New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

EC0-350 Ethical Hacking and Countermeasures V8 Questions and Answers

Questions 4

Bob is going to perform an active session hijack against Brownies Inc. He has found a target that allows session oriented connections (Telnet) and performs the sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network. What is Bob supposed to do next?

Options:

A.

Take over the session

B.

Reverse sequence prediction

C.

Guess the sequence numbers

D.

Take one of the parties offline

Buy Now
Questions 5

Which of the following is a detective control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Buy Now
Questions 6

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

Options:

A.

By using SQL injection

B.

By changing hidden form values

C.

By using cross site scripting

D.

By utilizing a buffer overflow attack

Buy Now
Questions 7

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

Options:

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Buy Now
Questions 8

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

Options:

A.

Set a BIOS password.

B.

Encrypt the data on the hard drive.

C.

Use a strong logon password to the operating system.

D.

Back up everything on the laptop and store the backup in a safe place.

Buy Now
Questions 9

What type of port scan is shown below?

Options:

A.

Idle Scan

B.

FIN Scan

C.

XMAS Scan

D.

Windows Scan

Buy Now
Questions 10

Study the log below and identify the scan type.

Options:

A.

nmap -sR 192.168.1.10

B.

nmap -sS 192.168.1.10

C.

nmap -sV 192.168.1.10

D.

nmap -sO -T 192.168.1.10

Buy Now
Questions 11

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

Options:

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

Buy Now
Questions 12

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

Options:

A.

tcp.src == 25 and ip.host == 192.168.0.125

B.

host 192.168.0.125:25

C.

port 25 and host 192.168.0.125

D.

tcp.port == 25 and ip.host == 192.168.0.125

Buy Now
Questions 13

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for 172.16.40.65

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

515/tcp open

631/tcp open  ipp

9100/tcp open

MAC Address: 00:00:48:0D:EE:89

Options:

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

Buy Now
Questions 14

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Options:

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Buy Now
Questions 15

On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?

Options:

A.

Everyone

B.

Guest

C.

System

D.

Administrator

Buy Now
Questions 16

Which is the Novell Netware Packet signature level used to sign all packets ?

Options:

A.

0

B.

1

C.

2

D.

3

Buy Now
Questions 17

What is the proper response for a FIN scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

Buy Now
Questions 18

Which of the following are well know password-cracking programs?(Choose all that apply.

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Buy Now
Questions 19

Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security.

Maintaining the security of a Web server will usually involve the following steps:

1. Configuring, protecting, and analyzing log files

2. Backing up critical information frequently

3. Maintaining a protected authoritative copy of the organization's Web content

4. Establishing and following procedures for recovering from compromise

5. Testing and applying patches in a timely manner

6. Testing security periodically.

In which step would you engage a forensic investigator?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Buy Now
Questions 20

You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

Options:

A.

display==facebook

B.

traffic.content==facebook

C.

tcp contains facebook

D.

list.display.facebook

Buy Now
Questions 21

You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e-banking website (http://www.ejacobank.com) authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail to the customer.

You are confident that this security implementation will protect the customer from password abuse.

Two months later, a group of hackers called "HackJihad" found a way to access the one-time password list issued to customers of Jaco Banking Systems. The hackers set up a fake website (http://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer 's username/passwords this way. They transferred money from the customer's bank account to various offshore accounts.

Your decision of password policy implementation has cost the bank with USD 925, 000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution

What effective security solution will you recommend in this case?

Options:

A.

Implement Biometrics based password authentication system. Record the customers face image to the authentication database

B.

Configure your firewall to block logon attempts of more than three wrong tries

C.

Enable a complex password policy of 20 characters and ask the user to change the password immediately after they logon and do not store password histories

D.

Implement RSA SecureID based authentication system

Buy Now
Questions 22

Lori was performing an audit of her company's internal Sharepoint pages when she came across the following codE. What is the purpose of this code?

Options:

A.

This JavaScript code will use a Web Bug to send information back to another server.

B.

This code snippet will send a message to a server at 192.154.124.55 whenever the "escape" key is pressed.

C.

This code will log all keystrokes.

D.

