New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

EC0-350 Ethical Hacking and Countermeasures V8 Questions and Answers

Questions 4

Which of the following examples best represents a logical or technical control?

Options:

A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Buy Now
Questions 5

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

Options:

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Buy Now
Questions 6

What is the best defense against privilege escalation vulnerability?

Options:

A.

Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B.

Run administrator and applications on least privileges and use a content registry for tracking.

C.

Run services with least privileged accounts and implement multi-factor authentication and authorization.

D.

Review user roles and administrator privileges for maximum utilization of automation services.

Buy Now
Questions 7

What is the outcome of the comm”nc -l -p 2222 | nc 10.1.0.43 1234"?

Options:

A.

Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

B.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

C.

Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

D.

Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

Buy Now
Questions 8

Which of the following techniques will identify if computer files have been changed?

Options:

A.

Network sniffing

B.

Permission sets

C.

Integrity checking hashes

D.

Firewall alerts

Buy Now
Questions 9

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Buy Now
Questions 10

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Options:

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

Buy Now
Questions 11

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

Options:

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Buy Now
Questions 12

Which of the following programming languages is most vulnerable to buffer overflow attacks?

Options:

A.

Perl

B.

C++

C.

Python

D.

Java

Buy Now
Questions 13

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

Options:

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance 

Buy Now
Questions 14

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Options:

A.

 Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Buy Now
Questions 15

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Buy Now
Questions 16

ICMP ping and ping sweeps are used to check for active systems and to check

Options:

A.

if ICMP ping traverses a firewall.

B.

the route that the ICMP ping took.

C.

the location of the switchport in relation to the ICMP ping.

D.

the number of hops an ICMP ping takes to reach a destination.

Buy Now
Questions 17

An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets?

Options:

A.

The wireless card was not turned on.

B.

The wrong network card drivers were in use by Wireshark.

C.

On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.

D.

Certain operating systems and adapters do not collect the management or control packets.

Buy Now
Questions 18

From the two screenshots below, which of the following is occurring?

Options:

A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Buy Now
Questions 19

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Buy Now
Questions 20

Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Buy Now
Questions 21

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

Options:

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Buy Now
Questions 22

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.

Options:

A.

110

B.

135

C.

139

D.

161

E.

445

F.

1024

Buy Now
Questions 23

Which of the following tools are used for enumeration? (Choose three.)

Options:

A.

SolarWinds

B.

USER2SID

C.

Cheops

D.

SID2USER

E.

DumpSec

Buy Now
Questions 24

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Buy Now
Questions 25

What is the proper response for a NULL scan if the port is open?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Buy Now
Questions 26

Exhibit:

ettercap –NCLzs --quiet

What does the command in the exhibit do in “Ettercap”?

Options:

A.

This command will provide you the entire list of hosts in the LAN

B.

This command will check if someone is poisoning you and will report its IP.

C.

This command will detach from console and log all the collected passwords from the network to a file.

D.

This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

Buy Now
Questions 27

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

Options:

A.

Snort

B.

argus

C.

TCPflow

D.

Tcpdump

Buy Now
Questions 28

What is a Trojan Horse?

Options:

A.

A malicious program that captures your username and password

B.

Malicious code masquerading as or replacing legitimate code

C.

An unauthorized user who gains access to your user database and adds themselves as a user

D.

A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity

Buy Now
Questions 29

John wishes to install a new application onto his Windows 2000 server.

He wants to ensure that any application he uses has not been Trojaned.

What can he do to help ensure this?

Options:

A.

Compare the file's MD5 signature with the one published on the distribution media

B.

Obtain the application via SSL

C.

Compare the file's virus signature with the one published on the distribution media

D.

Obtain the application from a CD-ROM disc

Buy Now
Questions 30

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

Options:

A.

Invalid Username

B.

Invalid Password

C.

Authentication Failure

D.

Login Attempt Failed

E.

Access Denied

Buy Now
Questions 31

Which of the following are well know password-cracking programs?(Choose all that apply.

Options:

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Buy Now
Questions 32

What happens during a SYN flood attack?

Options:

A.

TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.

B.

A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.

C.

A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.

D.

A TCP packet is received with both the SYN and the FIN bits set in the flags field.

