March Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! EC0-350 Ethical Hacking and Countermeasures V8 is now Stable and With Pass Result

EC0-350 Practice Exam Questions and Answers

Ethical Hacking and Countermeasures V8

Last Update 1 day ago
Total Questions : 878

EC0-350 is stable now with all latest exam questions are added 1 day ago. Just download our Full package and start your journey with ECCouncil Ethical Hacking and Countermeasures V8 certification. All these ECCouncil EC0-350 practice exam questions are real and verified by our Experts in the related industry fields.

EC0-350 PDF

EC0-350 PDF (Printable)
$48
$119.99

EC0-350 Testing Engine

EC0-350 PDF (Printable)
$56
$139.99

EC0-350 PDF + Testing Engine

EC0-350 PDF (Printable)
$70.8
$176.99
Question # 1

Which type of scan does NOT open a full TCP connection?

Options:

A.  

Stealth Scan

B.  

XMAS Scan

C.  

Null Scan

D.  

FIN Scan

Discussion 0
Question # 2

An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be traced back to the source of the problem?

Options:

A.  

Install patches

B.  

Setup a backdoor

C.  

Install a zombie for DDOS

D.  

Cover your tracks

Discussion 0
Question # 3

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

Question # 3

From the above list identify the user account with System Administrator privileges?

Options:

A.  

John

B.  

Rebecca

C.  

Sheela

D.  

Shawn

E.  

Somia

F.  

Chang

G.  

Micah

Discussion 0
Question # 4

You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this?

Options:

A.  

copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt

B.  

copy secret.txt c:\windows\system32\tcpip.dll:secret.txt

C.  

copy secret.txt c:\windows\system32\tcpip.dll |secret.txt

D.  

copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt

Discussion 0
Question # 5

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them:

FIN = 1

SYN = 2

RST = 4

PSH = 8

ACK = 16

URG = 32

ECE = 64

CWR = 128

Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters.

Question # 5

What is Jason trying to accomplish here?

Options:

A.  

SYN, FIN, URG and PSH

B.  

SYN, SYN/ACK, ACK

C.  

RST, PSH/URG, FIN

D.  

ACK, ACK, SYN, URG

Discussion 0
Question # 6

David is a security administrator working in Boston. David has been asked by the office's manager to block all POP3 traffic at the firewall because he believes employees are spending too much time reading personal email. How can David block POP3 at the firewall?

Options:

A.  

David can block port 125 at the firewall.

B.  

David can block all EHLO requests that originate from inside the office.

C.  

David can stop POP3 traffic by blocking all HELO requests that originate from inside the office.

D.  

David can block port 110 to block all POP3 traffic.

Discussion 0
Question # 7

Consider the following code:

URL:http://www.certified.com/search.pl?

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

Options:

A.  

Create an IP access list and restrict connections based on port number

B.  

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.  

Disable Javascript in IE and Firefox browsers

D.  

Connect to the server using HTTPS protocol instead of HTTP

Discussion 0
Question # 8

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer. This program hides itself deep into an operating system for malicious activity and is extremely difficult to detect. The malicious software operates in a stealth fashion by hiding its files, processes and registry keys and may be used to create a hidden directory or folder designed to keep out of view from a user's operating system and security software.

Question # 8

What privilege level does a rootkit require to infect successfully on a Victim's machine?

Options:

A.  

User level privileges

B.  

Ring 3 Privileges

C.  

System level privileges

D.  

Kernel level privileges

Discussion 0
Question # 9

Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's IT department. During the class, the IT department informed all employees that everyone's Internet activity was thenceforth going to be monitored.

Stephanie is worried that her Internet activity might give her supervisor reason to write her up, or worse get her fired. Stephanie's daily work duties only consume about four hours of her time, so she usually spends the rest of the day surfing the web. Stephanie really enjoys surfing the Internet but definitely does not want to get fired for it.

What should Stephanie use so that she does not get in trouble for surfing the Internet?

Options:

A.  

Stealth IE

B.  

Stealth Anonymizer

C.  

Stealth Firefox

D.  

Cookie Disabler

Discussion 0
Question # 10

Which of the following tool would be considered as Signature Integrity Verifier (SIV)?

Options:

A.  

Nmap

B.  

SNORT

C.  

VirusSCAN

D.  

Tripwire

Discussion 0
Question # 11

This tool is widely used for ARP Poisoning attack. Name the tool.

Question # 11

Options:

A.  

Cain and Able

B.  

Beat Infector

C.  

Poison Ivy

D.  

Webarp Infector

Discussion 0
Question # 12

Attackers target HINFO record types stored on a DNS server to enumerate information. These are information records and potential source for reconnaissance. A network administrator has the option of entering host information specifically the CPU type and operating system when creating a new DNS record. An attacker can extract this type of information easily from a DNS server.