This bit of JavaScript code will place a specific image on every page of the RSS feed.

Buy Now
Questions 23

A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service.

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus.

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments.

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail.

How do you ensure if the e-mail is authentic and sent from fedex.com?

Options:

A.

Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all

B.

Check the Sender ID against the National Spam Database (NSD)

C.

Fake mail will have spelling/grammatical errors

D.

Fake mail uses extensive images, animation and flash content

Buy Now
Questions 24

TCP/IP Session Hijacking is carried out in which OSI layer?

Options:

A.

Datalink layer

B.

Transport layer

C.

Network layer

D.

Physical layer

Buy Now
Questions 25

Stephanie works as senior security analyst for a manufacturing company in Detroit. Stephanie manages network security throughout the organization. Her colleague Jason told her in confidence that he was able to see confidential corporate information posted on the external website http://www.jeansclothesman.com. He tries random URLs on the company 's website and finds confidential information leaked over the web. Jason says this happened about a month ago. Stephanie visits the said URLs, but she finds nothing. She is very concerned about this, since someone should be held accountable if there was sensitive information posted on the website.

Where can Stephanie go to see past versions and pages of a website?

Options:

A.

She should go to the web page Samspade.org to see web pages that might no longer be on the website

B.

If Stephanie navigates to Search.com; she will see old versions of the company website

C.

Stephanie can go to Archive.org to see past versions of the company website

D.

AddressPast.com would have any web pages that are no longer hosted on the company's website

Buy Now
Questions 26

Which Steganography technique uses Whitespace to hide secret messages?

Options:

A.

snow

B.

beetle

C.

magnet

D.

cat

Buy Now
Questions 27

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges?

Options:

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Buy Now
Questions 28

Which type of hacker represents the highest risk to your network?

Options:

A.

black hat hackers

B.

grey hat hackers

C.

disgruntled employees

D.

script kiddies

Buy Now
Questions 29

Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

Options:

A.

Port Scanning

B.

Single Scanning

C.

External Scanning

D.

Vulnerability Scanning

Buy Now
Questions 30

What type of Trojan is this?

Options:

A.

RAT Trojan

B.

E-Mail Trojan

C.

Defacement Trojan

D.

Destructing Trojan

E.

Denial of Service Trojan

Buy Now
Questions 31

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

How would you prevent such type of attacks?

Options:

A.

It is impossible to block these attacks

B.

Hire the people through third-party job agencies who will vet them for you

C.

Conduct thorough background checks before you engage them

D.

Investigate their social networking profiles

Buy Now
Questions 32

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Buy Now
Questions 33

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company’s internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?

Options:

A.

SSL

B.

Mutual authentication

C.

IPSec

D.

Static IP addresses

Buy Now
Questions 34

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

Options:

A.

UDP 123

B.

UDP 541

C.

UDP 514

D.

UDP 415

Buy Now
Questions 35

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.

How does a polymorphic shellcode work?

Options:

A.

They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode

B.

They convert the shellcode into Unicode, using loader to convert back to machine code then executing them

C.

They reverse the working instructions into opposite order by masking the IDS signatures

D.

They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

Buy Now
Questions 36

Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?

Options:

A.

Jayden can use the commanD. ip binding set.

B.

Jayden can use the commanD. no ip spoofing.

C.

She should use the commanD. no dhcp spoofing.

D.

She can use the commanD. ip dhcp snooping binding.

Buy Now
Questions 37

Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this?

Options:

A.

Bill can use the command: ip dhcp snooping.

B.

Bill can use the command: no ip snoop.

C.

Bill could use the command: ip arp no flood.

D.

He could use the command: ip arp no snoop.

Buy Now
Questions 38

A specific site received 91 ICMP_ECHO packets within 90 minutes from 47 different sites. 77 of the ICMP_ECHO packets had an ICMP ID:39612 and Seq:57072. 13 of the ICMP_ECHO packets had an ICMP ID:0 and Seq:0. What can you infer from this information?

Options:

A.

The packets were sent by a worm spoofing the IP addresses of 47 infected sites

B.

ICMP ID and Seq numbers were most likely set by a tool and not by the operating system

C.

