New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Examstrust Logo
examstrust mcafee
  1. Home
  2. ECCouncil
  3. Certified Ethical Hacker
  4. EC0-350 - Ethical Hacking and Countermeasures V8

ECCouncil EC0-350 Ethical Hacking and Countermeasures V8 Exam Practice Test

Page: 1 / 88
Total 878 questions
Get EC0-350 Full Access Download EC0-350 PDF

Ethical Hacking and Countermeasures V8 Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99
Add to Cart

PDF + Testing Engine

  • Product Type: PDF + Testing Engine
$52.5  $174.99
Add to Cart

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Add to Cart
Question 1

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

Options:

A.

Proper testing

B.

Secure coding principles

C.

Systems security and architecture review

D.

Analysis of interrupts within the software

Question 2

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.

Which of the following programming languages would most likely be used?

Options:

A.

PHP

B.

C#

C.

Python

D.

ASP.NET

Question 3

Which of the following cryptography attack methods is usually performed without the use of a computer?

Options:

A.

Ciphertext-only attack

B.

Chosen key attack

C.

Rubber hose attack

D.

Rainbow table attack

Question 4

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Options:

A.

Ping of death

B.

SYN flooding

C.

TCP hijacking

D.

Smurf attack

Question 5

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Options:

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Question 6

While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server.  What specific octet within the subnet does the technician see?

Options:

A.

10.10.10.10

B.

127.0.0.1

C.

192.168.1.1

D.

192.168.168.168

Question 7

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials.  The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

Options:

A.

Using the Metasploit psexec module setting the SA / Admin credential

B.

Invoking the stored procedure xp_shell to spawn a Windows command shell

C.

Invoking the stored procedure cmd_shell to spawn a Windows command shell

D.

Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Question 8

An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets?

Options:

A.

The wireless card was not turned on.

B.

The wrong network card drivers were in use by Wireshark.

C.

On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.

D.

Certain operating systems and adapters do not collect the management or control packets.

Question 9

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.

In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Options:

A.

Semicolon

B.

Single quote

C.

Exclamation mark

D.

Double quote

Question 10

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Cavity virus

B.

Polymorphic virus

C.

Tunneling virus

D.

Stealth virus

Question 11

Advanced encryption standard is an algorithm used for which of the following?

Options:

A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Question 12

Which of the following is a client-server tool utilized to evade firewall inspection?

Options:

A.

tcp-over-dns

B.

kismet

C.

nikto

D.

hping

Question 13

From the two screenshots below, which of the following is occurring?

Options:

A.

10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

B.

10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

C.

10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.

D.

10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Question 14

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Question 15

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Question 16

ICMP ping and ping sweeps are used to check for active systems and to check

Options:

A.

if ICMP ping traverses a firewall.

B.

the route that the ICMP ping took.

C.

the location of the switchport in relation to the ICMP ping.

D.

the number of hops an ICMP ping takes to reach a destination.

Question 17

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Question 18

Access control is often implemented through the use of MAC address filtering on wireless Access Points. Why is this considered to be a very limited security measure?

Options:

A.

Vendors MAC address assignment is published on the Internet.

B.

The MAC address is not a real random number.

C.

The MAC address is broadcasted and can be captured by a sniffer.

D.

The MAC address is used properly only on Macintosh computers.

Question 19

John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.

In the context of Session hijacking why would you consider this as a false sense of security?

Options:

A.

The token based security cannot be easily defeated.

B.

The connection can be taken over after authentication.

C.

A token is not considered strong authentication.

D.

Token security is not widely used in the industry.

Question 20

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at.

Options:

A.

Mandatory Access Control

B.

Authorized Access Control

C.

Role-based Access Control

D.

Discretionary Access Control

Question 21

Take a look at the following attack on a Web Server using obstructed URL:

The request is made up of:

 %2e%2e%2f%2e%2e%2f%2e%2f% = ../../../

 %65%74%63 = etc

 %2f = /

 %70%61%73%73%77%64 = passwd

How would you protect information systems from these attacks?

Options:

A.

Configure Web Server to deny requests involving Unicode characters.

B.

Create rules in IDS to alert on strange Unicode requests.

C.

Use SSL authentication on Web Servers.

D.

Enable Active Scripts Detection at the firewall and routers.