Which of the following commands extracts the HINFO record?

Question # 12

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 13

What type of Trojan is this?

Question # 13

Options:

A.  

RAT Trojan

B.  

E-Mail Trojan

C.  

Defacement Trojan

D.  

Destructing Trojan

E.  

Denial of Service Trojan

Discussion 0
Question # 14

TCP SYN Flood attack uses the three-way handshake mechanism.

1. An attacker at system A sends a SYN packet to victim at system

B.  

2. System B sends a SYN/ACK packet to victim

A.  

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system

B.  

In this case client B is waiting for an ACK packet from client

A.  

This status of client B is called _________________

Options:

A.  

"half-closed"

B.  

"half open"

C.  

"full-open"

D.  

"xmas-open"

Discussion 0
Question # 15

A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

Question # 15

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

How do you ensure if the e-mail is authentic and sent from fedex.com?

Options:

A.  

Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all

B.  

Check the Sender ID against the National Spam Database (NSD)

C.  

Fake mail will have spelling/grammatical errors

D.  

Fake mail uses extensive images, animation and flash content

Discussion 0
Question # 16

What is the correct command to run Netcat on a server using port 56 that spawns command shell when connected?

Question # 16

Options:

A.  

nc -port 56 -s cmd.exe

B.  

nc -p 56 -p -e shell.exe

C.  

nc -r 56 -c cmd.exe

D.  

nc -L 56 -t -e cmd.exe

Discussion 0
Question # 17

Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder's IP address for a period of 24 hours' time after more than three unsuccessful attempts. He is confident that this rule will secure his network from hackers on the Internet.

But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall rule.

Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder's attempts.

Samuel wants to completely block hackers brute force attempts on his network.

What are the alternatives to defending against possible brute-force password attacks on his site?

Options:

A.  

Enforce a password policy and use account lockouts after three wrong logon attempts even though this might lock out legit users

B.  

Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the

Firewall manually

C.  

Enforce complex password policy on your network so that passwords are more difficult to brute force

D.  

You cannot completely block the intruders attempt if they constantly switch proxies

Discussion 0
Question # 18

Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?

Options:

A.  

CI Gathering

B.  

Scanning

C.  

Dumpster Diving

D.  

Garbage Scooping

Discussion 0
Question # 19

You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

Options:

A.  

Convert the Trojan.exe file extension to Trojan.txt disguising as text file

B.  

Break the Trojan into multiple smaller files and zip the individual pieces

C.  

Change the content of the Trojan using hex editor and modify the checksum

D.  

Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

Discussion 0
Question # 20

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)

Options:

A.  

Port Security

B.  

IPSec Encryption

C.  

Network Admission Control (NAC)

D.  

802.1q Port Based Authentication

E.  

802.1x Port Based Authentication

F.  

Intrusion Detection System (IDS)

Discussion 0
Question # 21

The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination.

The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.

Question # 21

How would you overcome the Firewall restriction on ICMP ECHO packets?

Options:

A.  

Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

B.  

Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

C.  

Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.

D.  

Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command

E.  

\> JOHNTHETRACER www.eccouncil.org -F -evade

Discussion 0
Question # 22

John runs a Web server, IDS and firewall on his network. Recently his Web server has been under constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the Web server constantly locks up and needs rebooting due to various brute force and buffer overflow attacks but still the IDS alerts no intrusion whatsoever. John becomes suspicious and views the Firewall logs and he notices huge SSL connections constantly hitting his Web server. Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and that was the reason the IDS did not detect the intrusions. How would John protect his network from these types of attacks?

Options:

A.  

Install a proxy server and terminate SSL at the proxy

B.  

Enable the IDS to filter encrypted HTTPS traffic

C.  

Install a hardware SSL "accelerator" and terminate SSL at this layer

D.  

Enable the Firewall to filter encrypted HTTPS traffic

Discussion 0
Question # 23

What will the following command produce on a website's login page if executed successfully? SELECT email, passwd, login_id, full_name FROM members WHERE email = 'someone@somewhere.com'; DROP TABLE members; --'

Options:

A.  

This code will insert the someone@somewhere.com email address into the members table.

B.  

This command will delete the entire members table.

C.  

It retrieves the password for the first user in the members table.

D.  

This command will not produce anything since the syntax is incorrect.

Discussion 0
Question # 24

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (ms

G.  

"BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

Options:

A.  

The payload of 485 is what this Snort signature will look for.

B.  

Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

C.  

Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

D.  

From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

Discussion 0
Question # 25

Passive reconnaissance involves collecting information through which of the following?

Options:

A.  

Social engineering

B.  

Network traffic sniffing

C.  

Man in the middle attacks

D.  

Publicly accessible sources

Discussion 0
Question # 26

Here is the ASCII Sheet.

Question # 26

You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection technique.

What is the correct syntax?