Buy Now
Questions 33

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Buy Now
Questions 34

What did the following commands determine?

C: user2sid \earth guest

S-1-5-21-343818398-789336058-1343024091-501

C:sid2user 5 21 343818398 789336058 1343024091 500

Name is Joe

Domain is EARTH

Options:

A.

That the Joe account has a SID of 500

B.

These commands demonstrate that the guest account has NOT been disabled

C.

These commands demonstrate that the guest account has been disabled

D.

That the true administrator is Joe

E.

Issued alone, these commands prove nothing

Buy Now
Questions 35

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

Options:

A.

Alternate Data Streams

B.

Merge Streams

C.

Steganography

D.

NetBIOS vulnerability

Buy Now
Questions 36

A XYZ security System Administrator is reviewing the network system log files.

He notes the following:

  • Network log files are at 5 MB at 12:00 noon.
  • At 14:00 hours, the log files at 3 MB.

What should he assume has happened and what should he do about the situation?

Options:

A.

He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

B.

He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C.

He should log the file size, and archive the information, because the router crashed.

D.

He should run a file system check, because the Syslog server has a self correcting file system problem.

E.

He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Buy Now
Questions 37

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

What can he infer from this file?

Options:

A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

Buy Now
Questions 38

SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.

Which of the following features makes this possible? (Choose two)

Options:

A.

It used TCP as the underlying protocol.

B.

It uses community string that is transmitted in clear text.

C.

It is susceptible to sniffing.

D.

It is used by all network devices on the market.

Buy Now
Questions 39

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

Options:

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Buy Now
Questions 40

What port scanning method is the most reliable but also the most detectable?

Options:

A.

Null Scanning

B.

Connect Scanning

C.

ICMP Scanning

D.

Idlescan Scanning

E.

Half Scanning

F.

Verbose Scanning

Buy Now
Questions 41

An Nmap scan shows the following open ports, and nmap also reports that the OS guessing results to match too many signatures hence it cannot reliably be identified:

21 ftp

23 telnet

80 http

443 https

What does this suggest?

Options:

A.

This is a Windows Domain Controller

B.

The host is not firewalled

C.

The host is not a Linux or Solaris system

D.

The host is not properly patched

Buy Now
Questions 42

Your XYZ trainee Sandra asks you which are the four existing Regional Internet Registry (RIR's)?

Options:

A.

APNIC, PICNIC, ARIN, LACNIC

B.

RIPE NCC, LACNIC, ARIN, APNIC

C.

RIPE NCC, NANIC, ARIN, APNIC

D.

RIPE NCC, ARIN, APNIC, LATNIC

Buy Now
Questions 43

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

Options:

A.

UDP is filtered by a gateway

B.

The packet TTL value is too low and cannot reach the target

C.

The host might be down

D.

The destination network might be down

E.

The TCP windows size does not match

F.

ICMP is filtered by a gateway

Buy Now
Questions 44

To what does “message repudiation” refer to what concept in the realm of email security?

Options:

A.

Message repudiation means a user can validate which mail server or servers a message was passed through.

B.

Message repudiation means a user can claim damages for a mail message that damaged their reputation.

C.

Message repudiation means a recipient can be sure that a message was sent from a particular person.

D.

Message repudiation means a recipient can be sure that a message was sent from a certain host.

E.

Message repudiation means a sender can claim they did not actually send a particular message.

Buy Now
Questions 45

NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish?

nslookup

> server

> set type =any

> ls -d

Options:

A.

Enables DNS spoofing

B.

Loads bogus entries into the DNS table

C.

Verifies zone security

D.

Performs a zone transfer

E.

Resets the DNS cache

Buy Now
Questions 46

What is "Hacktivism"?

Options:

A.

Hacking for a cause

B.

Hacking ruthlessly

C.

An association which groups activists

D.

None of the above

Buy Now
Questions 47

What is the proper response for a NULL scan if the port is closed?

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST

F.

No response

Buy Now
Questions 48

What are the default passwords used by SNMP? (Choose two.)

Options:

A.

Password

B.

SA

C.

Private

D.

Administrator

E.

Public

F.

Blank

Buy Now
Questions 49

What type of port scan is shown below?

Options:

A.

Idle Scan

B.

Windows Scan

C.

XMAS Scan

D.