All 77 packets came from the same LAN segment and hence had the same ICMP ID and Seq number

D.

13 packets were from an external network and probably behind a NAT, as they had an ICMP ID 0 and Seq 0

Buy Now
Questions 39

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

Options:

A.

Bob can explain that using a weak key management technique is a form of programming error

B.

Bob can explain that using passwords to derive cryptographic keys is a form of a programming error

C.

Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique

D.

Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error

Buy Now
Questions 40

Which of the following programming languages is most vulnerable to buffer overflow attacks?

Options:

A.

Perl

B.

C++

C.

Python

D.

Java

Buy Now
Questions 41

Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from 192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

Options:

A.

The initial traffic from 192.168.12.35 was being spoofed.

B.

The traffic from 192.168.12.25 is from a Linux computer.

C.

The TTL of 21 means that the client computer is on wireless.

D.

The client computer at 192.168.12.35 is a zombie computer.

Buy Now
Questions 42

Which tool would be used to collect wireless packet data?

Options:

A.

NetStumbler

B.

John the Ripper

C.

Nessus

D.

Netcat

Buy Now
Questions 43

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

Options:

A.

Multiple keys for non-repudiation of bulk data

B.

Different keys on both ends of the transport medium

C.

Bulk encryption for data transmission over fiber

D.

The same key on each end of the transmission medium

Buy Now
Questions 44

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

Options:

A.

Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B.

Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C.

Configure the firewall to allow traffic on TCP port 53.

D.

Configure the firewall to allow traffic on TCP port 8080.

Buy Now
Questions 45

What are the three types of authentication?

Options:

A.

Something you: know, remember, prove

B.

Something you: have, know, are

C.

Something you: show, prove, are

D.

Something you: show, have, prove

Buy Now
Questions 46

Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

Options:

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run

C.

HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run

D.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Buy Now
Questions 47

Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Options:

A.

Dictionary attack

B.

Brute forcing attack

C.

Hybrid attack

D.

Syllable attack

E.

Rule-based attack

Buy Now
Questions 48

Least privilege is a security concept that requires that a user is

Options:

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

Buy Now
Questions 49

Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?

Options:

A.

Jacob is seeing a Smurf attack.

B.

Jacob is seeing a SYN flood.

C.

He is seeing a SYN/ACK attack.

D.

He has found evidence of an ACK flood.

Buy Now
Questions 50

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's access-list as below:

You are hired to conduct security testing on their network. You successfully brute-force the SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection. You want to retrieve the Cisco configuration from the router. How would you proceed?

Options:

A.

Use the Cisco's TFTP default password to connect and download the configuration file

B.

Run a network sniffer and capture the returned traffic with the configuration file from the router

C.

Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D.

Send a customized SNMP set request with a spoofed source IP address in the range - 192.168.1.0

Buy Now
Questions 51

A digital signature is simply a message that is encrypted with the public key instead of the private key.

Options:

A.

true

B.

false

Buy Now
Questions 52

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

Options:

A.

0x60

B.

0x80

C.

0x70

D.

0x90

Buy Now
Questions 53

Yancey is a network security administrator for a large electric company. This company provides power for over 100, 000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

Options:

A.

Yancey would be considered a Suicide Hacker

B.

Since he does not care about going to jail, he would be considered a Black Hat

C.

Because Yancey works for the company currently; he would be a White Hat

D.

Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Buy Now
Questions 54

What type of session hijacking attack is shown in the exhibit?

Options:

A.

Session Sniffing Attack

B.

Cross-site scripting Attack

C.

SQL Injection Attack

D.

Token sniffing Attack

Buy Now
Questions 55

What type of attack is shown here?

Options:

A.

Bandwidth exhaust Attack

B.

Denial of Service Attack

C.

Cluster Service Attack

D.

Distributed Denial of Service Attack

Buy Now
Questions 56

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Buy Now
Questions 57

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js%22%3E%3C/script%3E ">See foobar

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Buy Now
Questions 58

In which location, SAM hash passwords are stored in Windows 7?

Options:

A.

c:\windows\system32\config\SAM

B.

c:\winnt\system32\machine\SAM

C.

c:\windows\etc\drivers\SAM

D.

c:\windows\config\etc\SAM

Buy Now
Questions 59

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options:

A.

