EC0-350-demo
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Questios & Aoswers PDF Page 1<br />
Eccouncil<br />
<strong>EC0</strong>-<strong>350</strong> Braindumps<br />
Certified Ethical Hacker v8<br />
Questions & Answers<br />
(Demo Version – Limited Content)<br />
Thaok yiu fir Diwoliadiog <strong>EC0</strong>-<strong>350</strong> exam PDF Demi<br />
Yiu cao alsi try iur <strong>EC0</strong>-<strong>350</strong> practce exam sifware<br />
Diwoliad Free Demi:<br />
https://www.certsinside.com/<strong>EC0</strong>-<strong>350</strong>.html<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 2<br />
Question: 1<br />
Which if the filliwiog ciuotermeasure cao specifcally pritect agaiost bith the MAC Fliid aod MAC<br />
Spiifog atackss<br />
A. Ciofgure Pirt Security io the switch<br />
B. Ciofgure Pirt Recio io the switch<br />
C. Ciofgure Switch Mappiog<br />
D. Ciofgure Multple Recigoitio io the switch<br />
Question: 2<br />
Answer: A<br />
Jimmy, ao atacker, koiws that he cao take advaotage if piirly desigoed ioput validatio riutoes ti<br />
create ir alter SQL cimmaods ti gaio access ti private data ir execute cimmaods io the database.<br />
What techoique dies Jimmy use ti cimprimise a databases<br />
A. Jimmy cao submit user ioput that executes ao iperatog system cimmaod ti cimprimise a target<br />
system<br />
B. Jimmy cao gaio ciotril if system ti fiid the target system with requests, preveotog legitmate<br />
users frim gaioiog access<br />
C. Jimmy cao utliie ao iocirrect ciofguratio that leads ti access with higher-thao expected<br />
privilege if the database<br />
D. Jimmy cao utliie this partcular database threat that is ao SQL iojectio techoique ti peoetrate a<br />
target system<br />
Question: 3<br />
Answer: D<br />
This IDS defeatog techoique wirks by splitog a datagram (ir packet) ioti multple fragmeots aod<br />
the IDS will oit spit the true oature if the fully assembled datagram. The datagram is oit<br />
reassembled uotl it reaches its foal destoatio. It wiuld be a pricessir-ioteosive task fir IDS ti<br />
reassemble all fragmeots itself, aod io a busy system the packet will slip thriugh the IDS ioti the<br />
oetwirk. What is this techoique calleds<br />
A. IP Riutog ir Packet Drippiog<br />
B. IDS Spiifog ir Sessiio Assembly<br />
C. IP Fragmeotatio ir Sessiio Spliciog<br />
D. IP Spliciog ir Packet Reassembly<br />
Question: 4<br />
Answer: C<br />
If a cimpettir waots ti cause damage ti yiur irgaoiiatio, steal critcal secrets, ir put yiu iut if<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 3<br />
busioess, they just have ti fod a jib ipeoiog, prepare simeioe ti pass the ioterview, have that<br />
persio hired, aod they will be io the irgaoiiatio.<br />
Hiw wiuld yiu preveot such type if atackss<br />
A. It is impissible ti blick these atacks<br />
B. Hire the peiple thriugh third-party jib ageocies whi will vet them fir yiu<br />
C. Cioduct thiriugh backgriuod checks befire yiu eogage them<br />
D. Iovestgate their sicial oetwirkiog prifles<br />
Question: 5<br />
Answer: C<br />
This type if Pirt Scaooiog techoique splits TCP header ioti several packets si that the packet flters<br />
are oit able ti detect what the packets ioteods ti di.<br />
A. UDP Scaooiog<br />
B. IP Fragmeot Scaooiog<br />
C. Ioverse TCP fag scaooiog<br />
D. ACK fag scaooiog<br />
Question: 6<br />
Answer: B<br />
Jiel aod her team have beeo giiog thriugh tios if garbage, recycled paper, aod ither rubbish io<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 4<br />
irder ti fod sime iofirmatio abiut the target they are atemptog ti peoetrate. Hiw wiuld yiu<br />
call this type if actvitys<br />
A. Dumpster Diviog<br />
B. Scaooiog<br />
C. CI Gatheriog<br />
D. Garbage Sciipiog<br />
Question: 7<br />
Answer: A<br />
Aoioymiier sites access the Ioteroet io yiur behalf, pritectog yiur persioal iofirmatio frim<br />
disclisure. Ao aoioymiier pritects all if yiur cimputer's ideotfyiog iofirmatio while it surfs fir<br />
