Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil EC0-350 Exam: A Detailed Ethical Hacking and Countermeasures V8 Guide

Questions 21

Which of the following tools are used for footprinting? (Choose four)

Options:

A.

Sam Spade

B.

NSLookup

C.

Traceroute

D.

Neotrace

E.

Cheops

Buy Now
Questions 22

War dialing is a very old attack and depicted in movies that were made years ago.

Why would a modem security tester consider using such an old technique?

Options:

A.

It is cool, and if it works in the movies it must work in real life.

B.

It allows circumvention of protection mechanisms by being on the internal network.

C.

It allows circumvention of the company PBX.

D.

A good security tester would not use such a derelict technique.

Buy Now
Questions 23

MX record priority increases as the number increases. (True/False.

Options:

A.

True

B.

False

Buy Now
Questions 24

A XYZ security System Administrator is reviewing the network system log files.

He notes the following:

  • Network log files are at 5 MB at 12:00 noon.
  • At 14:00 hours, the log files at 3 MB.

What should he assume has happened and what should he do about the situation?

Options:

A.

He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

B.

He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C.

He should log the file size, and archive the information, because the router crashed.

D.

He should run a file system check, because the Syslog server has a self correcting file system problem.

E.

He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Buy Now
Questions 25

What are the default passwords used by SNMP? (Choose two.)

Options:

A.

Password

B.

SA

C.

Private

D.

Administrator

E.

Public

F.

Blank

Buy Now
Questions 26

What ICMP message types are used by the ping command?

Options:

A.

Timestamp request (13) and timestamp reply (14)

B.

Echo request (8) and Echo reply (0)

C.

Echo request (0) and Echo reply (1)

D.

Ping request (1) and Ping reply (2)

Buy Now
Questions 27

What is the proper response for a FIN scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

Buy Now
Questions 28

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? (Choose the most appropriate statement)

Options:

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes from port 31337.

C.

The attacker wants to avoid creating a sub-carrier connection that is not normally valid.

D.

There packets were created by a tool; they were not created by a standard IP stack.

Buy Now
Questions 29

A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.

Options:

A.

true

B.

false

Buy Now
Questions 30

What does a type 3 code 13 represent?(Choose two.

Options:

A.

Echo request

B.

Destination unreachable

C.

Network unreachable

D.

Administratively prohibited

E.

Port unreachable

F.

Time exceeded

Buy Now
Questions 31

Which of the following ICMP message types are used for destinations unreachables?

Options:

A.

0

B.

3

C.

11

D.

13

E.

17

Buy Now
Questions 32

Exhibit

EC0-350 Question 32

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

Options:

A.

This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B.

This is back orifice activity as the scan comes form port 31337.

C.

The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D.

These packets were crafted by a tool, they were not created by a standard IP stack.

Buy Now
Questions 33

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Buy Now
Questions 34

According to the CEH methodology, what is the next step to be performed after footprinting?

Options:

A.

Enumeration

B.

Scanning

C.

System Hacking

D.

Social Engineering

E.

Expanding Influence

Buy Now
Questions 35

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

Options:

A.

UDP is filtered by a gateway

B.

The packet TTL value is too low and cannot reach the target

C.

The host might be down

D.

The destination network might be down

E.

The TCP windows size does not match

F.

ICMP is filtered by a gateway

Buy Now
Questions 36

John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?

Options:

A.

nmap

B.

hping

C.

nessus

D.

make

Buy Now
Questions 37

In which part of OSI layer, ARP Poisoning occurs?

EC0-350 Question 37

Options:

A.

Transport Layer

B.

Datalink Layer

C.

Physical Layer

D.

Application layer

Buy Now
Questions 38

One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?

Options:

A.

Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process

B.

Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack

C.

Replicating servers that can provide additional failsafe protection

D.

Load balance each server in a multiple-server architecture

Buy Now
Questions 39

How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matching in IDS systems without session reconstruction? A characteristic of this attack would be a continuous stream of small packets.

Options:

A.

Session Hijacking

B.

Session Stealing

C.

Session Splicing

D.

Session Fragmentation

Buy Now
Questions 40

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

Options:

A.

HFS

B.

Backdoor access

C.

XFS

D.

ADS

Buy Now