Birthday

B.

Brute force

C.

Man-in-the-middle

D.

Smurf

Buy Now
Questions 60

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

Options:

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Buy Now
Questions 61

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

Options:

A.

To determine who is the holder of the root account

B.

To perform a DoS

C.

To create needless SPAM

D.

To illicit a response back that will reveal information about email servers and how they treat undeliverable mail

E.

To test for virus protection

Buy Now
Questions 62

Which one of the following instigates a SYN flood attack?

Options:

A.

Generating excessive broadcast packets.

B.

Creating a high number of half-open connections.

C.

Inserting repetitive Internet Relay Chat (IRC) messages.

D.

A large number of Internet Control Message Protocol (ICMP) traces.

Buy Now
Questions 63

What hacking attack is challenge/response authentication used to prevent?

Options:

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

Buy Now
Questions 64

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

Options:

A.

Covert keylogger

B.

Stealth keylogger

C.

Software keylogger

D.

Hardware keylogger

Buy Now
Questions 65

Exhibit:

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Options:

A.

har.txt

B.

SAM file

C.

wwwroot

D.

Repair file

Buy Now
Questions 66

What is the goal of a Denial of Service Attack?

Options:

A.

Capture files from a remote computer.

B.

Render a network or computer incapable of providing normal service.

C.

Exploit a weakness in the TCP stack.

D.

Execute service at PS 1009.

Buy Now
Questions 67

_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

Options:

A.

Canonicalization

B.

Character Mapping

C.

Character Encoding

D.

UCS transformation formats

Buy Now
Questions 68

Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?

Options:

A.

Timestamps

B.

SMB Signing

C.

File permissions

D.

Sequence numbers monitoring

Buy Now
Questions 69

What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?

Options:

A.

Fraggle Attack

B.

Man in the Middle Attack

C.

Trojan Horse Attack

D.

Smurf Attack

E.

Back Orifice Attack

Buy Now
Questions 70

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Buy Now
Questions 71

Exhibit:

The following is an entry captured by a network IDS.You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

Options:

A.

The buffer overflow attack has been neutralized by the IDS

B.

The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

Buy Now
Questions 72

Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two.

What would you call this attack?

Options:

A.

Interceptor

B.

Man-in-the-middle

C.

ARP Proxy

D.

Poisoning Attack

Buy Now
Questions 73

You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where?

Select the best answer.

Options:

A.

%windir%\\etc\\services

B.

system32\\drivers\\etc\\services

C.

%windir%\\system32\\drivers\\etc\\services

D.

/etc/services

E.

%windir%/system32/drivers/etc/services

Buy Now
Questions 74

Which of the following is not considered to be a part of active sniffing?

Options:

A.

MAC Flooding

B.

ARP Spoofing

C.

SMAC Fueling

D.

MAC Duplicating

Buy Now
Questions 75

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials.  The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

Options:

A.

Using the Metasploit psexec module setting the SA / Admin credential

B.

Invoking the stored procedure xp_shell to spawn a Windows command shell

C.

Invoking the stored procedure cmd_shell to spawn a Windows command shell

D.

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Buy Now
Questions 76

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Options:

A.

 Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Buy Now
Questions 77

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.

In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Options:

A.

Semicolon

B.

Single quote

C.

Exclamation mark

D.

Double quote

Buy Now
Questions 78

Which of the following is a component of a risk assessment?

Options:

A.

Physical security

B.

Administrative safeguards

C.

DMZ

D.

Logical interface

Buy Now
Questions 79

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

Options:

A.

Unplug the network connection on the company’s web server.

B.

Determine the origin of the attack and launch a counterattack.

C.

Record as much information as possible from the attack.

D.

Perform a system restart on the company’s web server.

Buy Now
Questions 80

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

Options:

A.

They are written in Java.

B.

They send alerts to security monitors.

C.

They use the same packet analysis engine.

D.

They use the same packet capture utility.

Buy Now
Questions 81

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Buy Now
Questions 82

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Options:

A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

Buy Now
Questions 83

Which of the following is a strong post designed to stop a car?