SYN Stealth Scan

Buy Now
Questions 50

Bob has been hired to perform a penetration test on XYZ.com. He begins by looking at IP address ranges owned by the company and details of domain name registration. He then goes to News Groups and financial web sites to see if they are leaking any sensitive information of have any technical details online.

Within the context of penetration testing methodology, what phase is Bob involved with?

Options:

A.

Passive information gathering

B.

Active information gathering

C.

Attack phase

D.

Vulnerability Mapping

Buy Now
Questions 51

Which of the following tools can be used to perform a zone transfer?

Options:

A.

NSLookup

B.

Finger

C.

Dig

D.

Sam Spade

E.

Host

F.

Netcat

G.

Neotrace

Buy Now
Questions 52

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Buy Now
Questions 53

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?

Options:

A.

Host

B.

Stateful

C.

Stateless

D.

Application

Buy Now
Questions 54

Which type of antenna is used in wireless communication?

Options:

A.

Omnidirectional

B.

Parabolic

C.

Uni-directional

D.

Bi-directional

Buy Now
Questions 55

Which of the following represent weak password? (Select 2 answers)

Options:

A.

Passwords that contain letters, special characters, and numbers ExamplE. ap1$%##f@52

B.

Passwords that contain only numbers ExamplE. 23698217

C.

Passwords that contain only special characters ExamplE. &*#@!(%)

D.

Passwords that contain letters and numbers ExamplE. meerdfget123

E.

Passwords that contain only letters ExamplE. QWERTYKLRTY

F.

Passwords that contain only special characters and numbers ExamplE. 123@$45

G.

Passwords that contain only letters and special characters ExamplE. bob@&ba

Buy Now
Questions 56

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

Options:

A.

SHA-1

B.

MD5

C.

HAVAL

D.

MD4

Buy Now
Questions 57

Why attackers use proxy servers?

Options:

A.

To ensure the exploits used in the attacks always flip reverse vectors

B.

Faster bandwidth performance and increase in attack speed

C.

Interrupt the remote victim's network traffic and reroute the packets to attackers machine

D.

To hide the source IP address so that an attacker can hack without any legal corollary

Buy Now
Questions 58

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Buy Now
Questions 59

Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

Options:

A.

hping3 -T 10.8.8.8 -S netbios -c 2 -p 80

B.

hping3 -Y 10.8.8.8 -S windows -c 2 -p 80

C.

hping3 -O 10.8.8.8 -S server -c 2 -p 80

D.

hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

Buy Now
Questions 60

Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?

Options:

A.

Jacob is seeing a Smurf attack.

B.

Jacob is seeing a SYN flood.

C.

He is seeing a SYN/ACK attack.

D.

He has found evidence of an ACK flood.

Buy Now
Questions 61

Here is the ASCII Sheet.

You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection technique.

What is the correct syntax?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 62

SOAP services use which technology to format information?

Options:

A.

SATA

B.

PCI

C.

XML

D.

ISDN

Buy Now
Questions 63

Low humidity in a data center can cause which of the following problems?

Options:

A.

Heat

B.

Corrosion

C.

Static electricity

D.

Airborne contamination

Buy Now
Questions 64

Bill is a security analyst for his company. All the switches used in the company's office are Cisco switches. Bill wants to make sure all switches are safe from ARP poisoning. How can Bill accomplish this?

Options:

A.

Bill can use the command: ip dhcp snooping.

B.

Bill can use the command: no ip snoop.

C.

Bill could use the command: ip arp no flood.

D.

He could use the command: ip arp no snoop.

Buy Now
Questions 65

One way to defeat a multi-level security solution is to leak data via

Options:

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Buy Now
Questions 66

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)

Options:

A.

Port Security

B.

IPSec Encryption

C.

Network Admission Control (NAC)

D.

802.1q Port Based Authentication

E.

802.1x Port Based Authentication

F.

Intrusion Detection System (IDS)

Buy Now
Questions 67

You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?

Options:

A.

System services

B.

EXEC master access

C.

xp_cmdshell

D.

RDC

Buy Now
Questions 68

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

Options:

A.

Drops the packet and moves on to the next one

B.

Continues to evaluate the packet until all rules are checked

C.

Stops checking rules, sends an alert, and lets the packet continue

D.