Question 22

If you send a SYN to an open port, what is the correct response?(Choose all correct answers.

Options:

A.

SYN

B.

ACK

C.

FIN

D.

PSH

Question 23

Peter is a Linux network admin. As a knowledgeable security consultant, he turns to you to look for help on a firewall. He wants to use Linux as his firewall and use the latest freely available version that is offered. What do you recommend?

Select the best answer.

Options:

A.

Ipchains

B.

Iptables

C.

Checkpoint FW for Linux

D.

Ipfwadm

Question 24

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

Options:

A.

WEP attack

B.

Drive by hacking

C.

Rogue access point attack

D.

Unauthorized access point attack

Question 25

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publicly accessible areas of the network.

How can you achieve this?

Options:

A.

Block ICMP at the firewall.

B.

Block UDP at the firewall.

C.

Both A and B.

D.

There is no way to completely block doing a trace route into this area.

Question 26

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL’s (access control lists) to files or folders and also one that can be used within batch files.

Which of the following tools can be used for that purpose? (Choose the best answer)

Options:

A.

PERM.exe

B.

CACLS.exe

C.

CLACS.exe

D.

NTPERM.exe

Question 27

A program that defends against a port scanner will attempt to:

Options:

A.

Sends back bogus data to the port scanner

B.

Log a violation and recommend use of security-auditing tools

C.

Limit access by the scanning system to publicly available ports only

D.

Update a firewall rule in real time to prevent the port scan from being completed

Question 28

This kind of attack will let you assume a users identity at a dynamically generated web page or site:

Options:

A.

SQL Injection

B.

Cross Site Scripting

C.

Session Hijacking

D.

Zone Transfer

Question 29

Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of XYZ, he went through a few scanners that are currently available. Here are the scanners that he uses:

1. Axent’s NetRecon

2. SARA, by Advanced Research Organization

3. VLAD the Scanner, by Razor

However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.

What would be the best method to accurately identify the services running on a victim host?

Options:

A.

Using Cheops-ng to identify the devices of XYZ.

B.

Using the manual method of telnet to each of the open ports of XYZ.

C.

Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for XYZ.

D.

Using the default port and OS to make a best guess of what services are running on each port for XYZ.

Question 30

Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP?

Select the best answer.

Options:

A.

Stands for Wireless Encryption Protocol

B.

It makes a WLAN as secure as a LAN

C.

Stands for Wired Equivalent Privacy

D.

It offers end to end security

Question 31

How many bits encryption does SHA-1 use?

Options:

A.

64 bits

B.

128 bits

C.

160 bits

D.

256 bits

Question 32

Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to save the page locally, so that he can modify the page variables. In the context of web application security, what do you think Bubba has changes?

Options:

A.

A hidden form field value.

B.

A hidden price value.

C.

An integer variable.

D.

A page cannot be changed locally, as it is served by a web server.

Question 33

You are gathering competitive intelligence on XYZ.com. You notice that they have jobs listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization?

Options:

A.

The IP range used by the target network

B.

An understanding of the number of employees in the company

C.

How strong the corporate security policy is

D.

The types of operating systems and applications being used.

Question 34

Jim is having no luck performing a penetration test in XYZ’s network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.

Why is Jim having these problems?

Options:

A.

Security scanners are not designed to do testing through a firewall.

B.

Security scanners cannot perform vulnerability linkage.

C.

Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.

D.

All of the above.

Question 35

Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?

Options:

A.

Timestamps

B.

SMB Signing

C.

File permissions

D.

Sequence numbers monitoring

Question 36

In the following example, which of these is the "exploit"?

Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.

Select the best answer.

Options:

A.

Microsoft Corporation is the exploit.

B.

The security "hole" in the product is the exploit.

C.

Windows 2003 Server

D.

The exploit is the hacker that would use this vulnerability.

E.

The documented method of how to use the vulnerability to gain unprivileged access.

Question 37

You are a Administrator of Windows server. You want to find the port number for POP3. What file would you find the information in and where?

Select the best answer.

Options:

A.

%windir%\\etc\\services

B.

system32\\drivers\\etc\\services

C.

%windir%\\system32\\drivers\\etc\\services

D.

/etc/services

E.