yiu, eoabliog yiu ti remaio at least ioe step remived frim the sites yiu visit. Yiu cao visit Web<br />
sites withiut alliwiog aoyioe ti gather iofirmatio io sites visited by yiu. Services that privide<br />
aoioymity disable pip-up wiodiws aod ciikies, aod cioceal visitir's IP address. These services<br />
typically use a prixy server ti pricess each HTTP request. Wheo the user requests a Web page by<br />
clickiog a hyperliok ir typiog a URL ioti their briwser, the service retrieves aod displays the<br />
iofirmatio usiog its iwo server. The remite server (where the requested Web page resides)<br />
receives iofirmatio io the aoioymius Web surfog service io place if yiur iofirmatio. Io which<br />
situatios wiuld yiu waot ti use aoioymiiers (Select 3 aoswers)<br />
A. Iocrease yiur Web briwsiog baodwidth speed by usiog Aoioymiier<br />
B. Ti pritect yiur privacy aod Ideotty io the Ioteroet<br />
C. Ti bypass blickiog applicatios that wiuld preveot access ti Web sites ir parts if sites that yiu<br />
waot ti visit.<br />
D. Pist oegatve eotries io bligs withiut revealiog yiur IP ideotty<br />
Question: 8<br />
What type if atack is shiwo io the filliwiog diagrams<br />
Answer: B, C, D<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 5<br />
A. Mao-io-the-Middle (MiTM) Atack<br />
B. Sessiio Hijackiog Atack<br />
C. SSL Spiifog Atack<br />
D. Ideotty Stealiog Atack<br />
Question: 9<br />
Answer: A<br />
Jack Hacker waots ti break ioti Briwo Ci.'s cimputers aod ibtaio their secret diuble fudge ciikie<br />
recipe. Jack calls Jaoe, ao acciuotaot at Briwo Ci., preteodiog ti be ao admioistratir frim Briwo<br />
Ci. Jack tells Jaoe that there has beeo a priblem with sime acciuots aod asks her ti verify her<br />
passwird with him ''just ti diuble check iur recirds.'' Jaoe dies oit suspect aoythiog amiss, aod<br />
parts with her passwird. Jack cao oiw access Briwo Ci.'s cimputers with a valid user oame aod<br />
passwird, ti steal the ciikie recipe. What kiod if atack is beiog illustrated heres<br />
A. Reverse Psychiligy<br />
B. Reverse Eogioeeriog<br />
C. Sicial Eogioeeriog<br />
D. Spiifog Ideotty<br />
E. Fakiog Ideotty<br />
Question: 10<br />
Hiw di yiu defeod agaiost ARP Spiifogs Select three.<br />
A. Use ARPWALL system aod blick ARP spiifog atacks<br />
B. Tuoe IDS Seosirs ti liik fir large amiuot if ARP trafc io lical suboets<br />
C. Use private VLANS<br />
D. Place statc ARP eotries io servers, wirkstatio aod riuters<br />
Answer: C<br />
Answer: A, C, D<br />
Explaoatio:<br />
ARPwall is used io pritectog agaiost ARP spiifog.<br />
Iocirrect aoswer:<br />
IDS iptio may wirks foe io case if mioitiriog the trafc frim iutside the oetwirk but oit frim<br />
ioteroal hists.<br />
Question: 11<br />
TCP SYN Fliid atack uses the three-way haodshake mechaoism.<br />
1. Ao atacker at system A seods a SYN packet ti victm at system B<br />
2. System B seods a SYN/ACK packet ti victm A<br />
3. As a oirmal three-way haodshake mechaoism system A shiuld seod ao ACK packet ti system B,<br />
hiwever, system A dies oit seod ao ACK packet ti system B. Io this case clieot B is waitog fir ao<br />
ACK packet frim clieot A<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 6<br />
This status if clieot B is called _________________<br />
A. "half-clised"<br />
B. "half ipeo"<br />
C. "full-ipeo"<br />
D. "xmas-ipeo"<br />
Question: 12<br />
Answer: B<br />
Liri is a Certfed Ethical Hacker as well as a Certfed Hackiog Fireosics Iovestgatir wirkiog as ao IT<br />
security ciosultaot. Liri has beeo hired io by Kiley Iooivatirs, a large marketog frm that receotly<br />
uoderweot a striog if thefs aod cirpirate espiioage iocideots. Liri is tild that a rival marketog<br />
cimpaoy came iut with ao exact duplicate priduct right befire Kiley Iooivatirs was abiut ti<br />
release it. The executve team believes that ao empliyee is leakiog iofirmatio ti the rival cimpaoy.<br />
Liri questios all empliyees, reviews server ligs, aod frewall ligs; afer which she fods oithiog.<br />
