Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Premium Access     Download Demo    
Page: 1 / 14
Total 878 questions

Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer with bots? (Select 4 answers)

A.

Attackers physically visit every victim's computer to infect them with malicious software

B.

Home computers that have security vulnerabilities are prime targets for botnets

C.

Spammers scan the Internet looking for computers that are unprotected and use these "open-doors" to install malicious software

D.

Attackers use phishing or spam emails that contain links or attachments

E.

Attackers use websites to host the bots utilizing Web Browser vulnerabilities

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

A.

RC4

B.

RC5

C.

MD4

D.

MD5

MX record priority increases as the number increases. (True/False.

A.

True

B.

False

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

A.

NDCA

B.

NICP

C.

CIRP

D.

NPC

E.

CIA

What is "Hacktivism"?

A.

Hacking for a cause

B.

Hacking ruthlessly

C.

An association which groups activists

D.

None of the above

What are two types of ICMP code used when using the ping command?

A.

It uses types 0 and 8.

B.

It uses types 13 and 14.

C.

It uses types 15 and 17.

D.

The ping command does not use ICMP but uses UDP.

Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm?

Select the best answer.

A.

There are two external DNS Servers for Internet domains. Both are AD integrated.

B.

All external DNS is done by an ISP.

C.

Internal AD Integrated DNS servers are using private DNS names that are

D.

unregistered.

E.

Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.

A.

true

B.

false

A XYZ security System Administrator is reviewing the network system log files.

He notes the following:

    Network log files are at 5 MB at 12:00 noon.

    At 14:00 hours, the log files at 3 MB.

What should he assume has happened and what should he do about the situation?

A.

He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

B.

He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

C.

He should log the file size, and archive the information, because the router crashed.

D.

He should run a file system check, because the Syslog server has a self correcting file system problem.

E.

He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Which of the following Nmap commands would be used to perform a stack fingerprinting?

A.

Nmap -O -p80

B.

Nmap -hU -Q

C.

Nmap -sT -p

D.

Nmap -u -o -w2

E.

Nmap -sS -0p target

One of your team members has asked you to analyze the following SOA record. What is the TTL?

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

3600 604800 2400.

A.

200303028

B.

3600

C.

604800

D.

2400

E.

60

F.

4800

Which of the following command line switch would you use for OS detection in Nmap?

A.

-D

B.

-O

C.

-P

D.

-X

What ICMP message types are used by the ping command?

A.

Timestamp request (13) and timestamp reply (14)

B.

Echo request (8) and Echo reply (0)

C.

Echo request (0) and Echo reply (1)

D.

Ping request (1) and Ping reply (2)

Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

A.

The first column reports the sequence number

B.

The second column reports the difference between the current and last sequence number

C.

The second column reports the next sequence number

D.

The first column reports the difference between current and last sequence number

This is an example of whois record.

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

A.

Search engines like Google, Bing will expose information listed on the WHOIS record

B.

An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record

C.

Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

D.

IRS Agents will use this information to track individuals using the WHOIS record information

What framework architecture is shown in this exhibit?

A.

Core Impact

B.

Metasploit

C.

Immunity Canvas

D.

Nessus

Which port, when configured on a switch receives a copy of every packet that passes through it?

A.

R-DUPE Port

B.

MIRROR port

C.

SPAN port

D.

PORTMON

Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

He receives the following SMS message during the weekend.

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason's network with the hping command.

Which of the following hping2 command is responsible for the above snort alert?

A.

chenrocks:/home/siew # hping -S -R -P -A -F -U 192.168.2.56 -p 22 -c 5 -t 118

B.

chenrocks:/home/siew # hping -F -Q -J -A -C -W 192.168.2.56 -p 22 -c 5 -t 118

C.

chenrocks:/home/siew # hping -D -V -R -S -Z -Y 192.168.2.56 -p 22 -c 5 -t 118

D.

chenrocks:/home/siew # hping -G -T -H -S -L -W 192.168.2.56 -p 22 -c 5 -t 118

Study the snort rule given below and interpret the rule.

alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

A.

An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet and destined to any IP on port 111

B.

An alert is generated when any packet other than a TCP packet is seen on the network and destined for the 192.168.1.0 subnet

C.

An alert is generated when a TCP packet is originated from port 111 of any IP address to the 192.168.1.0 subnet

D.

An alert is generated when a TCP packet originating from any IP address is seen on the network and destined for any IP address on the 192.168.1.0 subnet on port 111

What is the IV key size used in WPA2?

A.

32

B.

24

C.

16

D.

48

E.

128