Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 10 / 14
Total 878 questions

A program that defends against a port scanner will attempt to:

A.

Sends back bogus data to the port scanner

B.

Log a violation and recommend use of security-auditing tools

C.

Limit access by the scanning system to publicly available ports only

D.

Update a firewall rule in real time to prevent the port scan from being completed

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL’s (access control lists) to files or folders and also one that can be used within batch files.

Which of the following tools can be used for that purpose? (Choose the best answer)

A.

PERM.exe

B.

CACLS.exe

C.

CLACS.exe

D.

NTPERM.exe

You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.

What caused this?

A.

The Morris worm

B.

The PIF virus

C.

Trinoo

D.

Nimda

E.

Code Red

F.

Ping of Death

If you come across a sheepdip machaine at your client site, what would you infer?

A.

A sheepdip computer is used only for virus checking.

B.

A sheepdip computer is another name for honeypop.

C.

A sheepdip coordinates several honeypots.

D.

A sheepdip computer defers a denial of service attack.

On wireless networks, SSID is used to identify the network. Why are SSID not considered to be a good security mechanism to protect a wireless networks?

A.

The SSID is only 32 bits in length.

B.

The SSID is transmitted in clear text.

C.

The SSID is the same as the MAC address for all vendors.

D.

The SSID is to identify a station, not a network.

To scan a host downstream from a security gateway, Firewalking:

A.

Sends a UDP-based packet that it knows will be blocked by the firewall to determine how specifically the firewall responds to such packets

B.

Uses the TTL function to send packets with a TTL value set to expire one hop past the identified security gateway

C.

Sends an ICMP ''administratively prohibited'' packet to determine if the gateway will drop the packet without comment.

D.

Assesses the security rules that relate to the target system before it sends packets to any hops on the route to the gateway

When working with Windows systems, what is the RID of the true administrator account?

A.

500

B.

501

C.

1000

D.

1001

E.

1024

F.

512

Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

A.

Internet Printing Protocol (IPP) buffer overflow

B.

Code Red Worm

C.

Indexing services ISAPI extension buffer overflow

D.

NeXT buffer overflow

Eve decides to get her hands dirty and tries out a Denial of Service attack that is relatively new to her. This time she envisages using a different kind of method to attack Brownies Inc. Eve tries to forge the packets and uses the broadcast address. She launches an attack similar to that of fraggle. What is the technique that Eve used in the case above?

A.

Smurf

B.

Bubonic

C.

SYN Flood

D.

Ping of Death

While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80.

What can you infer from this observation?

A.

They are using Windows based web servers.

B.

They are using UNIX based web servers.

C.

They are not using an intrusion detection system.

D.

They are not using a stateful inspection firewall.

This packet was taken from a packet sniffer that monitors a Web server.

This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standard hexdump representation of a network packet, before being decoded. A hexdump has three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP header ending in two line-feeds (0D 0A 0D 0A) and then the data. By examining the packet identify the name and version of the Web server?

A.

Apache 1.2

B.

IIS 4.0

C.

IIS 5.0

D.

Linux WServer 2.3

Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

Choose the attack type from the choices given below.

A.

Database Fingerprinting

B.

Database Enumeration

C.

SQL Fingerprinting

D.

SQL Enumeration

What is Hunt used for?

A.

Hunt is used to footprint networks

B.

Hunt is used to sniff traffic

C.

Hunt is used to hack web servers

D.

Hunt is used to intercept traffic i.e. man-in-the-middle traffic

E.

Hunt is used for password cracking

Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?

A.

An integer variable

B.

A 'hidden' price value

C.

A 'hidden' form field value

D.

A page cannot be changed locally; it can only be served by a web server

A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?

A.

An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database

B.

An attacker submits user input that executes an operating system command to compromise a target system

C.

An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access

D.

An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database

Which of the following statements best describes the term Vulnerability?

A.

A weakness or error that can lead to a compromise

B.

An agent that has the potential to take advantage of a weakness

C.

An action or event that might prejudice security

D.

The loss potential of a threat.

What is a primary advantage a hacker gains by using encryption or programs such as Loki?

A.

It allows an easy way to gain administrator rights

B.

It is effective against Windows computers

C.

It slows down the effective response of an IDS

D.

IDS systems are unable to decrypt it

E.

Traffic will not be modified in transit

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.

How can you achieve this?

A.

Block ICMP at the firewall.

B.

Block UDP at the firewall.

C.

Both A and B.

D.

There is no way to completely block doing a trace route into this area.

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance 

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the followinG.

Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.

Which of the following actions should the security administrator take?

A.

Log the event as suspicious activity and report this behavior to the incident response team immediately.

B.

Log the event as suspicious activity, call a manager, and report this as soon as possible.

C.

Run an anti-virus scan because it is likely the system is infected by malware.

D.

Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.