Question # 26

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 27

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:

SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'

What will the SQL statement accomplish?

Options:

A.  

If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin

B.  

This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com

C.  

This Select SQL statement will log James in if there are any users with NULL passwords

D.  

James will be able to see if there are any default user accounts in the SQL database

Discussion 0
Question # 28

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

Options:

A.  

DataThief

B.  

NetCat

C.  

Cain and Abel

D.  

SQLInjector

Discussion 0
Question # 29

If an attacker's computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

Options:

A.  

31400

B.  

31402

C.  

The zombie will not send a response

D.  

31401

Discussion 0
Question # 30

An attacker is attempting to telnet into a corporation's system in the DMZ. The attacker doesn't want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. What could be the reason?

Options:

A.  

The firewall is blocking port 23 to that system

B.  

He needs to use an automated tool to telnet in

C.  

He cannot spoof his IP and successfully use TCP

D.  

He is attacking an operating system that does not reply to telnet even when open

Discussion 0
Question # 31

Which of the following Exclusive OR transforms bits is NOT correct?

Options:

A.  

0 xor 0 = 0

B.  

1 xor 0 = 1

C.  

1 xor 1 = 1

D.  

0 xor 1 = 1

Discussion 0
Question # 32

Which of the following types of firewall inspects only header information in network traffic?

Options:

A.  

Packet filter

B.  

Stateful inspection

C.  

Circuit-level gateway

D.  

Application-level gateway

Discussion 0
Question # 33

In order to show improvement of security over time, what must be developed?

Options:

A.  

Reports

B.  

Testing tools

C.  

Metrics

D.  

Taxonomy of vulnerabilities

Discussion 0
Question # 34

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Options:

A.  

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.  

The session cookies generated by the application do not have the HttpOnly flag set.

C.  

The victim user must open the malicious link with a Firefox prior to version 3.

D.  

The web application should not use random tokens.

Discussion 0
Question # 35

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.  

There is no way to tell because a hash cannot be reversed

B.  

The right most portion of the hash is always the same

C.  

The hash always starts with AB923D

D.  

The left most portion of the hash is always the same

E.  

A portion of the hash will be all 0's

Discussion 0
Question # 36

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

Options:

A.  

RSA, LSA, POP

B.  

SSID, WEP, Kerberos

C.  

SMB, SMTP, Smart card

D.  

Kerberos, Smart card, Stanford SRP

Discussion 0
Question # 37

Under what conditions does a secondary name server request a zone transfer from a primary name server?

Options:

A.  

When a primary SOA is higher that a secondary SOA

B.  

When a secondary SOA is higher that a primary SOA

C.  

When a primary name server has had its service restarted

D.  

When a secondary name server has had its service restarted

E.  

When the TTL falls to zero

Discussion 0
Question # 38

Exhibit:

Question # 38

You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?

Options:

A.  

ip = 10.0.0.22

B.  

ip.src == 10.0.0.22

C.  

ip.equals 10.0.0.22

D.  

ip.address = 10.0.0.22

Discussion 0
Question # 39

ARP poisoning is achieved in _____ steps

Options:

A.  

1

B.  

2

C.  

3

D.  

4

Discussion 0
Question # 40

LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP?

Options:

A.  

Stop the LM service in Windows XP

B.  

Disable LSASS service in Windows XP

C.  

Disable LM authentication in the registry

D.  

Download and install LMSHUT.EXE tool from Microsoft website

Discussion 0
Question # 41

In Linux, the three most common commands that hackers usually attempt to Trojan are:

Options:

A.  

car, xterm, grep

B.  

netstat, ps, top

C.  

vmware, sed, less

D.  

xterm, ps, nc

Discussion 0
Question # 42

Which of the following is not considered to be a part of active sniffing?

Options:

A.  

MAC Flooding

B.  

ARP Spoofing

C.  

SMAC Fueling

D.  

MAC Duplicating

Discussion 0
Question # 43

Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?

Options:

A.  

A sniffing attack

B.  

A spoofing attack

C.  

A man in the middle attack

D.  

A denial of service attack

Discussion 0
Question # 44

What is GINA?

Options:

A.  

Gateway Interface Network Application

B.  

GUI Installed Network Application CLASS

C.  

Global Internet National Authority (G-USA)

D.  

Graphical Identification and Authentication DLL

Discussion 0
Question # 45

What is a Trojan Horse?

Options:

A.  

A malicious program that captures your username and password

B.  

Malicious code masquerading as or replacing legitimate code

C.  

An unauthorized user who gains access to your user database and adds themselves as a user

D.  

A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity

Discussion 0
Question # 46

A denial of Service (DoS) attack works on the following principle:

Options:

A.  

MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.

B.  

All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.

C.  

Overloaded buffer systems can easily address error conditions and respond appropriately.

D.  

Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).

E.  

A server stops accepting connections from certain networks one those network become flooded.

Discussion 0
Question # 47

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.  

Birthday

B.  

Brute force

C.  

Man-in-the-middle

D.  

Smurf

Discussion 0
Question # 48

After an attacker has successfully compromised a remote computer, what would be one of the last steps that would be taken to ensure that the compromise is not traced back to the source of the problem?

Options:

A.  

Install pactehs

B.  

Setup a backdoor

C.  

Cover your tracks

D.  

Install a zombie for DDOS

Discussion 0
Question # 49

What is the goal of a Denial of Service Attack?

Options:

A.  

Capture files from a remote computer.

B.  

Render a network or computer incapable of providing normal service.

C.  

Exploit a weakness in the TCP stack.

D.  

Execute service at PS 1009.

Discussion 0
Question # 50

Which of the following tools are used for enumeration? (Choose three.)

Options:

A.  

SolarWinds

B.  

USER2SID

C.  

Cheops

D.  

SID2USER

E.  

DumpSec

Discussion 0
Question # 51

Which DNS resource record can indicate how long any "DNS poisoning" could last?

Options:

A.  

MX

B.  

SOA

C.  

NS

D.  

TIMEOUT

Discussion 0
Question # 52

Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm?

Select the best answer.

Options:

A.  

There are two external DNS Servers for Internet domains. Both are AD integrated.

B.  

All external DNS is done by an ISP.

C.  

Internal AD Integrated DNS servers are using private DNS names that are

D.  

unregistered.

E.  

Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

Discussion 0
Question # 53

You receive an email with the following message:

Hello Steve,

We are having technical difficulty in restoring user database record after the recent blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com and change your password.

http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm

If you do not reset your password within 7 days, your account will be permanently disabled locking you out from our e-mail services.

Sincerely,

Technical Support

SuperEmailServices

From this e-mail you suspect that this message was sent by some hacker since you have been using their e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt:

Ping 0xde.0xad.0xbe.0xef

You get a response with a valid IP address.

What is the obstructed IP address in the e-mail URL?

Options:

A.  

222.173.190.239

B.  

233.34.45.64

C.  

54.23.56.55

D.  

199.223.23.45

Discussion 0
Question # 54

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Options:

A.  

RC4

B.  

RC5

C.  

MD4

D.  

MD5

Discussion 0
Question # 55

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

Options:

A.  

Alternate Data Streams

B.  

Merge Streams

C.  

Steganography

D.  

NetBIOS vulnerability

Discussion 0
Question # 56

Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first?

Options:

A.  

LACNIC

B.  

ARIN

C.  

APNIC

D.  

RIPE

E.  

AfriNIC

Discussion 0
Question # 57

A XYZ security System Administrator is reviewing the network system log files.

He notes the following:

  • Network log files are at 5 MB at 12:00 noon.
  • At 14:00 hours, the log files at 3 M

    B.  

What should he assume has happened and what should he do about the situation?

Options:

A.  

He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

B.  

He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C.  

He should log the file size, and archive the information, because the router crashed.

D.  

He should run a file system check, because the Syslog server has a self correcting file system problem.

E.  

He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Discussion 0
Question # 58

Which of the following systems would not respond correctly to an nmap XMAS scan?

Options:

A.  

Windows 2000 Server running IIS 5

B.  

Any Solaris version running SAMBA Server

C.  

Any version of IRIX

D.  

RedHat Linux 8.0 running Apache Web Server

Discussion 0
Question # 59

Which of the following is an automated vulnerability assessment tool?

Options:

A.  

Whack a Mole

B.  

Nmap

C.  

Nessus

D.  

Kismet

E.  

Jill32

Discussion 0
Question # 60

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Options:

A.  

An attacker, working slowly enough, can evade detection by the IDS.

B.  

Network packets are dropped if the volume exceeds the threshold.

C.  

Thresholding interferes with the IDS’ ability to reassemble fragmented packets.

D.  

The IDS will not distinguish among packets originating from different sources.

Discussion 0
Question # 61

What are two types of ICMP code used when using the ping command?

Options:

A.  

It uses types 0 and 8.

B.  

It uses types 13 and 14.

C.  

It uses types 15 and 17.

D.  

The ping command does not use ICMP but uses UDP.

Discussion 0
Question # 62

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.

Which of the following features makes this possible? (Choose two)

Options:

A.  

It used TCP as the underlying protocol.

B.  

It uses community string that is transmitted in clear text.

C.  

It is susceptible to sniffing.

D.  

It is used by all network devices on the market.

Discussion 0
Question # 63

You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.

What should be the next logical step that should be performed?

Options:

A.  

Connect to open ports to discover applications.

B.  

Perform a ping sweep to identify any additional systems that might be up.

C.  

Perform a SYN scan on port 21 to identify any additional systems that might be up.