%windir%/system32/drivers/etc/services

Question 38

ARP poisoning is achieved in _____ steps

Options:

A.

1

B.

2

C.

3

D.

4

Question 39

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Question 40

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?

Options:

A.

Covert Channel

B.

Crafted Channel

C.

Bounce Channel

D.

Deceptive Channel

Question 41

What is the algorithm used by LM for Windows2000 SAM?

Options:

A.

MD4

B.

DES

C.

SHA

D.

SSL

Question 42

Exhibit:

ettercap –NCLzs --quiet

What does the command in the exhibit do in “Ettercap”?

Options:

A.

This command will provide you the entire list of hosts in the LAN

B.

This command will check if someone is poisoning you and will report its IP.

C.

This command will detach from console and log all the collected passwords from the network to a file.

D.

This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.

Question 43

After an attacker has successfully compromised a remote computer, what would be one of the last steps that would be taken to ensure that the compromise is not traced back to the source of the problem?

Options:

A.

Install pactehs

B.

Setup a backdoor

C.

Cover your tracks

D.

Install a zombie for DDOS

Question 44

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to accomplish? Select the best answer.

Options:

A.

A zone harvesting

B.

A zone transfer

C.

A zone update

D.

A zone estimate

Question 45

What tool can crack Windows SMB passwords simply by listening to network traffic?

Select the best answer.

Options:

A.

This is not possible

B.

Netbus

C.

NTFSDOS

D.

L0phtcrack

Question 46

Sniffing is considered an active attack.

Options:

A.

True

B.

False

Question 47

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

Options:

A.

Invalid Username

B.

Invalid Password

C.

Authentication Failure

D.

Login Attempt Failed

E.

Access Denied

Question 48

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

Options:

A.

USER, NICK

B.

LOGIN, NICK

C.

USER, PASS

D.

LOGIN, USER

Question 49

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at Joseph uses his laptop computer regularly to administer the Web site.

One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!

From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith.

After his modem connected, he quickly typed in his browser to reveal the following web page:

H@cker Mess@ge:

Y0u @re De@d! Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.

How did the attacker accomplish this hack?

Options:

A.

ARP spoofing

B.

SQL injection

C.

DNS poisoning

D.

Routing table injection

Question 50

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

Options:

A.

All are hacking tools developed by the legion of doom

B.

All are tools that can be used not only by hackers, but also security personnel

C.

All are DDOS tools

D.

All are tools that are only effective against Windows

E.

All are tools that are only effective against Linux

Question 51

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

Options:

A.

Copy the system files from a known good system

B.

Perform a trap and trace

C.

Delete the files and try to determine the source

D.

Reload from a previous backup

E.

Reload from known good media

Question 52

Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.

How will you defend against hardware keyloggers when using public computers and Internet Kiosks? (Select 4 answers)

Options:

A.

Alternate between typing the login credentials and typing characters somewhere else in the focus window

B.

Type a wrong password first, later type the correct password on the login page defeating the keylogger recording

C.

Type a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.

D.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

E.

The next key typed replaces selected text portion. E.g. if the password is "secret", one could type "s", then some dummy keys "asdfsd".

Then these dummies could be selected with mouse, and next character from the password "e" is typed, which replaces the dummies

"asdfsd"

Question 53

John runs a Web server, IDS and firewall on his network. Recently his Web server has been under constant hacking attacks. He looks up the IDS log files and sees no intrusion attempts but the Web server constantly locks up and needs rebooting due to various brute force and buffer overflow attacks but still the IDS alerts no intrusion whatsoever. John becomes suspicious and views the Firewall logs and he notices huge SSL connections constantly hitting his Web server. Hackers have been using the encrypted HTTPS protocol to send exploits to the Web server and that was the reason the IDS did not detect the intrusions. How would John protect his network from these types of attacks?

Options:

A.

Install a proxy server and terminate SSL at the proxy

B.

Enable the IDS to filter encrypted HTTPS traffic

C.

Install a hardware SSL "accelerator" and terminate SSL at this layer

D.

Enable the Firewall to filter encrypted HTTPS traffic

Question 54

You ping a target IP to check if the host is up. You do not get a response. You suspect ICMP is blocked at the firewall. Next you use hping2 tool to ping the target host and you get a response. Why does the host respond to hping2 and not ping packet?