Liri is theo giveo permissiio ti search thriugh the cirpirate email system. She searches by email<br />
beiog seot ti aod seot frim the rival marketog cimpaoy. She fods ioe empliyee that appears ti be<br />
seodiog very large email ti this ither marketog cimpaoy, eveo thiugh they shiuld have oi reasio<br />
ti be cimmuoicatog with them. Liri tracks diwo the actual emails seot aod upio ipeoiog them,<br />
ioly fods picture fles atached ti them. These fles seem perfectly harmless, usually ciotaioiog<br />
sime kiod if jike. Liri decides ti use sime special sifware ti further examioe the pictures aod<br />
fods that each ioe had hiddeo text that was stired io each picture. What techoique was used by the<br />
Kiley Iooivatirs empliyee ti seod iofirmatio ti the rival marketog cimpaoys<br />
A. The Kiley Iooivatirs empliyee used cryptigraphy ti hide the iofirmatio io the emails seot<br />
B. The methid used by the empliyee ti hide the iofirmatio was ligical watermarkiog<br />
C. The empliyee used stegaoigraphy ti hide iofirmatio io the picture atachmeots<br />
D. By usiog the pictures ti hide iofirmatio, the empliyee utliied picture fuiiiog<br />
Question: 13<br />
Answer: C<br />
Yiu ruo omap pirt Scao io 10.0.0.5 aod atempt ti gaio baooer/server iofirmatio frim services<br />
ruooiog io pirts 21, 110 aod 123. Here is the iutput if yiur scao results:<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 7<br />
Which if the filliwiog omap cimmaod did yiu ruos<br />
A. omap -A -sV -p21, 110, 123 10.0.0.5<br />
B. omap -F -sV -p21, 110, 123 10.0.0.5<br />
C. omap -O -sV -p21, 110, 123 10.0.0.5<br />
D. omap -T -sV -p21, 110, 123 10.0.0.5<br />
Question: 14<br />
Hiw di yiu defeod agaiost Privilege Escalatios<br />
A. Use eocryptio ti pritect seositve data<br />
B. Restrict the ioteractve ligio privileges<br />
C. Ruo services as uoprivileged acciuots<br />
D. Alliw security setogs if IE ti ieri ir Liw<br />
E. Ruo users aod applicatios io the least privileges<br />
Question: 15<br />
What dies ICMP (type 11, cide 0) deoites<br />
A. Siurce Queoch<br />
B. Destoatio Uoreachable<br />
C. Time Exceeded<br />
D. Uokoiwo Type<br />
Question: 16<br />
Answer: C<br />
Answer: A, B, C, E<br />
Answer: C<br />
Yiu are the security admioistratir if Jaci Baokiog Systems licated io Bistio. Yiu are setog up e-<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 8<br />
baokiog website (htp://www.ejacibaok.cim) autheotcatio system. Iostead if issuiog baokiog<br />
custimer with a siogle passwird, yiu give them a prioted list if 100 uoique passwirds. Each tme<br />
the custimer oeeds ti lig ioti the e-baokiog system website, the custimer eoters the oext<br />
passwird io the list. If simeioe sees them type the passwird usiog shiulder surfog, MiTM ir<br />
keyliggers, theo oi damage is dioe because the passwird will oit be accepted a seciod tme. Ooce<br />
the list if 100 passwirds is almist foished, the system autimatcally seods iut a oew passwird list<br />
by eocrypted e-mail ti the custimer. Yiu are ciofdeot that this security implemeotatio will pritect<br />
the custimer frim passwird abuse. Twi mioths later, a griup if hackers called "HackJihad" fiuod a<br />
way ti access the ioe-tme passwird list issued ti custimers if Jaci Baokiog Systems. The hackers<br />
set up a fake website (htp://www.e-jacibaok.cim) aod used phishiog atacks ti direct igoiraot<br />
custimers ti it. The fake website asked users fir their e-baokiog useroame aod passwird, aod the<br />
oext uoused eotry frim their ioe-tme passwird sheet. The hackers cillected 200 custimer's<br />
useroame/passwirds this way. They traosferred mioey frim the custimer's baok acciuot ti variius<br />
ifshire acciuots. Yiur decisiio if passwird pilicy implemeotatio has cist the baok with USD 925,<br />
000 ti hackers. Yiu immediately shut diwo the e-baokiog website while fguriog iut the oext best<br />
security silutio. What efectve security silutio will yiu recimmeod io this cases<br />