Options:

A.

Gate

B.

Fence

C.

Bollard

D.

Reinforced rebar

Buy Now
Questions 84

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor.  What should the hacker's next step be before starting work on this job?

Options:

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Buy Now
Questions 85

Which system consists of a publicly available set of databases that contain domain name registration contact information?

Options:

A.

WHOIS

B.

IANA 

C.

CAPTCHA

D.

IETF

Buy Now
Questions 86

What does the term “Ethical Hacking” mean?

Options:

A.

Someone who is hacking for ethical reasons.

B.

Someone who is using his/her skills for ethical reasons.

C.

Someone who is using his/her skills for defensive purposes.

D.

Someone who is using his/her skills for offensive purposes.

Buy Now
Questions 87

War dialing is a very old attack and depicted in movies that were made years ago.

Why would a modem security tester consider using such an old technique?

Options:

A.

It is cool, and if it works in the movies it must work in real life.

B.

It allows circumvention of protection mechanisms by being on the internal network.

C.

It allows circumvention of the company PBX.

D.

A good security tester would not use such a derelict technique.

Buy Now
Questions 88

What type of port scan is shown below?

Options:

A.

Idle Scan

B.

Windows Scan

C.

XMAS Scan

D.

SYN Stealth Scan

Buy Now
Questions 89

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.

How can you achieve this?

Options:

A.

Block ICMP at the firewall.

B.

Block UDP at the firewall.

C.

Both A and B.

D.

There is no way to completely block doing a trace route into this area.

Buy Now
Questions 90

Which of the following is NOT true of cryptography?

Options:

A.

Science of protecting information by encoding it into an unreadable format

B.

Method of storing and transmitting data in a form that only those it is intended for can read and process

C.

Most (if not all) algorithms can be broken by both technical and non-technical means

D.

An effective way of protecting sensitive information in storage but not in transit

Buy Now
Questions 91

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions.

On further research, the tester come across a perl script that runs the following msadc functions:system("perl msadc.pl -h $host -C \"echo open $your >testfile\""); 

Which exploit is indicated by this script?

Options:

A.

A buffer overflow exploit

B.

A chained exploit

C.

A SQL injection exploit

D.

A denial of service exploit

Buy Now
Questions 92

While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

Options:

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

Buy Now
Questions 93

While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Remote operating system guess: Too many signatures match to reliably guess the OS.

Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds

What should be your next step to identify the OS?

Options:

A.

Perform a firewalk with that system as the target IP

B.

Perform a tcp traceroute to the system using port 53

C.

Run an nmap scan with the -v-v option to give a better output

D.

Connect to the active services and review the banner information

Buy Now
Questions 94

What flags are set in a X-MAS scan?(Choose all that apply.

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

URG

Buy Now
Questions 95

What does a type 3 code 13 represent?(Choose two.

Options:

A.

Echo request

B.

Destination unreachable

C.

Network unreachable

D.

Administratively prohibited

E.

Port unreachable

F.

Time exceeded

Buy Now
Questions 96

Look at the following SQL query.

SELECT * FROM product WHERE PCategory='computers' or 1=1--'

What will it return? Select the best answer.

Options:

A.

All computers and all 1's

B.

All computers

C.

All computers and everything else

D.

Everything except computers

Buy Now
Questions 97

A XYZ security System Administrator is reviewing the network system log files.

He notes the following:

  • Network log files are at 5 MB at 12:00 noon.
  • At 14:00 hours, the log files at 3 MB.

What should he assume has happened and what should he do about the situation?

Options:

A.

He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

B.

He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C.

He should log the file size, and archive the information, because the router crashed.

D.

He should run a file system check, because the Syslog server has a self correcting file system problem.

E.

He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Buy Now
Questions 98

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

What can he infer from this file?

Options:

A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

Buy Now
Questions 99

Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

Options:

A.

The first column reports the sequence number

B.

The second column reports the difference between the current and last sequence number

C.

The second column reports the next sequence number

D.

The first column reports the difference between current and last sequence number

Buy Now
Questions 100

Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?

Options:

A.

Network aliasing

B.