Options:

A.

Ping packets cannot bypass firewalls

B.

You must use ping 10.2.3.4 switch

C.

Hping2 uses stealth TCP packets to connect

D.

Hping2 uses TCP instead of ICMP by default

Question 55

Why attackers use proxy servers?

Options:

A.

To ensure the exploits used in the attacks always flip reverse vectors

B.

Faster bandwidth performance and increase in attack speed

C.

Interrupt the remote victim's network traffic and reroute the packets to attackers machine

D.

To hide the source IP address so that an attacker can hack without any legal corollary

Question 56

Which type of password cracking technique works like dictionary attack but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

Options:

A.

Dictionary attack

B.

Brute forcing attack

C.

Hybrid attack

D.

Syllable attack

E.

Rule-based attack

Question 57

You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?

Options:

A.

Convert the Trojan.exe file extension to Trojan.txt disguising as text file

B.

Break the Trojan into multiple smaller files and zip the individual pieces

C.

Change the content of the Trojan using hex editor and modify the checksum

D.

Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1

Question 58

Passive reconnaissance involves collecting information through which of the following?

Options:

A.

Social engineering

B.

Network traffic sniffing

C.

Man in the middle attacks

D.

Publicly accessible sources

Question 59

Which of the following represent weak password? (Select 2 answers)

Options:

A.

Passwords that contain letters, special characters, and numbers ExamplE. ap1$%##f@52

B.

Passwords that contain only numbers ExamplE. 23698217

C.

Passwords that contain only special characters ExamplE. &*#@!(%)

D.

Passwords that contain letters and numbers ExamplE. meerdfget123

E.

Passwords that contain only letters ExamplE. QWERTYKLRTY

F.

Passwords that contain only special characters and numbers ExamplE. 123@$45

G.

Passwords that contain only letters and special characters ExamplE. bob@&ba

Question 60

Here is the ASCII Sheet.

You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection technique.

What is the correct syntax?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 61

Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access.

Identify the correct statement related to the above Web Server installation?

Options:

A.

Lack of proper security policy, procedures and maintenance

B.

Bugs in server software, OS and web applications

C.

Installing the server with default settings

D.

Unpatched security flaws in the server software, OS and applications

Question 62

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?

Options:

A.

Host

B.

Stateful

C.

Stateless

D.

Application

Question 63

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Options:

A.

Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security

B.

Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure

C.

Registration of critical penetration testing for the Department of Homeland Security and public and private sectors

D.

Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Question 64

June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

Options:

A.

Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus

B.

Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus

C.

No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

D.

No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus

Question 65

Least privilege is a security concept that requires that a user is

Options:

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

Question 66

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Options:

A.

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.

The session cookies generated by the application do not have the HttpOnly flag set.

C.

The victim user must open the malicious link with a Firefox prior to version 3.

D.

The web application should not use random tokens.

Question 67

You are performing a port scan with nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results?

Options:

A.

Stealth scan

B.

Connect scan

C.

Fragmented packet scan

D.

XMAS scan

Question 68

Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: &Smith=121%22 Kevin changes the URL to: &Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox?

Options:

A.

This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access

B.

By changing the mailbox's name in the URL, Kevin is attempting directory transversal

C.

Kevin is trying to utilize query string manipulation to gain access to her email account

D.

He is attempting a path-string attack to gain access to her mailbox

Question 69

What is the default Password Hash Algorithm used by NTLMv2?

Options:

A.

MD4

B.

DES

C.

SHA-1

D.

MD5

Question 70

Steve scans the network for SNMP enabled devices. Which port number Steve should scan?

Options:

A.

150

B.

161

C.

169

D.

69

Question 71

"Testing the network using the same methodologies and tools employed by attackers" Identify the correct terminology that defines the above statement.

Options:

A.

Vulnerability Scanning

B.

Penetration Testing

C.

Security Policy Implementation

D.

Designing Network Security

Question 72

Bob has been hired to do a web application security test. Bob notices that the site is dynamic and must make use of a back end database. Bob wants to see if SQL Injection would be possible. What is the first character that Bob should use to attempt breaking valid SQL request?

Options:

A.

Semi Column

B.

Double Quote

C.

Single Quote

D.

