Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 6 / 14
Total 878 questions

A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is unable to capture any logons though he knows that other users are logging in.

What do you think is the most likely reason behind this?

A.

There is a NIDS present on that segment.

B.

Kerberos is preventing it.

C.

Windows logons cannot be sniffed.

D.

L0phtcrack only sniffs logons to web servers.

What file system vulnerability does the following command take advantage of?

type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe

A.

HFS

B.

ADS

C.

NTFS

D.

Backdoor access

Exhibit:

The following is an entry captured by a network IDS.You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack?

A.

The buffer overflow attack has been neutralized by the IDS

B.

The attacker is creating a directory on the compromised machine

C.

The attacker is attempting a buffer overflow attack and has succeeded

D.

The attacker is attempting an exploit that launches a command-line shell

This kind of password cracking method uses word lists in combination with numbers and special characters:

A.

Hybrid

B.

Linear

C.

Symmetric

D.

Brute Force

Exhibit:

ettercap –NCLzs --quiet

What does the command in the exhibit do in “Ettercap”?

A.

This command will provide you the entire list of hosts in the LAN

B.

This command will check if someone is poisoning you and will report its IP.

C.

This command will detach from console and log all the collected passwords from the network to a file.

D.

This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

What is GINA?

A.

Gateway Interface Network Application

B.

GUI Installed Network Application CLASS

C.

Global Internet National Authority (G-USA)

D.

Graphical Identification and Authentication DLL

Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?

A.

Spoof Attack

B.

Smurf Attack

C.

Man inthe Middle Attack

D.

Trojan Horse Attack

E.

Back Orifice Attack

Sniffing is considered an active attack.

A.

True

B.

False

One of your junior administrator is concerned with Windows LM hashes and password cracking. In your discussion with them, which of the following are true statements that you would point out?

Select the best answers.

A.

John the Ripper can be used to crack a variety of passwords, but one limitation is that the output doesn't show if the password is upper or lower case.

B.

BY using NTLMV1, you have implemented an effective countermeasure to password cracking.

C.

SYSKEY is an effective countermeasure.

D.

If a Windows LM password is 7 characters or less, the hash will be passed with the following characters, in HEX- 00112233445566778899.

E.

Enforcing Windows complex passwords is an effective countermeasure.

LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP?

A.

Stop the LM service in Windows XP

B.

Disable LSASS service in Windows XP

C.

Disable LM authentication in the registry

D.

Download and install LMSHUT.EXE tool from Microsoft website

Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?

A.

Covert keylogger

B.

Stealth keylogger

C.

Software keylogger

D.

Hardware keylogger

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

A.

Configure the Web Server to deny requests involving "hex encoded" characters

B.

Create rules in IDS to alert on strange Unicode requests

C.

Use SSL authentication on Web Servers

D.

Enable Active Scripts Detection at the firewall and routers

In which step Steganography fits in CEH System Hacking Cycle (SHC)

A.

Step 2: Crack the password

B.

Step 1: Enumerate users

C.

Step 3: Escalate privileges

D.

Step 4: Execute applications

E.

Step 5: Hide files

F.

Step 6: Cover your tracks

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called "file.txt" but when he opens it, he finds the following:

What can he infer from this file?

A.

A picture that has been renamed with a .txt extension

B.

An encrypted file

C.

An encoded file

D.

A buffer overflow

User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

A.

18 U.S.C 1029 Possession of Access Devices

B.

18 U.S.C 1030 Fraud and related activity in connection with computers

C.

18 U.S.C 1343 Fraud by wire, radio or television

D.

18 U.S.C 1361 Injury to Government Property

E.

18 U.S.C 1362 Government communication systems

F.

18 U.S.C 1831 Economic Espionage Act

G.

18 U.S.C 1832 Trade Secrets Act

What port scanning method is the most reliable but also the most detectable?

A.

Null Scanning

B.

Connect Scanning

C.

ICMP Scanning

D.

Idlescan Scanning

E.

Half Scanning

F.

Verbose Scanning

Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position. Harold is currently trying to run a Sniffer on the agency's network to get an idea of what kind of traffic is being passed around, but the program he is using does not seem to be capturing anything. He pours through the Sniffer's manual, but cannot find anything that directly relates to his problem. Harold decides to ask the network administrator if he has any thoughts on the problem. Harold is told that the Sniffer was not working because the agency's network is a switched network, which cannot be sniffed by some programs without some tweaking. What technique could Harold use to sniff his agency's switched network?

A.

ARP spoof the default gateway

B.

Conduct MiTM against the switch

C.

Launch smurf attack against the switch

D.

Flood the switch with ICMP packets

To what does “message repudiation” refer to what concept in the realm of email security?

A.

Message repudiation means a user can validate which mail server or servers a message was passed through.

B.

Message repudiation means a user can claim damages for a mail message that damaged their reputation.

C.

Message repudiation means a recipient can be sure that a message was sent from a particular person.

D.

Message repudiation means a recipient can be sure that a message was sent from a certain host.

E.

Message repudiation means a sender can claim they did not actually send a particular message.

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges.

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

What is the proper response for a FIN scan if the port is closed?

A.

SYN

B.

ACK

C.

FIN

D.

PSH

E.

RST