Domain Name Server (DNS) poisoning

C.

Reverse Address Resolution Protocol (ARP)

D.

Port scanning

Buy Now
Questions 101

_________ is one of the programs used to wardial.

Options:

A.

DialIT

B.

Netstumbler

C.

TooPac

D.

Kismet

E.

ToneLoc

Buy Now
Questions 102

Which of the following is an automated vulnerability assessment tool?

Options:

A.

Whack a Mole

B.

Nmap

C.

Nessus

D.

Kismet

E.

Jill32

Buy Now
Questions 103

You are attempting to map out the firewall policy for an organization. You discover your target system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system starting at port 1 and going up to port 1024. What is this process known as?

Options:

A.

Footprinting

B.

Firewalking

C.

Enumeration

D.

Idle scanning

Buy Now
Questions 104

Steven the hacker realizes that the network administrator of XYZ is using syskey to protect organization resources in the Windows 2000 Server. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to brute force dictionary attacks on the hashes. Steven runs a program called “SysCracker” targeting the Windows 2000 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch attach.

How many bits does Syskey use for encryption?

Options:

A.

40 bit

B.

64 bit

C.

256 bit

D.

128 bit

Buy Now
Questions 105

Eve decides to get her hands dirty and tries out a Denial of Service attack that is relatively new to her. This time she envisages using a different kind of method to attack Brownies Inc. Eve tries to forge the packets and uses the broadcast address. She launches an attack similar to that of fraggle. What is the technique that Eve used in the case above?

Options:

A.

Smurf

B.

Bubonic

C.

SYN Flood

D.

Ping of Death

Buy Now
Questions 106

You wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization.

While some of the methods listed below work, which holds the least risk of detection?

Options:

A.

Make some phone calls and attempt to retrieve the information using social engineering.

B.

Use nmap in paranoid mode and scan the web server.

C.

Telnet to the web server and issue commands to illicit a response.

D.

Use the netcraft web site look for the target organization’s web site.

Buy Now
Questions 107

Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through the firewall. He wonders if his firewall has been breached. What would be your inference?

Options:

A.

Eric network has been penetrated by a firewall breach

B.

The attacker is using the ICMP protocol to have a covert channel

C.

Eric has a Wingate package providing FTP redirection on his network

D.

Somebody is using SOCKS on the network to communicate through the firewall

Buy Now
Questions 108

RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to be secured.

What is the most likely cause behind this?

Options:

A.

There are some flaws in the implementation.

B.

There is no key management.

C.

The IV range is too small.

D.

All of the above.

E.

None of the above.

Buy Now
Questions 109

Which are true statements concerning the BugBear and Pretty Park worms?

Select the best answers.

Options:

A.

Both programs use email to do their work.

B.

Pretty Park propagates via network shares and email

C.

BugBear propagates via network shares and email

D.

Pretty Park tries to connect to an IRC server to send your personal passwords.

E.

Pretty Park can terminate anti-virus applications that might be running to bypass them.

Buy Now
Questions 110

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?

Options:

A.

g++ hackersExploit.cpp -o calc.exe

B.

g++ hackersExploit.py -o calc.exe

C.

g++ -i hackersExploit.pl -o calc.exe

D.

g++ --compile –i hackersExploit.cpp -o calc.exe

Buy Now
Questions 111

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

Options:

A.

Harvesting

B.

Windowing

C.

Hardening

D.

Stealthing

Buy Now
Questions 112

How can telnet be used to fingerprint a web server?

Options:

A.

telnet webserverAddress 80

HEAD / HTTP/1.0

B.

telnet webserverAddress 80 

PUT / HTTP/1.0

C.

telnet webserverAddress 80

HEAD / HTTP/2.0

D.

telnet webserverAddress 80 

PUT / HTTP/2.0

Buy Now
Questions 113

What is a successful method for protecting a router from potential smurf attacks?

Options:

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

Buy Now
Questions 114

A bank stores and processes sensitive privacy information related to home loans.  However, auditing has never been enabled on the system.  What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Buy Now
Questions 115

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Options:

A.

Hping

B.

Traceroute

C.

TCP ping

D.