Exclamation Mark

Question 73

A digital signature is simply a message that is encrypted with the public key instead of the private key.

Options:

A.

true

B.

false

Question 74

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

Options:

A.

The switches will drop into hub mode if the ARP cache is successfully flooded.

B.

If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C.

Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D.

The switches will route all traffic to the broadcast address created collisions.

Question 75

You establish a new Web browser connection to Google. Since a 3-way handshake is required for any TCP connection, the following actions will take place.

  • DNS query is sent to the DNS server to resolve www.google.com
  • DNS server replies with the IP address for Google?
  • SYN packet is sent to Google.
  • Google sends back a SYN/ACK packet
  • Your computer completes the handshake by sending an ACK
  • The connection is established and the transfer of data commences

Which of the following packets represent completion of the 3-way handshake?

Options:

A.

4th packet

B.

3rdpacket

C.

6th packet

D.

5th packet

Question 76

In which step Steganography fits in CEH System Hacking Cycle (SHC)

Options:

A.

Step 2: Crack the password

B.

Step 1: Enumerate users

C.

Step 3: Escalate privileges

D.

Step 4: Execute applications

E.

Step 5: Hide files

F.

Step 6: Cover your tracks

Question 77

Gerald, the Systems Administrator for Hyped Enterprises, has just discovered that his network has been breached by an outside attacker. After performing routine maintenance on his servers, he discovers numerous remote tools were installed that no one claims to have knowledge of in his department. Gerald logs onto the management console for his IDS and discovers an unknown IP address that scanned his network constantly for a week and was able to access his network through a high-level port that was not closed. Gerald traces the IP address he found in the IDS log to a proxy server in Brazil. Gerald calls the company that owns the proxy server and after searching through their logs, they trace the source to another proxy server in Switzerland. Gerald calls the company in Switzerland that owns the proxy server and after scanning through the logs again, they trace the source back to a proxy server in China. What proxy tool has Gerald's attacker used to cover their tracks?

Options:

A.

ISA proxy

B.

IAS proxy

C.

TOR proxy

D.

Cheops proxy

Question 78

What is the correct order of steps in CEH System Hacking Cycle?

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 79

Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

Options:

A.

Image Hide

B.

Snow

C.

Gif-It-Up

D.

NiceText

Question 80

What type of encryption does WPA2 use?

Options:

A.

DES 64 bit

B.

AES-CCMP 128 bit

C.

MD5 48 bit

D.

SHA 160 bit

Question 81

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web site during work hours, without any consideration for others. Neil knows that he has an up-to-date content filtering system and such access should not be authorized. What type of technique might be used by these offenders to access the Internet without restriction?

Options:

A.

They are using UDP that is always authorized at the firewall

B.

They are using HTTP tunneling software that allows them to communicate with protocols in a way it was not intended

C.

They have been able to compromise the firewall, modify the rules, and give themselves proper access

D.

They are using an older version of Internet Explorer that allow them to bypass the proxy server

Question 82

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

Options:

A.

Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account

B.

Package the Sales.xls using Trojan wrappers and telnet them back your home computer

C.

You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques

D.

Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Question 83

Finding tools to run dictionary and brute forcing attacks against FTP and Web servers is an easy task for hackers. They use tools such as arhontus or brutus to break into remote servers.

A command such as this, will attack a given 10.0.0.34 FTP and Telnet servers simultaneously with a list of passwords and a single login namE. linksys. Many FTP-specific password-guessing tools are also available from major security sites.

What defensive measures will you take to protect your network from these attacks?

Options:

A.

Never leave a default password

B.

Never use a password that can be found in a dictionary

C.

Never use a password related to your hobbies, pets, relatives, or date of birth.

D.

Use a word that has more than 21 characters from a dictionary as the password

E.

Never use a password related to the hostname, domain name, or anything else that can be found with whois

Question 84

One of the most common and the best way of cracking RSA encryption is to begin to derive the two prime numbers, which are used in the RSA PKI mathematical process. If the two numbers p and q are discovered through a _____________ process, then the private key can be derived.

Options:

A.

Factorization

B.

Prime Detection

C.

Hashing

D.

Brute-forcing

Question 85

You receive an e-mail like the one shown below. When you click on the link contained in the mail, you are redirected to a website seeking you to download free Anti-Virus software.