Blocks the connection with the source IP address in the packet

Buy Now
Questions 69

John is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What would be the name of this tool?

Options:

A.

hping2

B.

nessus

C.

nmap

D.

make

Buy Now
Questions 70

What is the IV key size used in WPA2?

Options:

A.

32

B.

24

C.

16

D.

48

E.

128

Buy Now
Questions 71

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

http://foobar.com/index.html?id=%3Cscript%20src=%22http://baddomain.com/badscript.js%22%3E%3C/script%3E ">See foobar

What is this attack?

Options:

A.

Cross-site-scripting attack

B.

SQL Injection

C.

URL Traversal attack

D.

Buffer Overflow attack

Buy Now
Questions 72

"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Buy Now
Questions 73

Steve scans the network for SNMP enabled devices. Which port number Steve should scan?

Options:

A.

150

B.

161

C.

169

D.

69

Buy Now
Questions 74

Which type of sniffing technique is generally referred as MiTM attack?

Options:

A.

Password Sniffing

B.

ARP Poisoning

C.

Mac Flooding

D.

DHCP Sniffing

Buy Now
Questions 75

You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

  • DNS query is sent to the DNS server to resolve www.google.com
  • DNS server replies with the IP address for Google?
  • SYN packet is sent to Google.
  • Google sends back a SYN/ACK packet
  • Your computer completes the handshake by sending an ACK
  • The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

Options:

A.

4th packet

B.

3rdpacket

C.

6th packet

D.

5th packet

Buy Now
Questions 76

Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage.

What Google search will accomplish this?

Options:

A.

related:intranet allinurl:intranet:"human resources"

B.

cache:"human resources" inurl:intranet(SharePoint)

C.

intitle:intranet inurl:intranet+intext:"human resources"

D.

site:"human resources"+intext:intranet intitle:intranet

Buy Now
Questions 77

Which of the following is NOT part of CEH Scanning Methodology?

Options:

A.

Check for Live systems

B.

Check for Open Ports

C.

Banner Grabbing

D.

Prepare Proxies

E.

Social Engineering attacks

F.

Scan for Vulnerabilities

G.

Draw Network Diagrams

Buy Now
Questions 78

Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist's computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software?

Options:

A.

Steganography

B.

Wrapping

C.

ADS

D.

Hidden Channels

Buy Now
Questions 79

This TCP flag instructs the sending system to transmit all buffered data immediately.

Options:

A.

SYN

B.

RST

C.

PSH

D.

URG

E.

FIN

Buy Now
Questions 80

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

Options:

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

Buy Now
Questions 81

You want to know whether a packet filter is in front of 192.168.1.10. Pings to 192.168.1.10 don't get answered. A basic nmap scan of 192.168.1.10 seems to hang without returning any information. What should you do next?

Options:

A.

Run NULL TCP hping2 against 192.168.1.10

B.

Run nmap XMAS scan against 192.168.1.10

C.

The firewall is blocking all the scans to 192.168.1.10

D.

Use NetScan Tools Pro to conduct the scan

Buy Now
Questions 82

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

Options:

A.

0x60

B.

0x80

C.

0x70

D.

0x90

Buy Now
Questions 83

Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task?

Options:

A.

Charlie can use the commanD. ping -l 56550 172.16.0.45 -t.

B.

Charlie can try using the commanD. ping 56550 172.16.0.45.

C.

By using the command ping 172.16.0.45 Charlie would be able to lockup the router

D.

He could use the commanD. ping -4 56550 172.16.0.45.

Buy Now
Questions 84

You have successfully gained access to a victim's computer using Windows 2003 Server SMB Vulnerability. Which command will you run to disable auditing from the cmd?

Options:

A.

stoplog stoplog ?

B.

EnterPol /nolog

C.

EventViewer o service

D.

auditpol.exe /disable

Buy Now
Questions 85

One of the ways to map a targeted network for live hosts is by sending an ICMP ECHO request to the broadcast or the network address. The request would be broadcasted to all hosts on the targeted network. The live hosts will send an ICMP ECHO Reply to the attacker's source IP address.

You send a ping request to the broadcast address 192.168.5.255.

There are 40 computers up and running on the target network. Only 13 hosts send a reply while others do not. Why?

Options:

A.