D.  

Rescan every computer to verify the results.

Discussion 0
Question # 64

While footprinting a network, what port/service should you look for to attempt a zone transfer?

Options:

A.  

53 UDP

B.  

53 TCP

C.  

25 UDP

D.  

25 TCP

E.  

161 UDP

F.  

22 TCP

G.  

60 TCP

Discussion 0
Question # 65

Exhibit

Question # 65

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

Options:

A.  

The first column reports the sequence number

B.  

The second column reports the difference between the current and last sequence number

C.  

The second column reports the next sequence number

D.  

The first column reports the difference between current and last sequence number

Discussion 0
Question # 66

What is "Hacktivism"?

Options:

A.  

Hacking for a cause

B.  

Hacking ruthlessly

C.  

An association which groups activists

D.  

None of the above

Discussion 0
Question # 67

NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish?

nslookup

> server

> set type =any

> ls -d

Options:

A.  

Enables DNS spoofing

B.  

Loads bogus entries into the DNS table

C.  

Verifies zone security

D.  

Performs a zone transfer

E.  

Resets the DNS cache

Discussion 0
Question # 68

You are having problems while retrieving results after performing port scanning during internal testing. You verify that there are no security devices between you and the target system. When both stealth and connect scanning do not work, you decide to perform a NULL scan with NMAP. The first few systems scanned shows all ports open.

Which one of the following statements is probably true?

Options:

A.  

The systems have all ports open.

B.  

The systems are running a host based IDS.

C.  

The systems are web servers.

D.  

The systems are running Windows.

Discussion 0
Question # 69

Which type of security document is written with specific step-by-step details?

Options:

A.  

Process

B.  

Procedure

C.  

Policy

D.  

Paradigm

Discussion 0
Question # 70

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options:

A.  

A bottom-up approach

B.  

A top-down approach

C.  

A senior creation approach

D.  

An IT assurance approach

Discussion 0
Question # 71

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

Options:

A.  

Implementing server-side PKI certificates for all connections

B.  

Mandating only client-side PKI certificates for all connections

C.  

Requiring client and server PKI certificates for all connections

D.  

Requiring strong authentication for all DNS queries

Discussion 0
Question # 72

Which of the statements concerning proxy firewalls is correct?

Options:

A.  

Proxy firewalls increase the speed and functionality of a network.

B.  

Firewall proxy servers decentralize all activity for an application.

C.  

Proxy firewalls block network packets from passing to and from a protected network.

D.  

Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

Discussion 0
Question # 73

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

Options:

A.  

The request to the web server is not visible to the administrator of the vulnerable application.

B.  

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.  

The successful attack does not show an error message to the administrator of the affected application.

D.  

The vulnerable application does not display errors with information about the injection results to the attacker.

Discussion 0
Question # 74

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

Options:

A.  

HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

B.  

NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

C.  

NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

D.  

CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)

Discussion 0
Question # 75

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

Options:

A.  

 Passive

B.  

 Reflective

C.  

Active

D.  

Distributive

Discussion 0
Question # 76

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.  

Control Objectives for Information and Related Technology (COBIT)

B.  

Sarbanes-Oxley Act (SOX)

C.  

Health Insurance Portability and Accountability Act (HIPAA)

D.  

Payment Card Industry Data Security Standards (PCI DSS)

Discussion 0
Question # 77

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying.  What actions should the CEH take?

Options:

A.  

Threaten to publish the penetration test results if not paid.

B.  

Follow proper legal procedures against the company to request payment.

C.  

Tell other customers of the financial problems with payments from this company.

D.  

Exploit some of the vulnerabilities found on the company webserver to deface it.

Discussion 0
Question # 78

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Options:

A.  

Regulatory compliance

B.  

Peer review

C.  

Change management

D.  

Penetration testing

Discussion 0
Question # 79

A penetration tester was hired to perform a penetration test for a bank.  The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Options:

A.  

Information reporting

B.  

Vulnerability assessment

C.  

Active information gathering

D.  

Passive information gathering

Discussion 0
Question # 80

Which of the following is an example of IP spoofing?

Options:

A.  

SQL injections

B.  

Man-in-the-middle

C.  

Cross-site scripting

D.  

ARP poisoning

Discussion 0
Question # 81

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

Options:

A.  

Spoofing an IP address

B.  

Tunneling scan over SSH

C.  

Tunneling over high port numbers

D.  

Scanning using fragmented IP packets

Discussion 0
Question # 82

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.  

guidelines and practices for security controls.

B.  

financial soundness and business viability metrics.

C.  

standard best practice for configuration management.

D.  

contract agreement writing standards.

Discussion 0
Question # 83

Which of the following is an example of an asymmetric encryption implementation?

Options:

A.  

SHA1

B.  

PGP

C.  

