Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

Page: 5 / 14
Total 878 questions

When discussing passwords, what is considered a brute force attack?

A.

You attempt every single possibility until you exhaust all possible combinations or discover the password

B.

You threaten to use the rubber hose on someone unless they reveal their password

C.

You load a dictionary of words into your cracking program

D.

You create hashes of a large number of words and compare it with the encrypted passwords

E.

You wait until the password expires

Which of the following statements about a zone transfer correct?(Choose three.

A.

A zone transfer is accomplished with the DNS

B.

A zone transfer is accomplished with the nslookup service

C.

A zone transfer passes all zone information that a DNS server maintains

D.

A zone transfer passes all zone information that a nslookup server maintains

E.

A zone transfer can be prevented by blocking all inbound TCP port 53 connections

F.

Zone transfers cannot occur on the Internet

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

A.

Port 1890 (Net-Devil Trojan)

B.

Port 1786 (Net-Devil Trojan)

C.

Port 1909 (Net-Devil Trojan)

D.

Port 6667 (Net-Devil Trojan)

What hacking attack is challenge/response authentication used to prevent?

A.

Replay attacks

B.

Scanning attacks

C.

Session hijacking attacks

D.

Password cracking attacks

What is the goal of a Denial of Service Attack?

A.

Capture files from a remote computer.

B.

Render a network or computer incapable of providing normal service.

C.

Exploit a weakness in the TCP stack.

D.

Execute service at PS 1009.

What is a Trojan Horse?

A.

A malicious program that captures your username and password

B.

Malicious code masquerading as or replacing legitimate code

C.

An unauthorized user who gains access to your user database and adds themselves as a user

D.

A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity

Which of the following LM hashes represent a password of less than 8 characters? (Select 2)

A.

BA810DBA98995F1817306D272A9441BB

B.

44EFCE164AB921CQAAD3B435B51404EE

C.

0182BD0BD4444BF836077A718CCDF409

D.

CEC52EB9C8E3455DC2265B23734E0DAC

E.

B757BF5C0D87772FAAD3B435B51404EE

F.

E52CAC67419A9A224A3B108F3FA6CB6D

Bob is doing a password assessment for one of his clients. Bob suspects that security policies are not in place. He also suspects that weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weaknesses and key loggers.

Which of the following options best represents the means that Bob can adopt to retrieve passwords from his clients hosts and servers?

A.

Hardware, Software, and Sniffing.

B.

Hardware and Software Keyloggers.

C.

Passwords are always best obtained using Hardware key loggers.

D.

Software only, they are the most effective.

E-mail scams and mail fraud are regulated by which of the following?

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Study the snort rule given below:

From the options below, choose the exploit against which this rule applies.

A.

WebDav

B.

SQL Slammer

C.

MS Blaster

D.

MyDoom

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

A.

Snort

B.

argus

C.

TCPflow

D.

Tcpdump

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.

What encryption algorithm will you be decrypting?

A.

MD4

B.

DES

C.

SHA

D.

SSL

A zone file consists of which of the following Resource Records (RRs)?

A.

DNS, NS, AXFR, and MX records

B.

DNS, NS, PTR, and MX records

C.

SOA, NS, AXFR, and MX records

D.

SOA, NS, A, and MX records

_____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.

A.

Canonicalization

B.

Character Mapping

C.

Character Encoding

D.

UCS transformation formats

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.

What is the next step you would do?

A.

Re-install the operating system.

B.

Re-run anti-virus software.

C.

Install and run Trojan removal software.

D.

Run utility fport and look for the application executable that listens on port 6666.

Exhibit:

Study the following log extract and identify the attack.

A.

Hexcode Attack

B.

Cross Site Scripting

C.

Multiple Domain Traversal Attack

D.

Unicode Directory Traversal Attack

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

A.

Block port 25 at the firewall.

B.

Shut off the SMTP service on the server.

C.

Force all connections to use a username and password.

D.

Switch from Windows Exchange to UNIX Sendmail.

E.

None of the above.

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A.

There is no way to tell because a hash cannot be reversed

B.

The right most portion of the hash is always the same

C.

The hash always starts with AB923D

D.

The left most portion of the hash is always the same

E.

A portion of the hash will be all 0's

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to accomplish? Select the best answer.

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate