Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the ECCouncil Certified Ethical Hacker EC0-350 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam EC0-350 Premium Access

View all detail and faqs for the EC0-350 exam

Go to Exam

647 Students Passed

91% Average Score

97% Same Questions

Viewing page 4 out of 14 pages

Viewing questions 61-80 out of questions

Questions # 61:

To see how some of the hosts on your network react, Winston sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established he sends RST packets to those hosts to stop the session. Winston has done this to see how his intrusion detection system will log the traffic. What type of scan is Winston attempting here?

Options:

Winston is attempting to find live hosts on your company's network by using an XMAS scan.

He is utilizing a SYN scan to find live hosts that are listening on your network.

This type of scan he is using is called a NULL scan.

He is using a half-open scan to find live hosts on your network.

Questions # 62:

What is the main reason the use of a stored biometric is vulnerable to an attack?

Options:

The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

A stored biometric is no longer "something you are" and instead becomes "something you have".

A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Questions # 63:

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert

Options:

The payload of 485 is what this Snort signature will look for.

Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

Questions # 64:

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

Options:

Vulnerability scanning

Social engineering

Application security testing

Network sniffing

Questions # 65:

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

Options:

Firewall-management policy

Acceptable-use policy

Remote-access policy

Permissive policy

Questions # 66:

Here is the ASCII Sheet.

Question # 66

You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection technique.

What is the correct syntax?

Question # 66

Options:

Option A

Option B

Option C

Option D

Questions # 67:

Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.

Question # 67

Which of the following statements is incorrect?

Options:

Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.

Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades

They can validate compliance with or deviations from the organization's security policy

Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

Questions # 68:

TCP SYN Flood attack uses the three-way handshake mechanism.

1. An attacker at system A sends a SYN packet to victim at system B.

2. System B sends a SYN/ACK packet to victim A.

3. As a normal three-way handshake mechanism system A should send an ACK packet to system B, however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK packet from client A.

This status of client B is called _________________

Options:

"half-closed"

"half open"

"full-open"

"xmas-open"

Questions # 69:

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about potential tax benefits. Jason waits for Jake to swipe his access card and follows him through the open door into the secure systems area. How would you describe Jason's behavior within a security context?

Options:

Smooth Talking

Swipe Gating

Tailgating

Trailing

Questions # 70:

Choose one of the following pseudo codes to describe this statement:

"If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any more data."

Options:

If (I > 200) then exit (1)

If (I < 200) then exit (1)

If (I <= 200) then exit (1)

If (I >= 200) then exit (1)

Questions # 71:

This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?

Options:

IP Routing or Packet Dropping

IDS Spoofing or Session Assembly

IP Fragmentation or Session Splicing

IP Splicing or Packet Reassembly

Questions # 72:

This tool is widely used for ARP Poisoning attack. Name the tool.

Question # 72

Options:

Cain and Able

Beat Infector

Poison Ivy

Webarp Infector

Questions # 73:

This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate-looking e-mail asking users to update their information on the company's Web site, but the URLs in the e-mail actually point to a false Web site.

Options:

Wiresharp attack

Switch and bait attack

Phishing attack

Man-in-the-Middle attack

Questions # 74:

What type of attack is shown in the following diagram?

Question # 74

Options:

Man-in-the-Middle (MiTM) Attack

Session Hijacking Attack

SSL Spoofing Attack

Identity Stealing Attack

Questions # 75:

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

Question # 75

How would you prevent such type of attacks?

Options:

It is impossible to block these attacks

Hire the people through third-party job agencies who will vet them for you

Conduct thorough background checks before you engage them

Investigate their social networking profiles

Questions # 76:

What type of Trojan is this?

Question # 76

Options:

RAT Trojan

E-Mail Trojan

Defacement Trojan

Destructing Trojan

Denial of Service Trojan

Questions # 77:

While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

Options:

The firewall is dropping the packets

An in-line IDS is dropping the packets

A router is blocking ICMP

The host does not respond to ICMP packets

Questions # 78:

Which Steganography technique uses Whitespace to hide secret messages?

Options:

snow

beetle

magnet

cat

Questions # 79:

The SYN flood attack sends TCP connections requests faster than a machine can process them.

Attacker creates a random source address for each packet

SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address

Victim responds to spoofed IP address, then waits for confirmation that never arrives (timeout wait is about 3 minutes)

Victim's connection table fills up waiting for replies and ignores new connections

Legitimate users are ignored and will not be able to access the server

How do you protect your network against SYN Flood attacks?

Options:

SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.

RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally

Check the incoming packet's IP address with the SPAM database on the Internet and enable the filter using ACLs at the Firewall

Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection

Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object