3DES

D.  

MD5

Discussion 0
Question # 84

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

Options:

A.  

tcp.src == 25 and ip.host == 192.168.0.125

B.  

host 192.168.0.125:25

C.  

port 25 and host 192.168.0.125

D.  

tcp.port == 25 and ip.host == 192.168.0.125

Discussion 0
Question # 85

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.  

Results matching all words in the query

B.  

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.  

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.  

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Discussion 0
Question # 86

Which property ensures that a hash function will not produce the same hashed value for two different messages?

Options:

A.  

Collision resistance

B.  

Bit length

C.  

Key strength

D.  

Entropy

Discussion 0
Question # 87

Which of the following techniques will identify if computer files have been changed?

Options:

A.  

Network sniffing

B.  

Permission sets

C.  

Integrity checking hashes

D.  

Firewall alerts

Discussion 0
Question # 88

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

Options:

A.  

Issue the pivot exploit and set the meterpreter.

B.  

Reconfigure the network settings in the meterpreter.

C.  

Set the payload to propagate through the meterpreter.

D.  

Create a route statement in the meterpreter.

Discussion 0
Question # 89

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?

Options:

A.  

Public key

B.  

Private key

C.  

Modulus length

D.  

Email server certificate

Discussion 0
Question # 90

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 – no response  TCP port 22 – no response TCP port 23 – Time-to-live exceeded

Options:

A.  

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.

B.  

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.

C.  

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

D.  

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

Discussion 0
Question # 91

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

Question # 91

What is most likely taking place?

Options:

A.  

Ping sweep of the 192.168.1.106 network

B.  

Remote service brute force attempt

C.  

Port scan of 192.168.1.106

D.  

Denial of service attack on 192.168.1.106

Discussion 0
Question # 92

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

Options:

A.  

Classified

B.  

Overt

C.  

Encrypted

D.  

Covert

Discussion 0
Question # 93

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

Options:

A.  

They are written in Java.

B.  

They send alerts to security monitors.

C.  

They use the same packet analysis engine.

D.  

They use the same packet capture utility.

Discussion 0
Question # 94

Which of the following business challenges could be solved by using a vulnerability scanner?

Options:

A.  

Auditors want to discover if all systems are following a standard naming convention.

B.  

A web server was compromised and management needs to know if any further systems were compromised.

C.  

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.  

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Discussion 0
Question # 95

What are the three types of authentication?

Options:

A.  

Something you: know, remember, prove

B.  

Something you: have, know, are

C.  

Something you: show, prove, are

D.  

Something you: show, have, prove

Discussion 0
Question # 96

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

Options:

A.  

ARP spoofing

B.  

MAC duplication

C.  

MAC flooding

D.  

SYN flood

E.  

Reverse smurf attack

F.  

ARP broadcasting

Discussion 0
Question # 97

Which of the following is used to indicate a single-line comment in structured query language (SQL)?

Options:

A.  

--

B.  

||

C.  

%%

D.  

''

Discussion 0
Question # 98

What results will the following command yiel

D.  

'NMAP -sS -O -p 123-153 192.168.100.3'?

Options:

A.  

A stealth scan, opening port 123 and 153

B.  

A stealth scan, checking open ports 123 to 153

C.  

A stealth scan, checking all open ports excluding ports 123 to 153

D.  

A stealth scan, determine operating system, and scanning ports 123 to 153

Discussion 0
Question # 99

Which of the following open source tools would be the best choice to scan a network for potential targets?

Options:

A.  

NMAP

B.  

NIKTO

C.  

CAIN

D.  

John the Ripper

Discussion 0
Question # 100

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Options:

A.  

64 bit and CCMP

B.  

128 bit and CRC

C.  

128 bit and CCMP

D.  

128 bit and TKIP

Discussion 0
Question # 101

Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)

Options:

A.  

Smurf attack

B.  

Social engineering attack

C.  

SQL injection attack

D.  

Phishing attack

E.  

Fraggle attack

F.  

Distributed denial of service attack

Discussion 0
Question # 102

A botnet can be managed through which of the following?

Options:

A.  

IRC

B.  

E-Mail

C.  

Linkedin and Facebook

D.  

A vulnerable FTP server

Discussion 0
Question # 103

In which step Steganography fits in CEH System Hacking Cycle (SHC)

Options:

A.  

Step 2: Crack the password

B.  

Step 1: Enumerate users

C.  

Step 3: Escalate privileges

D.  

Step 4: Execute applications

E.  

Step 5: Hide files

F.  

Step 6: Cover your tracks

Discussion 0
Question # 104

What techniques would you use to evade IDS during a Port Scan? (Select 4 answers)

Options:

A.  

Use fragmented IP packets

B.  

Spoof your IP address when launching attacks and sniff responses from the server

C.  

