Month End Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Achieve Success in the ECCouncil EC0-350 Exam: A Detailed Ethical Hacking and Countermeasures V8 Guide

Questions 61

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?

Options:
A.

Smooth Talking

B.

Swipe Gating

C.

Tailgating

D.

Trailing

ECCouncil EC0-350 Premium Access
Questions 62

Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

Samuel wants to completely block hackers brute force attempts on his network.

What are the alternatives to defending against possible brute-force password attacks on his site?

Options:
A.

Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users

B.

Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the

Firewall manually

C.

Enforce complex password policy on your network so that passwords are more difficult to brute force

D.

You cannot completely block the intruders attempt if they constantly switch proxies

Questions 63

In the context of password security: a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive - though slow. Usually, it tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary combined together to have variations of words, what would you call such an attack?

Options:
A.

Full Blown Attack

B.

Thorough Attack

C.

Hybrid Attack

D.

BruteDict Attack

Questions 64

Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security.

Maintaining the security of a Web server will usually involve the following steps:

1. Configuring, protecting, and analyzing log files

2. Backing up critical information frequently

3. Maintaining a protected authoritative copy of the organization's Web content

4. Establishing and following procedures for recovering from compromise

5. Testing and applying patches in a timely manner

6. Testing security periodically.

In which step would you engage a forensic investigator?

Options:
A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Questions 65

Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored.

Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.

What should Stephanie use so that she does not get in trouble for surfing the Internet?

Options:
A.

Stealth IE

B.

Stealth Anonymizer

C.

Stealth Firefox

D.

Cookie Disabler

Questions 66

Which type of scan does NOT open a full TCP connection?

Options:
A.

Stealth Scan

B.

XMAS Scan

C.

Null Scan

D.

FIN Scan

Questions 67

In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program?

Options:
A.

Design

B.

Elimination

C.

Incorporation

D.

Replication

E.

Launch

F.

Detection

Questions 68

SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:

Options:
A.

The source and destination address having the same value

B.

A large number of SYN packets appearing on a network without the corresponding reply packets

C.

The source and destination port numbers having the same value

D.

A large number of SYN packets appearing on a network with the corresponding reply packets

Questions 69

Which of the following statements would NOT be a proper definition for a Trojan Horse?

Options:
A.

An authorized program that has been designed to capture keyboard keystroke while the user is unaware of such activity being performed

B.

An unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user

C.

A legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user

D.

Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user

Questions 70

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

Options:
A.

HFS

B.

ADS

C.

NTFS

D.

Backdoor access

Questions 71

Which of the following is the primary objective of a rootkit?

Options:
A.

It opens a port to provide an unauthorized service

B.

It creates a buffer overflow

C.

It replaces legitimate programs

D.

It provides an undocumented opening in a program

Questions 72

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.

Options:
A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Questions 73

Which of the following are well know password-cracking programs?(Choose all that apply.

Options:
A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Questions 74

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:
A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Questions 75

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

Options:
A.

RSA, LSA, POP

B.

SSID, WEP, Kerberos

C.

SMB, SMTP, Smart card

D.

Kerberos, Smart card, Stanford SRP

Questions 76

Which of the following tools are used for enumeration? (Choose three.)

Options:
A.

SolarWinds

B.

USER2SID

C.

Cheops

D.

SID2USER

E.

DumpSec

Questions 77

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)

Options:
A.

Install DNS logger and track vulnerable packets

B.

Disable DNS timeouts

C.

Install DNS Anti-spoofing

D.

Disable DNS Zone Transfer

Questions 78

_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

Options:
A.

Canonicalization

B.

Character Mapping

C.

Character Encoding

D.

UCS transformation formats

Questions 79

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:
A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Questions 80

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

Options:
A.

Snort

B.

argus

C.

TCPflow

D.

Tcpdump