Windows machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

B.

Linux machines will not generate an answer (ICMP ECHO Reply) to an ICMP ECHO request aimed at the broadcast address or at the network address.

C.

You should send a ping request with this command ping ? 192.168.5.0-255

D.

You cannot ping a broadcast address. The above scenario is wrong.

Buy Now
Questions 86

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Buy Now
Questions 87

A security administrator notices that the log file of the company`s webserver contains suspicious entries:

Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

Options:

A.

command injection.

B.

SQL injection.

C.

directory traversal.

D.

LDAP injection.

Buy Now
Questions 88

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

Options:

A.

Defeating the scanner from detecting any code change at the kernel

B.

Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

C.

Performing common services for the application process and replacing real applications with fake ones

D.

Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

Buy Now
Questions 89

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Options:

A.

Timing attack

B.

Replay attack

C.

Memory trade-off attack

D.

Chosen plain-text attack

Buy Now
Questions 90

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

Options:

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Buy Now
Questions 91

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

Options:

A.

Multiple keys for non-repudiation of bulk data

B.

Different keys on both ends of the transport medium

C.

Bulk encryption for data transmission over fiber

D.

The same key on each end of the transmission medium

Buy Now
Questions 92

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Buy Now
Questions 93

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for 172.16.40.65

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

515/tcp open

631/tcp open  ipp

9100/tcp open

MAC Address: 00:00:48:0D:EE:89

Options:

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

Buy Now
Questions 94

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Options:

A.

Certificate issuance

B.

Certificate validation

C.

Certificate cryptography

D.

Certificate revocation

Buy Now
Questions 95

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

Options:

A.

Locate type=ns

B.

Request type=ns

C.

Set type=ns

D.

Transfer type=ns

Buy Now
Questions 96

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Options:

A.

Certificate authority

B.

Validation authority

C.

Registration authority

D.

Verification authority

Buy Now
Questions 97

Which of the statements concerning proxy firewalls is correct?

Options:

A.

Proxy firewalls increase the speed and functionality of a network.

B.

Firewall proxy servers decentralize all activity for an application.

C.

Proxy firewalls block network packets from passing to and from a protected network.

D.

Computers establish a connection with a proxy firewall which initiates a new network connection for the client.

Buy Now
Questions 98

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Options:

A.

OWASP is for web applications and OSSTMM does not include web applications.

B.

OSSTMM is gray box testing and OWASP is black box testing.

C.

OWASP addresses controls and OSSTMM does not.

D.

OSSTMM addresses controls and OWASP does not.

Buy Now
Questions 99

Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

Options:

A.

ping 192.168.2.

B.

ping 192.168.2.255

C.

for %V in (1 1 255) do PING 192.168.2.%V

D.

for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

Buy Now
Questions 100

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Buy Now
Questions 101

Which cipher encrypts the plain text digit (bit or byte) one by one?

Options:

A.

Classical cipher

B.

Block cipher

C.

Modern cipher

D.

Stream cipher

Buy Now
Questions 102

Which of the following is a component of a risk assessment?

Options:

A.

Physical security

B.

Administrative safeguards

C.

DMZ

D.

Logical interface

Buy Now
Questions 103

What is War Dialing?

Options:

A.

War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems

B.

War dialing is a vulnerability scanning technique that penetrates Firewalls

C.

It is a social engineering technique that uses Phone calls to trick victims

D.

Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls

Buy Now
Questions 104

Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It also provides devices, which would otherwise be unable to communicate a means to notify administrators of problems or performance.

What default port Syslog daemon listens on?

Options:

A.

242

B.

312

C.

416

D.

514

Buy Now
Questions 105

How does traceroute map the route a packet travels from point A to point B?

Options:

A.

Uses a TCP timestamp packet that will elicit a time exceeded in transit message

B.

Manipulates the value of the time to live (TTL) within packet to elicit a time exceeded in transit message

C.

Uses a protocol that will be rejected by gateways on its way to the destination

D.

Manipulates the flags within packets to force gateways into generating error messages

Buy Now
Questions 106

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges?

Options:

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Buy Now
Questions 107

Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet. He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out vulnerabilities.

What are some of the common vulnerabilities in web applications that he should be concerned about?

Options:

A.