Dear valued customers,

We are pleased to announce the newest version of Antivirus 2010 for Windows which will probe you with total security against the latest spyware, malware, viruses, Trojans and other online threats. Simply visit the link below and enter your antivirus code:

Antivirus code: 5014

Thank you for choosing us, the worldwide leader Antivirus solutions.

Mike Robertson

PDF Reader Support

Copyright Antivirus 2010 ?All rights reserved

If you want to stop receiving mail, please go to:

or you may contact us at the following address: Media Internet Consultants, Edif. Neptuno, Planta Baja, Ave. Ricardo J. Alfaro, Tumba Muerto, n/a Panama

How will you determine if this is Real Anti-Virus or Fake Anti-Virus website?

Options:

A.

Look at the website design, if it looks professional then it is a Real Anti-Virus website

B.

Connect to the site using SSL, if you are successful then the website is genuine

C.

Search using the URL and Anti-Virus product name into Google and lookout for suspicious warnings against this site

D.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

E.

Download and install Anti-Virus software from this suspicious looking site, your Windows 7 will prompt you and stop the installation if the downloaded file is a malware

Question 86

What is the purpose of conducting security assessments on network resources?

Options:

A.

Documentation

B.

Validation

C.

Implementation

D.

Management

Question 87

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Options:

A.

Microsoft Security Baseline Analyzer

B.

Retina  

C.

Core Impact

D.

Microsoft Baseline Security Analyzer

Question 88

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Options:

A.

Timing attack

B.

Replay attack

C.

Memory trade-off attack

D.

Chosen plain-text attack

Question 89

Windows file servers commonly hold sensitive files, databases, passwords and more.  Which of the following choices would be a common vulnerability that usually exposes them?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

Missing patches

D.

CRLF injection

Question 90

Which of the following is an example of IP spoofing?

Options:

A.

SQL injections

B.

Man-in-the-middle

C.

Cross-site scripting

D.

ARP poisoning

Question 91

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

Options:

A.

The consultant will ask for money on the bid because of great work.

B.

The consultant may expose vulnerabilities of other companies.

C.

The company accepting bids will want the same type of format of testing.

D.

The company accepting bids will hire the consultant because of the great work performed.

Question 92

The use of technologies like IPSec can help guarantee the followinG. authenticity, integrity, confidentiality and

Options:

A.

non-repudiation.

B.

operability.

C.

security.

D.

usability.

Question 93

A bank stores and processes sensitive privacy information related to home loans.  However, auditing has never been enabled on the system.  What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Question 94

Which type of security document is written with specific step-by-step details?

Options:

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Question 95

Which initial procedure should an ethical hacker perform after being brought into an organization?   

Options:

A.

Begin security testing.

B.

Turn over deliverables.   

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Question 96

How can telnet be used to fingerprint a web server?

Options:

A.

telnet webserverAddress 80

HEAD / HTTP/1.0

B.

telnet webserverAddress 80 

PUT / HTTP/1.0

C.

telnet webserverAddress 80

HEAD / HTTP/2.0

D.

telnet webserverAddress 80 

PUT / HTTP/2.0

Question 97

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

Options:

A.

Public-key cryptosystems are faster than symmetric-key cryptosystems.

B.

Public-key cryptosystems distribute public-keys within digital signatures.

C.

Public-key cryptosystems do not require a secure key distribution channel.

D.

Public-key cryptosystems do not provide technical non-repudiation via digital signatures.

Question 98

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Options:

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Question 99

A security administrator notices that the log file of the company`s webserver contains suspicious entries:

Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

Options:

A.

command injection.

B.

SQL injection.

C.

directory traversal.

D.

LDAP injection.

Question 100

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

Options:

A.

Implementing server-side PKI certificates for all connections

B.

Mandating only client-side PKI certificates for all connections

C.

Requiring client and server PKI certificates for all connections

D.

Requiring strong authentication for all DNS queries

Question 101

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for and receives an error message stating there is no response from the server. What should the administrator do next?

Options:

A.

Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.

B.

Configure the firewall to allow traffic on TCP ports 80 and UDP port 443.

C.

Configure the firewall to allow traffic on TCP port 53.

D.

Configure the firewall to allow traffic on TCP port 8080.