Overload the IDS with Junk traffic to mask your scan

D.  

Use source routing (if possible)

E.  

Connect to proxy servers or compromised Trojaned machines to launch attacks

Discussion 0
Question # 105

Which port, when configured on a switch receives a copy of every packet that passes through it?

Question # 105

Options:

A.  

R-DUPE Port

B.  

MIRROR port

C.  

SPAN port

D.  

PORTMON

Discussion 0
Question # 106

Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?

Options:

A.  

Charlie can use the comman

D.  

ping -l 56550 172.16.0.45 -t.

B.  

Charlie can try using the comman

D.  

ping 56550 172.16.0.45.

C.  

By using the command ping 172.16.0.45 Charlie would be able to lockup the router

D.  

He could use the comman

D.  

ping -4 56550 172.16.0.45.

Discussion 0
Question # 107

Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks?

Options:

A.  

ISA proxy

B.  

IAS proxy

C.  

TOR proxy

D.  

Cheops proxy

Discussion 0
Question # 108

E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient.

Question # 108

Select a feature, which you will NOT be able to accomplish with this probe?

Options:

A.  

When the e-mail was received and read

B.  

Send destructive e-mails

C.  

GPS location and map of the recipient

D.  

Time spent on reading the e-mails

E.  

Whether or not the recipient visited any links sent to them

F.  

Track PDF and other types of attachments

G.  

Set messages to expire after specified time

Discussion 0
Question # 109

ViruXine.W32 virus hides their presence by changing the underlying executable code. This Virus code mutates while keeping the original algorithm intact, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all.

Question # 109

Here is a section of the Virus code:

Question # 109

What is this technique called?

Options:

A.  

Polymorphic Virus

B.  

Metamorphic Virus

C.  

Dravidic Virus

D.  

Stealth Virus

Discussion 0
Question # 110

Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords. Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold's boss this new password policy should not apply to them. To comply with the management's wishes, the IT department creates another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.

Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC's on the original domain and the new domain using Pwdump6.

Harold uses the password cracking software John the Ripper to crack users' passwords to make sure they are strong enough. Harold expects that the users' passwords in the original domain will take much longer to crack than the management's passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords.

Why did the 14 character passwords not take much longer to crack than the 8 character passwords?

Options:

A.  

Harold should have used Dumpsec instead of Pwdump6

B.  

Harold's dictionary file was not large enough

C.  

Harold should use LC4 instead of John the Ripper

D.  

LanManger hashes are broken up into two 7 character fields

Discussion 0
Question # 111

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js%22%3E%3C/script%3E ">See foobar

What is this attack?

Options:

A.  

Cross-site-scripting attack

B.  

SQL Injection

C.  

URL Traversal attack

D.  

Buffer Overflow attack

Discussion 0
Question # 112

Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size is around 65, 536 bytes. What is Lee seeing here?

Options:

A.  

Lee is seeing activity indicative of a Smurf attack.

B.  

Most likely, the ICMP packets are being sent in this manner to attempt IP spoofing.

C.  

Lee is seeing a Ping of death attack.

D.  

This is not unusual traffic, ICMP packets can be of any size.

Discussion 0
Question # 113

File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks. How would you disable file extensions in Apache servers?

Options:

A.  

Use disable-eXchange

B.  

Use mod_negotiation

C.  

Use Stop_Files

D.  

Use Lib_exchanges

Discussion 0
Question # 114

Which definition below best describes a covert channel?

Options:

A.  

A server program using a port that is not well known

B.  

Making use of a protocol in a way it was not intended to be used

C.  

It is the multiplexing taking place on a communication link

D.  

It is one of the weak channels used by WEP that makes it insecure

Discussion 0
Question # 115

What type of encryption does WPA2 use?

Options:

A.  

DES 64 bit

B.  

AES-CCMP 128 bit

C.  

MD5 48 bit

D.  

SHA 160 bit

Discussion 0
Question # 116

Frederickson Security Consultants is currently conducting a security audit on the networks of Hawthorn Enterprises, a contractor for the Department of Defense. Since Hawthorn Enterprises conducts business daily with the federal government, they must abide by very stringent security policies. Frederickson is testing all of Hawthorn's physical and logical security measures including biometrics, passwords, and permissions. The federal government requires that all users must utilize random, non-dictionary passwords that must take at least 30 days to crack. Frederickson has confirmed that all Hawthorn employees use a random password generator for their network passwords. The Frederickson consultants have saved off numerous SAM files from Hawthorn's servers using Pwdump6 and are going to try and crack the network passwords. What method of attack is best suited to crack these passwords in the shortest amount of time?

Options:

A.  

Brute force attack

B.  

Birthday attack

C.  

Dictionary attack

D.  

Brute service attack

Discussion 0
Question # 117

Your company has blocked all the ports via external firewall and only allows port 80/443 to connect to the Internet. You want to use FTP to connect to some remote server on the Internet. How would you accomplish this?

