZ host

D.

Bastion Host

Buy Now
Questions 249

Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?

Options:

A.

A hidden form field value.

B.

A hidden price value.

C.

An integer variable.

D.

A page cannot be changed locally, as it is served by a web server.

Buy Now
Questions 250

A program that defends against a port scanner will attempt to:

Options:

A.

Sends back bogus data to the port scanner

B.

Log a violation and recommend use of security-auditing tools

C.

Limit access by the scanning system to publicly available ports only

D.

Update a firewall rule in real time to prevent the port scan from being completed

Buy Now
Questions 251

Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges?

Options:

A.

Give users tokens

B.

Give user the least amount of privileges

C.

Give users two passwords

D.

Give users a strong policy document

Buy Now
Questions 252

Jackson discovers that the wireless AP transmits 128 bytes of plaintext, and the station responds by encrypting the plaintext. It then transmits the resulting ciphertext using the same key and cipher that are used by WEP to encrypt subsequent network traffic. What authentication mechanism is being followed here?

Options:

A.

no authentication

B.

single key authentication

C.

shared key authentication

D.

open system authentication

Buy Now
Questions 253

In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same.

Why does this happen in the VPN over wireless implementation?

Options:

A.

The stronger encryption used by the VPN slows down the network.

B.

Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.

C.

VPNs use larger packets then wireless networks normally do.

D.

Using a VPN on wireless automatically enables WEP, which causes additional overhead.

Buy Now
Questions 254

What is Cygwin?

Options:

A.

Cygwin is a free C++ compiler that runs on Windows

B.

Cygwin is a free Unix subsystem that runs on top of Windows

C.

Cygwin is a free Windows subsystem that runs on top of Linux

D.

Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment

Buy Now
Questions 255

When working with Windows systems, what is the RID of the true administrator account?

Options:

A.

500

B.

501

C.

1000

D.

1001

E.

1024

F.

512

Buy Now
Questions 256

What are the main drawbacks for anti-virus software?

Options:

A.

AV software is difficult to keep up to the current revisions.

B.

AV software can detect viruses but can take no action.

C.

AV software is signature driven so new exploits are not detected.

D.

It’s relatively easy for an attacker to change the anatomy of an attack to bypass AV systems

E.

AV software isn’t available on all major operating systems platforms.

F.

AV software is very machine (hardware) dependent.

Buy Now
Questions 257

After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

1. mkdir -p /etc/X11/applnk/Internet/.etc

2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd

3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

4. touch -acmr /etc /etc/X11/applnk/Internet/.etc

5. passwd nobody -d

6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

7. passwd dns -d

8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

Options:

A.

IUSR_

B.

acmr, dns

C.

nobody, dns

D.

nobody, IUSR_

Buy Now
Questions 258

Melissa is a virus that attacks Microsoft Windows platforms.

To which category does this virus belong?

Options:

A.

Polymorphic

B.

Boot Sector infector

C.

System

D.

Macro

Buy Now
Questions 259

Exhibit:

EC0-350 Question 259

You are conducting pen-test against a company’s website using SQL Injection techniques. You enter “anuthing or 1=1-“ in the username filed of an authentication form. This is the output returned from the server.

What is the next step you should do?

Options:

A.

Identify the user context of the web application by running_

<a href="http://www.example.com/order/include_rsa_asp?pressReleaseID=5">http://www.example.com/order/include_rsa_asp?pressReleaseID=5</a>

AND

USER_NAME() = ‘dbo’

B.

Identify the database and table name by running:

<a href="http://www.example.com/order/include_rsa.asp?pressReleaseID=5">http://www.example.com/order/include_rsa.asp?pressReleaseID=5</a>

AND

ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE

xtype=’U’), 1))) > 109

C.

Format the C: drive and delete the database by running:

<a href="http://www.example.com/order/include_rsa.asp?pressReleaseID=5">http://www.example.com/order/include_rsa.asp?pressReleaseID=5</a> AND

xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; --

D.

Reboot the web server by running:

<a href="http://www.example.com/order/include_rsa.asp?pressReleaseID=5">http://www.example.com/order/include_rsa.asp?pressReleaseID=5</a>

AND xp_cmdshell ‘iisreset –reboot’; --

Buy Now
Questions 260

Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email liza@yahoo.com'. The application displays server error. What is wrong with the web application?

Options:

A.

The email is not valid

B.

User input is not sanitized

C.

The web server may be down

D.

The ISP connection is not reliable

Buy Now