Question 102

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

Untrust (Internet) – (Remote network = 217.77.88.0/24)

DMZ (DMZ) – (11.12.13.0/24)

Trust (Intranet) – (192.168.0.0/24)

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

Options:

A.

Permit  217.77.88.0/24  11.12.13.0/24 RDP 3389

B.

Permit  217.77.88.12    11.12.13.50     RDP 3389

C.

Permit  217.77.88.12    11.12.13.0/24 RDP 3389

D.

Permit  217.77.88.0/24  11.12.13.50     RDP 3389

Question 103

How do you defend against DHCP Starvation attack?

Options:

A.

Enable ARP-Block on the switch

B.

Enable DHCP snooping on the switch

C.

Configure DHCP-BLOCK to 1 on the switch

D.

Install DHCP filters on the switch to block this attack

Question 104

You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assessments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached cell phone 3G modem to his telephone line and workstation. He has used this cell phone 3G modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?

Options:

A.

Reconfigure the firewall

B.

Enforce the corporate security policy

C.

Install a network-based IDS

D.

Conduct a needs analysis

Question 105

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs:

From the above list identify the user account with System Administrator privileges?

Options:

A.

John

B.

Rebecca

C.

Sheela

D.

Shawn

E.

Somia

F.

Chang

G.

Micah

Question 106

Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to spoof his IP address in order to replay the sessionID. Why do you think Dan might not be able to get an interactive session?

Options:

A.

Dan cannot spoof his IP address over TCP network

B.

The scenario is incorrect as Dan can spoof his IP and get responses

C.

The server will send replies back to the spoofed IP address

D.

Dan can establish an interactive session only if he uses a NAT

Question 107

Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.

Which of the following statements is incorrect?

Options:

A.

Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.

B.

Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades

C.

They can validate compliance with or deviations from the organization's security policy

D.

Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention

Question 108

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Options:

A.

Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card

B.

Educate and enforce physical security policies of the company to all the employees on a regular basis

C.

Setup a mock video camera next to the special card reader adjacent to the secure door

D.

Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door

Question 109

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them:

FIN = 1

SYN = 2

RST = 4

PSH = 8

ACK = 16

URG = 32

ECE = 64

CWR = 128

Jason is the security administrator of ASPEN Communications. He analyzes some traffic using Wireshark and has enabled the following filters.

What is Jason trying to accomplish here?

Options:

A.

SYN, FIN, URG and PSH

B.

SYN, SYN/ACK, ACK

C.

RST, PSH/URG, FIN

D.

ACK, ACK, SYN, URG

Question 110

What is the correct command to run Netcat on a server using port 56 that spawns command shell when connected?

Options:

A.

nc -port 56 -s cmd.exe

B.

nc -p 56 -p -e shell.exe

C.

nc -r 56 -c cmd.exe

D.

nc -L 56 -t -e cmd.exe

Question 111

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

How would you prevent such type of attacks?

Options:

A.

It is impossible to block these attacks

B.

Hire the people through third-party job agencies who will vet them for you

C.

Conduct thorough background checks before you engage them

D.

Investigate their social networking profiles

Question 112

Lori was performing an audit of her company's internal Sharepoint pages when she came across the following codE. What is the purpose of this code?

Options:

A.

This JavaScript code will use a Web Bug to send information back to another server.

B.

This code snippet will send a message to a server at 192.154.124.55 whenever the "escape" key is pressed.

C.

This code will log all keystrokes.

D.

This bit of JavaScript code will place a specific image on every page of the RSS feed.

Question 113

You receive an e-mail with the following text message.

"Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your files at midnight. If there's a file called hidserv.exe on your computer, you have been infected and your computer is now running a hidden server that allows hackers to access your computer. Delete the file immediately. Please also pass this message to all your friends and colleagues as soon as possible."

You launch your antivirus software and scan the suspicious looking file hidserv.exe located in c:\windows directory and the AV comes out clean meaning the file is not infected. You view the file signature and confirm that it is a legitimate Windows system file "Human Interface Device Service".

What category of virus is this?

Options:

A.

Virus hoax

B.

Spooky Virus

C.

Stealth Virus

D.

Polymorphic Virus

Question 114

While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

Options:

A.

The firewall is dropping the packets

B.