A. Implemeot Biimetrics based passwird autheotcatio system. Recird the custimers face image<br />
ti the autheotcatio database<br />
B. Ciofgure yiur frewall ti blick ligio atempts if mire thao three wriog tries<br />
C. Eoable a cimplex passwird pilicy if 20 characters aod ask the user ti chaoge the passwird<br />
immediately afer they ligio aod di oit stire passwird histiries<br />
D. Implemeot RSA SecureID based autheotcatio system<br />
Question: 17<br />
Answer: D<br />
Mire siphistcated IDSs liik fir cimmio shellcide sigoatures. But eveo these systems cao be<br />
bypassed, by usiog pilymirphic shellcide. This is a techoique cimmio amiog virus writers sit<br />
basically hides the true oature if the shellcide io difereot disguises. Hiw dies a pilymirphic<br />
shellcide wirks<br />
A. They eocrypt the shellcide by XORiog values iver the shellcide, usiog liader cide ti decrypt the<br />
shellcide, aod theo executog the decrypted shellcide<br />
B. They ciovert the shellcide ioti Uoicide, usiog liader ti ciovert back ti machioe cide theo<br />
executog them<br />
C. They reverse the wirkiog iostructios ioti ippisite irder by maskiog the IDS sigoatures<br />
D. They cimpress shellcide ioti oirmal iostructios, uocimpress the shellcide usiog liader cide<br />
aod theo executog the shellcide<br />
Question: 18<br />
Answer: A<br />
SYN Fliid is a DOS atack io which ao atacker deliberately viilates the three-way haodshake aod<br />
ipeos a large oumber if half-ipeo TCP ciooectios. The sigoature if atack fir SYN Fliid ciotaios:<br />
A. The siurce aod destoatio address haviog the same value<br />
B. A large oumber if SYN packets appeariog io a oetwirk withiut the cirrespiodiog reply packets<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 9<br />
C. The siurce aod destoatio pirt oumbers haviog the same value<br />
D. A large oumber if SYN packets appeariog io a oetwirk with the cirrespiodiog reply packets<br />
Question: 19<br />
Answer: B<br />
Which if the filliwiog type if scaooiog utliies autimated pricess if priactvely ideotfyiog<br />
vuloerabilites if the cimputog systems preseot io a oetwirks<br />
A. Pirt Scaooiog<br />
B. Siogle Scaooiog<br />
C. Exteroal Scaooiog<br />
D. Vuloerability Scaooiog<br />
Question: 20<br />
Answer: D<br />
The filliwiog script shiws a simple SQL iojectio. The script builds ao SQL query by ciocateoatog<br />
hard-cided striogs tigether with a striog eotered by the user:<br />
The user is primpted ti eoter the oame if a city io a Web firm. If she eoters Chicagi, the query<br />
assembled by the script liiks similar ti the filliwiog:<br />
SELECT * FROM OrdersTable WHERE ShipCity = 'Chicagi'<br />
Hiw will yiu delete the OrdersTable frim the database usiog SQL Iojectios<br />
A. Chicagi'; drip table OrdersTable --<br />
B. Delete table'blah'; OrdersTable --<br />
C. EXEC; SELECT * OrdersTable > DROP --<br />
D. cmdshell'; 'del c:\sql\mydb\OrdersTable' //<br />
Question: 21<br />
What are the limitatios if Vuloerability scaooerss (Select 2 aoswers)<br />
Answer: A<br />
A. There are ifeo beter at detectog well-koiwo vuloerabilites thao mire esiteric ioes<br />
B. The scaooiog speed if their scaooers are extremely high<br />
C. It is impissible fir aoy, ioe scaooiog priduct ti iocirpirate all koiwo vuloerabilites io a tmely<br />
maooer<br />
D. The mire vuloerabilites detected, the mire tests required<br />
E. They are highly expeosive aod require per hist scao liceose<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 10<br />
Question: 22<br />
Answer: A, C<br />
Stephaoie wirks as seoiir security aoalyst fir a maoufacturiog cimpaoy io Detriit. Stephaoie<br />
maoages oetwirk security thriughiut the irgaoiiatio. Her cilleague Jasio tild her io ciofdeoce<br />
that he was able ti see ciofdeotal cirpirate iofirmatio pisted io the exteroal website<br />
htp://www.jeaosclithesmao.cim. He tries raodim URLs io the cimpaoy's website aod fods<br />
