Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 3 / 14
Total 878 questions

LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:

A.

0xAAD3B435B51404EE

B.

0xAAD3B435B51404AA

C.

0xAAD3B435B51404BB

D.

0xAAD3B435B51404CC

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?

A.

Switch then acts as hub by broadcasting packets to all machines on the network

B.

The CAM overflow table will cause the switch to crash causing Denial of Service

C.

The switch replaces outgoing frame switch factory default MAC address of FF:FF:FF:FF:FF:FF

D.

Every packet is dropped and the switch sends out SNMP alerts to the IDS port

You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not there. Is there any way you can retrieve information from a website that is outdated?

A.

Visit Google's search engine and view the cached copy

B.

Crawl the entire website and store them into your computer

C.

Visit Archive.org web site to retrieve the Internet archive of the company's website

D.

Visit the company's partners and customers website for this information

What techniques would you use to evade IDS during a Port Scan? (Select 4 answers)

A.

Use fragmented IP packets

B.

Spoof your IP address when launching attacks and sniff responses from the server

C.

Overload the IDS with Junk traffic to mask your scan

D.

Use source routing (if possible)

E.

Connect to proxy servers or compromised Trojaned machines to launch attacks

One of the most common and the best way of cracking RSA encryption is to begin to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _____________ process, then the private key can be derived.

A.

Factorization

B.

Prime Detection

C.

Hashing

D.

Brute-forcing

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?

A.

Smooth Talking

B.

Swipe Gating

C.

Tailgating

D.

Trailing

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

A.

Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card

B.

Educate and enforce physical security policies of the company to all the employees on a regular basis

C.

Setup a mock video camera next to the special card reader adjacent to the secure door

D.

Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door

This tool is widely used for ARP Poisoning attack. Name the tool.

A.

Cain and Able

B.

Beat Infector

C.

Poison Ivy

D.

Webarp Infector

Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea with her friends. These friends frequently go out to sea to follow and harass fishing fleets that illegally fish in foreign waters. Ursula eventually wants to put companies practicing illegal fishing out of business. Ursula decides to hack into the parent company's computers and destroy critical data knowing fully well that, if caught, she probably would be sent to jail for a very long time. What would Ursula be considered?

A.

Ursula would be considered a gray hat since she is performing an act against illegal activities.

B.

She would be considered a suicide hacker.

C.

She would be called a cracker.

D.

Ursula would be considered a black hat.

What is War Dialing?

A.

War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems

B.

War dialing is a vulnerability scanning technique that penetrates Firewalls

C.

It is a social engineering technique that uses Phone calls to trick victims

D.

Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls

What type of Virus is shown here?

A.

Cavity Virus

B.

Macro Virus

C.

Boot Sector Virus

D.

Metamorphic Virus

E.

Sparse Infector Virus

What does FIN in TCP flag define?

A.

Used to abort a TCP connection abruptly

B.

Used to close a TCP connection

C.

Used to acknowledge receipt of a previous packet or transmission

D.

Used to indicate the beginning of a TCP connection

Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine.

How would you detect IP spoofing?

A.

Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet

B.

Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet

C.

Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed

D.

Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet

What is the problem with this ASP script (login.asp)?

A.

The ASP script is vulnerable to Cross Site Scripting attack

B.

The ASP script is vulnerable to Session Splice attack

C.

The ASP script is vulnerable to XSS attack

D.

The ASP script is vulnerable to SQL Injection attack

Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect of Web server security.

Maintaining the security of a Web server will usually involve the following steps:

1. Configuring, protecting, and analyzing log files

2. Backing up critical information frequently

3. Maintaining a protected authoritative copy of the organization's Web content

4. Establishing and following procedures for recovering from compromise

5. Testing and applying patches in a timely manner

6. Testing security periodically.

In which step would you engage a forensic investigator?

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

This attack technique is used when a Web application is vulnerable to an SQL Injection but the results of the Injection are not visible to the attacker.

A.

Unique SQL Injection

B.

Blind SQL Injection

C.

Generic SQL Injection

D.

Double SQL Injection

SNMP is a connectionless protocol that uses UDP instead of TCP packets (True or False)

A.

true

B.

false

You want to hide a secret.txt document inside c:\windows\system32\tcpip.dll kernel library using ADS streams. How will you accomplish this?

A.

copy secret.txt c:\windows\system32\tcpip.dll kernel>secret.txt

B.

copy secret.txt c:\windows\system32\tcpip.dll:secret.txt

C.

copy secret.txt c:\windows\system32\tcpip.dll |secret.txt

D.

copy secret.txt >< c:\windows\system32\tcpip.dll kernel secret.txt

Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company came out with an exact duplicate product right before Kiley Innovators was about to release it. The executive team believes that an employee is leaking information to the rival company. Lori questions all employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given permission to search through the corporate email system. She searches by email being sent to and sent from the rival marketing company.

She finds one employee that appears to be sending very large email to this other marketing company, even though they should have no reason to be communicating with them. Lori tracks down the actual emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly harmless, usually containing some kind of joke. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture.

What technique was used by the Kiley Innovators employee to send information to the rival marketing company?

A.

The Kiley Innovators employee used cryptography to hide the information in the emails sent

B.

The method used by the employee to hide the information was logical watermarking

C.

The employee used steganography to hide information in the picture attachments

D.

By using the pictures to hide information, the employee utilized picture fuzzing

What type of Trojan is this?

A.

RAT Trojan

B.

E-Mail Trojan

C.

Defacement Trojan

D.

Destructing Trojan

E.

Denial of Service Trojan