An in-line IDS is dropping the packets

C.

A router is blocking ICMP

D.

The host does not respond to ICMP packets

Question 115

What is the problem with this ASP script (login.asp)?

Options:

A.

The ASP script is vulnerable to Cross Site Scripting attack

B.

The ASP script is vulnerable to Session Splice attack

C.

The ASP script is vulnerable to XSS attack

D.

The ASP script is vulnerable to SQL Injection attack

Question 116

In what stage of Virus life does a stealth virus gets activated with the user performing certain actions such as running an infected program?

Options:

A.

Design

B.

Elimination

C.

Incorporation

D.

Replication

E.

Launch

F.

Detection

Question 117

Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?

Options:

A.

Jimmy can submit user input that executes an operating system command to compromise a target system

B.

Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access

C.

Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of the database

D.

Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system

Question 118

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.

How does a polymorphic shellcode work?

Options:

A.

They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode

B.

They convert the shellcode into Unicode, using loader to convert back to machine code then executing them

C.

They reverse the working instructions into opposite order by masking the IDS signatures

D.

They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

Question 119

You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

Options:

A.

display==facebook

B.

traffic.content==facebook

C.

tcp contains facebook

D.

list.display.facebook

Question 120

Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Paul notices that when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24Mbps or less. Paul connects to his wireless router's management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop. What is Paul seeing here?

Options:

A.

MAC spoofing

B.

Macof

C.

ARP spoofing

D.

DNS spoofing

Question 121

Name two software tools used for OS guessing? (Choose two.

Options:

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

Question 122

John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.

What would you suggest to John to help identify the OS that is being used on the remote web server?

Options:

A.

Connect to the web server with a browser and look at the web page.

B.

Connect to the web server with an FTP client.

C.

Telnet to port 8080 on the web server and look at the default page code.

D.

Telnet to an open port and grab the banner.

Question 123

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer

Options:

A.

Alternate Data Streams

B.

Merge Streams

C.

Steganography

D.

NetBIOS vulnerability

Question 124

Because UDP is a connectionless protocol: (Select 2)

Options:

A.

UDP recvfrom() and write() scanning will yield reliable results

B.

It can only be used for Connect scans

C.

It can only be used for SYN scans

D.

There is no guarantee that the UDP packets will arrive at their destination

E.

ICMP port unreachable messages may not be returned successfully

Question 125

_________ is one of the programs used to wardial.

Options:

A.

DialIT

B.

Netstumbler

C.

TooPac

D.

Kismet

E.

ToneLoc

Question 126

What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)

Options:

A.

The router will discard the packet

B.

The router will decrement the TTL value and forward the packet to the next router on the path to the destination host

C.

The router will send a time exceeded message to the source host

D.

The router will increment the TTL value and forward the packet to the next router on the path to the destination host.

E.

The router will send an ICMP Redirect Message to the source host

Question 127

What type of port scan is shown below?

Options:

A.

Idle Scan

B.

Windows Scan

C.

XMAS Scan

D.

SYN Stealth Scan

Question 128

Bob is acknowledged as a hacker of repute and is popular among visitors of “underground” sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well.

In this context, what would be the most affective method to bridge the knowledge gap between the “black” hats or crackers and the “white” hats or computer security professionals? (Choose the test answer)

Options:

A.

Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.

B.

Hire more computer security monitoring personnel to monitor computer systems and networks.

C.

Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.

D.

Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises.

Question 129

While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings sent out.

What is the most likely cause behind this response?

Options:

A.

The firewall is dropping the packets.

B.

An in-line IDS is dropping the packets.

C.

A router is blocking ICMP.

D.

The host does not respond to ICMP packets.

Question 130

Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

Options:

A.

To create a denial of service attack.

B.

To verify information about the mail administrator and his address.

C.

To gather information about internal hosts used in email treatment.

D.

To gather information about procedures that are in place to deal with such messages.

Question 131

Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the hacking session.

What does the first and second column mean? Select two.

Options:

A.

The first column reports the sequence number

B.

The second column reports the difference between the current and last sequence number

C.

The second column reports the next sequence number

D.

The first column reports the difference between current and last sequence number

Load More EC0-350 Questions
Page: 1 / 88
Total 878 questions
Get EC0-350 Full Access Download EC0-350 PDF