Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil EC0-350 Exam: A Detailed Ethical Hacking and Countermeasures V8 Guide

Questions 1

You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the traffic generated was too heavy that normal business functions could no longer be rendered to external employees and clients. After a quick investigation, you find that the computer has services running attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden increase in traffic?

Options:

A.

A distributed denial of service attack.

B.

A network card that was jabbering.

C.

A bad route on the firewall.

D.

Invalid rules entry at the gateway.

Buy Now
Questions 2

Jim’s organization has just completed a major Linux roll out and now all of the organization’s systems are running the Linux 2.5 kernel. The roll out expenses has posed constraints on purchasing other essential security equipment and software. The organization requires an option to control network traffic and also perform stateful inspection of traffic going into and out of the DMZ.

Which built-in functionality of Linux can achieve this?

Options:

A.

IP Tables

B.

IP Chains

C.

IP Sniffer

D.

IP ICMP

Buy Now
Questions 3

WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use?

Options:

A.

LibPcap

B.

WinPcap

C.

Wincap

D.

None of the above

Buy Now
Questions 4

_________ is one of the programs used to wardial.

Options:

A.

DialIT

B.

Netstumbler

C.

TooPac

D.

Kismet

E.

ToneLoc

Buy Now
Questions 5

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:

EC0-350 Question 5

From the above list identify the user account with System Administrator privileges.

Options:

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Buy Now
Questions 6

What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?

Options:

A.

Blind Port Scanning

B.

Idle Scanning

C.

Bounce Scanning

D.

Stealth Scanning

E.

UDP Scanning

Buy Now
Questions 7

Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

Options:

A.

To create a denial of service attack.

B.

To verify information about the mail administrator and his address.

C.

To gather information about internal hosts used in email treatment.

D.

To gather information about procedures that are in place to deal with such messages.

Buy Now
Questions 8

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

Options:

A.

CHAT rooms

B.

WHOIS database

C.

News groups

D.

Web sites

E.

Search engines

F.

Organization’s own web site

Buy Now
Questions 9

Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?

Options:

A.

SYN scan

B.

ACK scan

C.

RST scan

D.

Connect scan

E.

FIN scan

Buy Now
Questions 10

An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:

21 ftp

23 telnet

80 http

443 https

What does this suggest?

Options:

A.

This is a Windows Domain Controller

B.

The host is not firewalled

C.

The host is not a Linux or Solaris system

D.

The host is not properly patched

Buy Now
Questions 11

Which of the following is considered an acceptable option when managing a risk?

Options:

A.

Reject the risk.

B.

Deny the risk.

C.

Mitigate the risk.

D.

Initiate the risk.

Buy Now
Questions 12

Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer with bots? (Select 4 answers)

Options:

A.

Attackers physically visit every victim's computer to infect them with malicious software

B.

Home computers that have security vulnerabilities are prime targets for botnets

C.

Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software

D.

Attackers use phishing or spam emails that contain links or attachments

E.

Attackers use websites to host the bots utilizing Web Browser vulnerabilities

Buy Now
Questions 13

An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.

Options:

A.

2

B.

256

C.

512

D.

Over 10, 000

Buy Now
Questions 14

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

Options:

A.

The firewall is dropping the packets.

B.

An in-line IDS is dropping the packets.

C.

A router is blocking ICMP.

D.

The host does not respond to ICMP packets.

Buy Now
Questions 15

Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

Options:

A.

Overloading Port Address Translation

B.

Dynamic Port Address Translation

C.

Dynamic Network Address Translation

D.

Static Network Address Translation

Buy Now
Questions 16

The following excerpt is taken from a honeyput log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. Study the log given below and answer the following question:

(Note: The objective of this questions is to test whether the student has learnt about passive OS fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack signature; can they infer if a user ID has been created by an attacker and whether they can read plain source – destination entries from log entries.)

EC0-350 Question 16

What can you infer from the above log?

Options:

A.

The system is a windows system which is being scanned unsuccessfully.

B.

The system is a web application server compromised through SQL injection.

C.

The system has been compromised and backdoored by the attacker.

D.

The actual IP of the successful attacker is 24.9.255.53.

Buy Now
Questions 17

What flags are set in a X-MAS scan?(Choose all that apply.

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

URG

Buy Now
Questions 18

At a Windows Server command prompt, which command could be used to list the running services?

Options:

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

Buy Now
Questions 19

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

Options:

A.

The zombie you are using is not truly idle.

B.

A stateful inspection firewall is resetting your queries.

C.

Hping2 cannot be used for idle scanning.

D.

These ports are actually open on the target system.

Buy Now
Questions 20

What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)

Options:

A.

The router will discard the packet

B.

The router will decrement the TTL value and forward the packet to the next router on the path to the destination host

C.

The router will send a time exceeded message to the source host

D.

The router will increment the TTL value and forward the packet to the next router on the path to the destination host.

E.

The router will send an ICMP Redirect Message to the source host

Buy Now