Broadcast ping

Buy Now
Questions 116

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

Options:

A.

WebBugs

B.

WebGoat

C.

VULN_HTML

D.

WebScarab

Buy Now
Questions 117

In which step Steganography fits in CEH System Hacking Cycle (SHC)

Options:

A.

Step 2: Crack the password

B.

Step 1: Enumerate users

C.

Step 3: Escalate privileges

D.

Step 4: Execute applications

E.

Step 5: Hide files

F.

Step 6: Cover your tracks

Buy Now
Questions 118

One of your team members has asked you to analyze the following SOA record. What is the version?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

Options:

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Buy Now
Questions 119

Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

Options:

A.

Alternate between typing the login credentials and typing characters somewhere else in the focus window

B.

Type a wrong password first, later type the correct password on the login page defeating the keylogger recording

C.

Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.

D.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

E.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

Buy Now
Questions 120

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Options:

A.

Usernames

B.

File permissions

C.

Firewall rulesets

D.

Passwords

Buy Now
Questions 121

Which of the following items of a computer system will an anti-virus program scan for viruses?

Options:

A.

Boot Sector

B.

Deleted Files

C.

Windows Process List

D.

Password Protected Files

Buy Now
Questions 122

A security engineer is attempting to map a company’s internal network. The engineer enters in the following NMAP commanD.

NMAP –n –sS –P0 –p 80 ***.***.**.**

What type of scan is this?

Options:

A.

Quick scan

B.

Intense scan

C.

Stealth scan

D.

Comprehensive scan

Buy Now
Questions 123

Which of the following identifies the three modes in which Snort can be configured to run?

Options:

A.

Sniffer, Packet Logger, and Network Intrusion Detection System

B.

Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C.

Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D.

Sniffer, Packet Logger, and Host Intrusion Prevention System

Buy Now
Questions 124

Why attackers use proxy servers?

Options:

A.

To ensure the exploits used in the attacks always flip reverse vectors

B.

Faster bandwidth performance and increase in attack speed

C.

Interrupt the remote victim's network traffic and reroute the packets to attackers machine

D.

To hide the source IP address so that an attacker can hack without any legal corollary

Buy Now
Questions 125

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

Options:

A.

Birthday attack

B.

Plaintext attack

C.

Meet in the middle attack

D.

Chosen ciphertext attack

Buy Now
Questions 126

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Buy Now
Questions 127

Which of the following are valid types of rootkits? (Choose three.)

Options:

A.

Hypervisor level

B.

Network level

C.

Kernel level

D.

Application level

E.

Physical level

F.

Data access level

Buy Now
Questions 128

What do you call a pre-computed hash?

Options:

A.

Sun tables

B.

Apple tables

C.

Rainbow tables

D.

Moon tables

Buy Now
Questions 129

What is the command used to create a binary log file using tcpdump?

Options:

A.

tcpdump -w ./log

B.

tcpdump -r log

C.

tcpdump -vde logtcpdump -vde ? log

D.

tcpdump -l /var/log/

Buy Now
Questions 130

E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient.

Select a feature, which you will NOT be able to accomplish with this probe?

Options:

A.

When the e-mail was received and read

B.

Send destructive e-mails

C.

GPS location and map of the recipient

D.

Time spent on reading the e-mails

E.

Whether or not the recipient visited any links sent to them

F.

Track PDF and other types of attachments

G.

Set messages to expire after specified time

Buy Now
Questions 131

Jess the hacker runs L0phtCrack's built-in sniffer utility that grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashes from the network. Why?

Options:

A.

The network protocol is configured to use SMB Signing

B.

The physical network wire is on fibre optic cable

C.

The network protocol is configured to use IPSEC

D.

L0phtCrack SMB sniffing only works through Switches and not Hubs

Buy Now
Exam Code: EC0-350
Exam Name: Ethical Hacking and Countermeasures V8
Last Update: Dec 26, 2024
Questions: 878
EC0-350 pdf

EC0-350 PDF

$25.5  $84.99
EC0-350 Engine

EC0-350 Testing Engine

$30  $99.99
EC0-350 PDF + Engine

EC0-350 PDF + Testing Engine

$40.5  $134.99