Non-validated parameters, broken access control, broken account and session management, cross-site scripting and buffer overflows are just a few common vulnerabilities

B.

Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities

C.

No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities

D.

No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities

Buy Now
Questions 108

How do you defend against DHCP Starvation attack?

Options:

A.

Enable ARP-Block on the switch

B.

Enable DHCP snooping on the switch

C.

Configure DHCP-BLOCK to 1 on the switch

D.

Install DHCP filters on the switch to block this attack

Buy Now
Questions 109

Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit.

You can visit Web sites without allowing anyone to gather information on sites visited by you. Services that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address.

These services typically use a proxy server to process each HTTP request. When the user requests a Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the information using its own server. The remote server (where the requested Web page resides) receives information on the anonymous Web surfing service in place of your information.

In which situations would you want to use anonymizer? (Select 3 answers)

Options:

A.

Increase your Web browsing bandwidth speed by using Anonymizer

B.

To protect your privacy and Identity on the Internet

C.

To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.

D.

Post negative entries in blogs without revealing your IP identity

Buy Now
Questions 110

BankerFox is a Trojan that is designed to steal users' banking data related to certain banking entities.

When they access any website of the affected banks through the vulnerable Firefox 3.5 browser, the Trojan is activated and logs the information entered by the user. All the information entered in that website will be logged by the Trojan and transmitted to the attacker's machine using covert channel.

BankerFox does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

What is the most efficient way an attacker located in remote location to infect this banking Trojan on a victim's machine?

Options:

A.

Physical access - the attacker can simply copy a Trojan horse to a victim's hard disk infecting the machine via Firefox add-on extensions

B.

Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer

C.

Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer

D.

Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer

E.

Downloading software from a website? An attacker can offer free software, such as shareware programs and pirated mp3 files

Buy Now
Questions 111

Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate. How would you call this type of activity?

Options:

A.

Dumpster Diving

B.

Scanning

C.

CI Gathering

D.

Garbage Scooping

Buy Now
Questions 112

What port number is used by Kerberos protocol?

Options:

A.

88

B.

44

C.

487

D.

419

Buy Now
Questions 113

You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

Options:

A.

display==facebook

B.

traffic.content==facebook

C.

tcp contains facebook

D.

list.display.facebook

Buy Now
Questions 114

Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security.

Maintaining the security of a Web server will usually involve the following steps:

1. Configuring, protecting, and analyzing log files

2. Backing up critical information frequently

3. Maintaining a protected authoritative copy of the organization's Web content

4. Establishing and following procedures for recovering from compromise

5. Testing and applying patches in a timely manner

6. Testing security periodically.

In which step would you engage a forensic investigator?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Buy Now
Questions 115

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?

Options:

A.

Smooth Talking

B.

Swipe Gating

C.

Tailgating

D.

Trailing

Buy Now
Questions 116

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack of respect or promotion. Disgruntled employees may pass company secrets and intellectual property to competitors for monitory benefits.

Here are some of the symptoms of a disgruntled employee:

a. Frequently leaves work early, arrive late or call in sick

b. Spends time surfing the Internet or on the phone

c. Responds in a confrontational, angry, or overly aggressive way to simple requests or comments

d. Always negative; finds fault with everything

These disgruntled employees are the biggest threat to enterprise security. How do you deal with these threats? (Select 2 answers)

Options:

A.

Limit access to the applications they can run on their desktop computers and enforce strict work hour rules

B.

By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees

C.

Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed

D.

Limit Internet access, e-mail communications, access to social networking sites and job hunting portals

Buy Now
Questions 117

One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?

Options:

A.

Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to process

B.

Providers can increase the bandwidth on critical connections to prevent them from going down in the event of an attack

C.

Replicating servers that can provide additional failsafe protection

D.

Load balance each server in a multiple-server architecture

Buy Now
Questions 118

Consider the following code:

URL:http://www.certified.com/search.pl?

text=

If an attacker can trick a victim user to click a link like this, and the Web application does not validate input, then the victim's browser will pop up an alert showing the users current set of cookies. An attacker can do much more damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site.

What is the countermeasure against XSS scripting?

Options:

A.

Create an IP access list and restrict connections based on port number

B.

Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts

C.

Disable Javascript in IE and Firefox browsers

D.

