Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 9 / 14
Total 878 questions

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for 172.16.40.65

Host is up (1.00s latency).

Not shown: 993 closed ports

PORT STATE SERVICE

21/tcp open ftp

23/tcp open telnet

80/tcp open http

139/tcp open netbios-ssn

515/tcp open

631/tcp open  ipp

9100/tcp open

MAC Address: 00:00:48:0D:EE:89

A.

The host is likely a Windows machine.

B.

The host is likely a Linux machine.

C.

The host is likely a router.

D.

The host is likely a printer.

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

A.

Timing attack

B.

Replay attack

C.

Memory trade-off attack

D.

Chosen plain-text attack

There is a WEP encrypted wireless access point (AP) with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. What information is needed when performing fake authentication to an AP? (Choose two.)

A.

The IP address of the AP

B.

The MAC address of the AP

C.

The SSID of the wireless network

D.

A failed authentication packet

What is a successful method for protecting a router from potential smurf attacks?

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

How can rainbow tables be defeated?

A.

Password salting

B.

Use of non-dictionary words

C.

All uppercase character passwords

D.

Lockout accounts under brute force password cracking attempts

Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this?

A.

The services are protected by TCP wrappers

B.

There is a honeypot running on the scanned machine

C.

An attacker has replaced the services with trojaned ones

D.

This indicates that the telnet and SMTP server have crashed

Exhibit:

You are conducting pen-test against a company’s website using SQL Injection techniques. You enter “anuthing or 1=1-“ in the username filed of an authentication form. This is the output returned from the server.

What is the next step you should do?

A.

Identify the user context of the web application by running_

http://www.example.com/order/include_rsa_asp?pressReleaseID=5

AND

USER_NAME() = ‘dbo’

B.

Identify the database and table name by running:

http://www.example.com/order/include_rsa.asp?pressReleaseID=5

AND

ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE

xtype=’U’), 1))) > 109

C.

Format the C: drive and delete the database by running:

http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND

xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; --

D.

Reboot the web server by running:

http://www.example.com/order/include_rsa.asp?pressReleaseID=5

AND xp_cmdshell ‘iisreset –reboot’; --

What is the key advantage of Session Hijacking?

A.

It can be easily done and does not require sophisticated skills.

B.

You can take advantage of an authenticated connection.

C.

You can successfully predict the sequence number generation.

D.

You cannot be traced in case the hijack is detected.

Sandra is conducting a penetration test for XYZ.com. She knows that XYZ.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.

What do you think is the reason behind this?

A.

Netstumbler does not work against 802.11g.

B.

You can only pick up 802.11g signals with 802.11a wireless cards.

C.

The access points probably have WEP enabled so they cannot be detected.

D.

The access points probably have disabled broadcasting of the SSID so they cannot be detected.

E.

802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.

F.

Sandra must be doing something wrong, as there is no reason for her to not see the signals.

What is the tool Firewalk used for?

A.

To test the IDS for proper operation

B.

To test a firewall for proper operation

C.

To determine what rules are in place for a firewall

D.

To test the webserver configuration

E.

Firewalk is a firewall auto configuration tool

Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

A.

There is no mutual authentication between wireless clients and access points

B.

Automated tools like AirSnort are available to discover WEP keys

C.

The standard does not provide for centralized key management

D.

The 24 bit Initialization Vector (IV) field is too small

You are doing IP spoofing while you scan your target. You find that the target has port 23 open. Anyway you are unable to connect. Why?

A.

A firewall is blocking port 23

B.

You cannot spoof + TCP

C.

You need an automated telnet tool

D.

The OS does not reply to telnet even if port 23 is open

Once an intruder has gained access to a remote system with a valid username and password, the attacker will attempt to increase his privileges by escalating the used account to one that has increased privileges. such as that of an administrator. What would be the best countermeasure to protect against escalation of priveges?

A.

Give users tokens

B.

Give user the least amount of privileges

C.

Give users two passwords

D.

Give users a strong policy document

Which is the right sequence of packets sent during the initial TCP three way handshake?

A.

FIN, FIN-ACK, ACK

B.

SYN, URG, ACK

C.

SYN, ACK, SYN-ACK

D.

SYN, SYN-ACK, ACK

All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?

A.

They are all Windows based webserver

B.

They are all Unix based webserver

C.

The company is not using IDS

D.

The company is not using a stateful firewall

You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address.

What can be inferred from this output?

A.

An application proxy firewall

B.

A stateful inspection firewall

C.

A host based IDS

D.

A Honeypot

Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs. What is this attack most appropriately called?

A.

Spoof attack

B.

Replay attack

C.

Injection attack

D.

Rebound attack

Peter is a Linux network admin. As a knowledgeable security consultant, he turns to you to look for help on a firewall. He wants to use Linux as his firewall and use the latest freely available version that is offered. What do you recommend?

Select the best answer.

A.

Ipchains

B.

Iptables

C.

Checkpoint FW for Linux

D.

Ipfwadm

Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?

A.

Basic authentication is broken

B.

The password is never sent in clear text over the network

C.

The password sent in clear text over the network is never reused.

D.

It is based on Kerberos authentication protocol

When referring to the Domain Name Service, what is denoted by a ‘zone’?

A.

It is the first domain that belongs to a company.

B.

It is a collection of resource records.

C.

It is the first resource record type in the SOA.

D.

It is a collection of domains.