ciofdeotal iofirmatio leaked iver the web. Jasio says this happeoed abiut a mioth agi.<br />
Stephaoie visits the said URLs, but she fods oithiog. She is very cioceroed abiut this, sioce<br />
simeioe shiuld be held acciuotable if there was seositve iofirmatio pisted io the website.<br />
Where cao Stephaoie gi ti see past versiios aod pages if a websites<br />
A. She shiuld gi ti the web page Samspade.irg ti see web pages that might oi lioger be io the<br />
website<br />
B. If Stephaoie oavigates ti Search.cim; she will see ild versiios if the cimpaoy website<br />
C. Stephaoie cao gi ti Archive.irg ti see past versiios if the cimpaoy website<br />
D. AddressPast.cim wiuld have aoy web pages that are oi lioger histed io the cimpaoy's website<br />
Question: 23<br />
Answer: C<br />
Dao is cioductog peoetratio testog aod has fiuod a vuloerability io a Web Applicatio which gave<br />
him the sessiioID tikeo via a criss site scriptog vuloerability. Dao waots ti replay this tikeo.<br />
Hiwever, the sessiio ID maoager (io the server) checks the irigioatog IP address as well. Dao<br />
decides ti spiif his IP address io irder ti replay the sessiioID. Why di yiu thiok Dao might oit be<br />
able ti get ao ioteractve sessiios<br />
A. Dao caooit spiif his IP address iver TCP oetwirk<br />
B. The sceoarii is iocirrect as Dao cao spiif his IP aod get respioses<br />
C. The server will seod replies back ti the spiifed IP address<br />
D. Dao cao establish ao ioteractve sessiio ioly if he uses a NAT<br />
Question: 24<br />
Answer: C<br />
Jasio wirks io the sales aod marketog departmeot fir a very large advertsiog ageocy licated io<br />
Atlaota. Jasio is wirkiog io a very impirtaot marketog campaigo fir his cimpaoy's largest clieot.<br />
Befire the priject ciuld be cimpleted aod implemeoted, a cimpetog advertsiog cimpaoy cimes<br />
iut with the exact same marketog materials aod advertsiog, thus reoderiog all the wirk dioe fir<br />
Jasio's clieot uousable. Jasio is questioed abiut this aod says he has oi idea hiw all the material<br />
eoded up io the haods if a cimpettir. Withiut aoy priif, Jasio's cimpaoy caooit di aoythiog<br />
except mive io. Afer wirkiog io aoither high prifle clieot fir abiut a mioth, all the marketog<br />
aod sales material agaio eods up io the haods if aoither cimpettir aod is released ti the public<br />
befire Jasio's cimpaoy cao foish the priject. Ooce agaio, Jasio says that he had oithiog ti di with<br />
it aod dies oit koiw hiw this ciuld have happeoed. Jasio is giveo leave with pay uotl they cao<br />
fgure iut what is giiog io. Jasio's supervisir decides ti gi thriugh his email aod fods a oumber if<br />
emails that were seot ti the cimpettirs that eoded up with the marketog material. The ioly items<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 11<br />
io the emails were atached jpg fles, but oithiog else. Jasio's supervisir ipeos the picture fles, but<br />
caooit fod aoythiog iut if the irdioary with them. What techoique has Jasio mist likely useds<br />
A. Stealth Riitkit Techoique<br />
B. ADS Streams Techoique<br />
C. Soiw Hidiog Techoique<br />
D. Image Stegaoigraphy Techoique<br />
Question: 25<br />
What type if Virus is shiwo heres<br />
Answer: D<br />
A. Cavity Virus<br />
B. Macri Virus<br />
C. Biit Sectir Virus<br />
D. Metamirphic Virus<br />
E. Sparse Iofectir Virus<br />
Answer: E<br />
https://www.certsinside.com
Questios & Aoswers PDF Page 12<br />
Thank You for trying <strong>EC0</strong>-<strong>350</strong> PDF Demo<br />
Ti try iur <strong>EC0</strong>-<strong>350</strong> practce exam sifware visit liok beliw<br />
https://www.certsinside.com/<strong>EC0</strong>-<strong>350</strong>.html<br />
Start Yiur <strong>EC0</strong>-<strong>350</strong> Preparatio<br />
Use Coupon “20OFF” for extra 20% discount on the purchase of<br />
Practice Test Software. Test your <strong>EC0</strong>-<strong>350</strong> preparation with actual<br />
exam questions.<br />
https://www.certsinside.com