Connect to the server using HTTPS protocol instead of HTTP

Buy Now
Questions 119

Your computer is infected by E-mail tracking and spying Trojan. This Trojan infects the computer with a single file - emos.sys

Which step would you perform to detect this type of Trojan?

Options:

A.

Scan for suspicious startup programs using msconfig

B.

Scan for suspicious network activities using Wireshark

C.

Scan for suspicious device drivers in c:\windows\system32\drivers

D.

Scan for suspicious open ports using netstat

Buy Now
Questions 120

Which of the following is NOT true of cryptography?

Options:

A.

Science of protecting information by encoding it into an unreadable format

B.

Method of storing and transmitting data in a form that only those it is intended for can read and process

C.

Most (if not all) algorithms can be broken by both technical and non-technical means

D.

An effective way of protecting sensitive information in storage but not in transit

Buy Now
Questions 121

What is Cygwin?

Options:

A.

Cygwin is a free C++ compiler that runs on Windows

B.

Cygwin is a free Unix subsystem that runs on top of Windows

C.

Cygwin is a free Windows subsystem that runs on top of Linux

D.

Cygwin is a X Windows GUI subsytem that runs on top of Linux GNOME environment

Buy Now
Questions 122

You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address.

What can be inferred from this output?

Options:

A.

An application proxy firewall

B.

A stateful inspection firewall

C.

A host based IDS

D.

A Honeypot

Buy Now
Questions 123

While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80.

What can you infer from this observation?

Options:

A.

They are using Windows based web servers.

B.

They are using UNIX based web servers.

C.

They are not using an intrusion detection system.

D.

They are not using a stateful inspection firewall.

Buy Now
Questions 124

What type of cookies can be generated while visiting different web sites on the Internet?

Options:

A.

Permanent and long term cookies.

B.

Session and permanent cookies.

C.

Session and external cookies.

D.

Cookies are all the same, there is no such thing as different type of cookies.

Buy Now
Questions 125

Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

Options:

A.

Internet Printing Protocol (IPP) buffer overflow

B.

Code Red Worm

C.

Indexing services ISAPI extension buffer overflow

D.

NeXT buffer overflow

Buy Now
Questions 126

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar agreement with the company you are targeting. The contract was for vulnerability assessment tools and network based IDS systems. While researching on that particular brand of IDS you notice that its default installation allows it to perform sniffing and attack analysis on one NIC and caters to its management and reporting on another NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the defaults were used, how can you detect these sniffing interfaces?

Options:

A.

Use a ping flood against the IP of the sniffing NIC and look for latency in the responses.

B.

Send your attack traffic and look for it to be dropped by the IDS.

C.

Set your IP to that of the IDS and look for it as it attempts to knock your computer off the network.

D.

The sniffing interface cannot be detected.

Buy Now
Questions 127

Which of the following are potential attacks on cryptography? (Select 3)

Options:

A.

One-Time-Pad Attack

B.

Chosen-Ciphertext Attack

C.

Man-in-the-Middle Attack

D.

Known-Ciphertext Attack

E.

Replay Attack

Buy Now
Questions 128

Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well.

Which of the choices below indicate the other features offered by Snort?

Options:

A.

IDS, Packet Logger, Sniffer

B.

IDS, Firewall, Sniffer

C.

IDS, Sniffer, Proxy

D.

IDS, Sniffer, content inspector

Buy Now
Questions 129

The Slammer Worm exploits a stack-based overflow that occurs in a DLL implementing the Resolution Service.

Which of the following Database Server was targeted by the slammer worm?

Options:

A.

Oracle

B.

MSSQL

C.

MySQL

D.

Sybase

E.

DB2

Buy Now
Questions 130

A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department.

What kind of penetration test would you recommend that would best address the client’s concern?

Options:

A.

A Black Box test

B.

A Black Hat test

C.

A Grey Box test

D.

A Grey Hat test

E.

A White Box test

F.

A White Hat test

Buy Now
Questions 131

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

Options:

A.

Mandatory Access Control

B.

Authorized Access Control

C.

Role-based Access Control

D.

Discretionary Access Control

Buy Now
Exam Code: EC0-350
Exam Name: Ethical Hacking and Countermeasures V8
Last Update: Dec 22, 2024
Questions: 878

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99