Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the ECCouncil Certified Ethical Hacker EC0-350 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam EC0-350 Premium Access

View all detail and faqs for the EC0-350 exam

Go to Exam

647 Students Passed

91% Average Score

97% Same Questions
Viewing page 13 out of 14 pages
Viewing questions 241-260 out of questions
Questions # 241:

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

Options:

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance 

Questions # 242:

A botnet can be managed through which of the following?

Options:

A.

IRC

B.

E-Mail

C.

Linkedin and Facebook

D.

A vulnerable FTP server

Questions # 243:

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Options:

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

Questions # 244:

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court.  What is the ethical response?

Options:

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Questions # 245:

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Options:

A.

The web application does not have the secure flag set.

B.

The session cookies do not have the HttpOnly flag set.

C.

The victim user should not have an endpoint security solution.

D.

The victim's browser must have ActiveX technology enabled.

Questions # 246:

Which of the following descriptions is true about a static NAT?

Options:

A.

A static NAT uses a many-to-many mapping.

B.

A static NAT uses a one-to-many mapping.

C.

A static NAT uses a many-to-one mapping.

D.

A static NAT uses a one-to-one mapping.

Questions # 247:

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Options:

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

Questions # 248:

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Questions # 249:

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions.

On further research, the tester come across a perl script that runs the following msadc functions:system("perl msadc.pl -h $host -C \"echo open $your >testfile\""); 

Question # 249

Which exploit is indicated by this script?

Options:

A.

A buffer overflow exploit

B.

A chained exploit

C.

A SQL injection exploit

D.

A denial of service exploit

Questions # 250:

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Options:

A.

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

B.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

C.

Network firewalls can prevent attacks if they are properly configured.

D.

Network firewalls cannot prevent attacks because they are too complex to configure.

Questions # 251:

What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

Options:

A.

They do not use host system resources.

B.

They are placed at the boundary, allowing them to inspect all traffic.

C.

They are easier to install and configure.

D.

They will not interfere with user interfaces.

Questions # 252:

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Options:

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

Questions # 253:

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Cavity virus

B.

Polymorphic virus

C.

Tunneling virus

D.

Stealth virus

Questions # 254:

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

Options:

A.

Input validation flaw

B.

HTTP header injection vulnerability

C.

0-day vulnerability

D.

Time-to-check to time-to-use flaw

Questions # 255:

Which of the following is a symmetric cryptographic standard? 

Options:

A.

DSA

B.

PKI

C.

RSA

D.

3DES

Questions # 256:

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Questions # 257:

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company’s internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?

Options:

A.

SSL

B.

Mutual authentication

C.

IPSec

D.

Static IP addresses

Questions # 258:

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 – no response  TCP port 22 – no response TCP port 23 – Time-to-live exceeded

Options:

A.

The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host.

B.

The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.

C.

The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

D.

The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

Questions # 259:

Which property ensures that a hash function will not produce the same hashed value for two different messages?

Options:

A.

Collision resistance

B.

Bit length

C.

Key strength

D.

Entropy

Questions # 260:

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Viewing page 13 out of 14 pages
Viewing questions 241-260 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA