Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 7 / 14
Total 878 questions

Which of the following is considered an acceptable option when managing a risk?

A.

Reject the risk.

B.

Deny the risk.

C.

Mitigate the risk.

D.

Initiate the risk.

What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)

A.

The router will discard the packet

B.

The router will decrement the TTL value and forward the packet to the next router on the path to the destination host

C.

The router will send a time exceeded message to the source host

D.

The router will increment the TTL value and forward the packet to the next router on the path to the destination host.

E.

The router will send an ICMP Redirect Message to the source host

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

A.

UDP is filtered by a gateway

B.

The packet TTL value is too low and cannot reach the target

C.

The host might be down

D.

The destination network might be down

E.

The TCP windows size does not match

F.

ICMP is filtered by a gateway

What does a type 3 code 13 represent?(Choose two.

A.

Echo request

B.

Destination unreachable

C.

Network unreachable

D.

Administratively prohibited

E.

Port unreachable

F.

Time exceeded

When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device?

A.

ICMP ECHO_REQUEST & TCP SYN

B.

ICMP ECHO_REQUEST & TCP ACK

C.

ICMP ECHO_REPLY & TFP RST

D.

ICMP ECHO_REPLY & TCP FIN

Destination unreachable administratively prohibited messages can inform the hacker to what?

A.

That a circuit level proxy has been installed and is filtering traffic

B.

That his/her scans are being blocked by a honeypot or jail

C.

That the packets are being malformed by the scanning software

D.

That a router or other packet-filtering device is blocking traffic

E.

That the network is functioning normally

You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.

What should be the next logical step that should be performed?

A.

Connect to open ports to discover applications.

B.

Perform a ping sweep to identify any additional systems that might be up.

C.

Perform a SYN scan on port 21 to identify any additional systems that might be up.

D.

Rescan every computer to verify the results.

John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?

A.

nmap

B.

hping

C.

nessus

D.

make

Name two software tools used for OS guessing? (Choose two.

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

A.

The ethical hacker does not use the same techniques or skills as a cracker.

B.

The ethical hacker does it strictly for financial motives unlike a cracker.

C.

The ethical hacker has authorization from the owner of the target.

D.

The ethical hacker is just a cracker who is getting paid.

While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS?

A.

Scan more slowly.

B.

Do not scan the broadcast IP.

C.

Spoof the source IP address.

D.

Only scan the Windows systems.

Because UDP is a connectionless protocol: (Select 2)

A.

UDP recvfrom() and write() scanning will yield reliable results

B.

It can only be used for Connect scans

C.

It can only be used for SYN scans

D.

There is no guarantee that the UDP packets will arrive at their destination

E.

ICMP port unreachable messages may not be returned successfully

The use of technologies like IPSec can help guarantee the followinG. authenticity, integrity, confidentiality and

A.

non-repudiation.

B.

operability.

C.

security.

D.

usability.

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

A.

Multiple keys for non-repudiation of bulk data

B.

Different keys on both ends of the transport medium

C.

Bulk encryption for data transmission over fiber

D.

The same key on each end of the transmission medium

A bank stores and processes sensitive privacy information related to home loans.  However, auditing has never been enabled on the system.  What is the first step that the bank should take before enabling the audit feature?

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

A security policy will be more accepted by employees if it is consistent and has the support of

A.

coworkers.

B.

executive management.

C.

the security officer.

D.

a supervisor.

Windows file servers commonly hold sensitive files, databases, passwords and more.  Which of the following choices would be a common vulnerability that usually exposes them?

A.

Cross-site scripting

B.

SQL injection

C.

Missing patches

D.

CRLF injection

Which initial procedure should an ethical hacker perform after being brought into an organization?   

A.

Begin security testing.

B.

Turn over deliverables.   

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.