Options:

A.  

Use HTTP Tunneling

B.  

Use Proxy Chaining

C.  

Use TOR Network

D.  

Use Reverse Chaining

Discussion 0
Question # 118

How do you defend against MAC attacks on a switch?

Question # 118

Options:

A.  

Disable SPAN port on the switch

B.  

Enable SNMP Trap on the switch

C.  

Configure IP security on the switch

D.  

Enable Port Security on the switch

Discussion 0
Question # 119

An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news.

Question # 119

This is another great example that some people do not know what URL's are. Real website:

Fake website: http://www.zuckerjournals.com

Question # 119

The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com

How would you verify if a website is authentic or not?

Options:

A.  

Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity

B.  

Navigate to the site by visiting various blogs and forums for authentic links

C.  

Enable Cache on your browser and lookout for error message warning on the screen

D.  

Visit the site by clicking on a link from Google search engine

Discussion 0
Question # 120

You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250.

Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server?

Options:

A.  

200-250

B.  

121-371

C.  

120-321

D.  

121-231

E.  

120-370

Discussion 0
Question # 121

Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges?

Options:

A.  

Give users tokens

B.  

Give user the least amount of privileges

C.  

Give users two passwords

D.  

Give users a strong policy document

Discussion 0
Question # 122

What is a sheepdip?

Options:

A.  

It is another name for Honeynet

B.  

It is a machine used to coordinate honeynets

C.  

It is the process of checking physical media for virus before they are used in a computer

D.  

None of the above

Discussion 0
Question # 123

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

Options:

A.  

Mandatory Access Control

B.  

Authorized Access Control

C.  

Role-based Access Control

D.  

Discretionary Access Control

Discussion 0
Question # 124

Jacob would like your advice on using a wireless hacking tool that can save him time and get him better results with lesser packets. You would like to recommend a tool that uses KoreK's implementation. Which tool would you recommend from the list below?

Options:

A.  

Kismet

B.  

Shmoo

C.  

Aircrack

D.  

John the Ripper

Discussion 0
Question # 125

In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slow the wireless network is. After benchmarking the network’s speed. Bob discovers that throughput has dropped by almost half even though the number of users has remained the same.

Why does this happen in the VPN over wireless implementation?

Options:

A.  

The stronger encryption used by the VPN slows down the network.

B.  

Using a VPN with wireless doubles the overhead on an access point for all direct client to access point communications.

C.  

VPNs use larger packets then wireless networks normally do.

D.  

Using a VPN on wireless automatically enables WEP, which causes additional overhead.

Discussion 0
Question # 126

If you come across a sheepdip machaine at your client site, what would you infer?

Options:

A.  

A sheepdip computer is used only for virus checking.

B.  

A sheepdip computer is another name for honeypop.

C.  

A sheepdip coordinates several honeypots.

D.  

A sheepdip computer defers a denial of service attack.

Discussion 0
Question # 127

What is Form Scalpel used for?

Options:

A.  

Dissecting HTML Forms

B.  

Dissecting SQL Forms

C.  

Analysis of Access Database Forms

D.  

Troubleshooting Netscape Navigator

E.  

Quatro Pro Analysis Tool

Discussion 0
Question # 128

If you come across a sheepdip machine at your client’s site, what should you do?

Options:

A.  

A sheepdip computer is used only for virus-checking.

B.  

A sheepdip computer is another name for a honeypot

C.  

A sheepdip coordinates several honeypots.

D.  

A sheepdip computers defers a denial of service attack.

Discussion 0
Question # 129

Access control is often implemented through the use of MAC address filtering on wireless Access Points. Why is this considered to be a very limited security measure?

Options:

A.  

Vendors MAC address assignment is published on the Internet.

B.  

The MAC address is not a real random number.

C.  

The MAC address is broadcasted and can be captured by a sniffer.

D.  

The MAC address is used properly only on Macintosh computers.

Discussion 0
Question # 130

WinDump is a popular sniffer which results from the porting to Windows of TcpDump for Linux. What library does it use?

Options:

A.  

LibPcap

B.  

WinPcap

C.  

Wincap

D.  

None of the above

Discussion 0
Question # 131

While examining a log report you find out that an intrusion has been attempted by a machine whose IP address is displayed as 0xde.0xad.0xbe.0xef. It looks to you like a hexadecimal number. You perform a ping 0xde.0xad.0xbe.0xef. Which of the following IP addresses will respond to the ping and hence will likely be responsible for the intrusion?

Options:

A.  

192.10.25.9

B.  

10.0.3.4

C.  

203.20.4.5

D.  

222.273.290.239

Discussion 0
Get EC0-350 dumps and pass your exam in 24 hours!

Free Exams Sample Questions