Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 8 / 14
Total 878 questions

A hacker was able to sniff packets on a company's wireless network. The following information was discovereD.

The Key 10110010 01001011

The Cyphertext 01100101 01011010

Using the Exlcusive OR, what was the original message?

A.

00101000 11101110

B.

11010111 00010001

C.

00001101 10100100

D.

11110010 01011011

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers.  What should the security team do to determine which alerts to check first?

A.

Investigate based on the maintenance schedule of the affected systems.

B.

Investigate based on the service level agreements of the systems.

C.

Investigate based on the potential effect of the incident.

D.

Investigate based on the order that the alerts arrived in.

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP

What type of activity has been logged?

A.

Port scan targeting 192.168.1.103

B.

Teardrop attack targeting 192.168.1.106

C.

Denial of service attack targeting 192.168.1.103

D.

Port scan targeting 192.168.1.106

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Which type of scan is used on the eye to measure the layer of blood vessels?

A.

Facial recognition scan

B.

Retinal scan

C.

Iris scan

D.

Signature kinetics scan

Which of the following is an example of IP spoofing?

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

A.

Defeating the scanner from detecting any code change at the kernel

B.

Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

C.

Performing common services for the application process and replacing real applications with fake ones

D.

Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

A.

A bottom-up approach

B.

A top-down approach

C.

A senior creation approach

D.

An IT assurance approach

Which of the following items is unique to the N-tier architecture method of designing software applications?

A.

Application layers can be separated, allowing each layer to be upgraded independently from other layers.

B.

It is compatible with various databases including Access, Oracle, and SQL.

C.

Data security is tied into each layer and must be updated for all layers when any upgrade is performed.

D.

Application layers can be written in C, ASP.NET, or Delphi without any performance loss.

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

A.

By using SQL injection

B.

By changing hidden form values

C.

By using cross site scripting

D.

By utilizing a buffer overflow attack

Which of the following is an example of two factor authentication?

A.

PIN Number and Birth Date

B.

Username and Password

C.

Digital Certificate and Hardware Token

D.

Fingerprint and Smartcard ID

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash.  The technician researches the bug and discovers that no one else experienced the problem.  What is the appropriate next step?

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Smart cards use which protocol to transfer the certificate in a secure manner?

A.

Extensible Authentication Protocol (EAP)

B.

Point to Point Protocol (PPP)

C.

Point to Point Tunneling Protocol (PPTP)

D.

Layer 2 Tunneling Protocol (L2TP)

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

What is the outcome of the comm”nc -l -p 2222 | nc 10.1.0.43 1234"?

A.

Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222.

B.

Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.

C.

Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222.

D.

Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. Access to offices and to a network node is granted.  Results from server scanning indicate all are adequately patched and physical access is denied, thus, administrators have access only through Remote Desktop. Which technique could be used to obtain login credentials?

A.

Capture every users' traffic with Ettercap.

B.

Capture LANMAN Hashes and crack them with LC6.

C.

Guess passwords using Medusa or Hydra against a network service.

D.

Capture administrators RDP traffic and decode it with Cain and Abel.

Bluetooth uses which digital modulation technique to exchange information between paired devices?

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server. What should the administrator do next?

A.

Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B.

Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C.

Configure the firewall to allow traffic on TCP port 53.

D.

Configure the firewall to allow traffic on TCP port 8080.

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture.  During the security testing, the consultant comes across child pornography on the V.P.'s computer.  What is the consultant's obligation to the financial organization?

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.