1. Home
  2. ECCouncil
  3. Certified Ethical Hacker
  4. EC0-350
  5. Ethical Hacking and Countermeasures V8 Questions and Answers

Pass the ECCouncil Certified Ethical Hacker EC0-350 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 11 out of 14 pages
Viewing questions 201-220 out of questions
Questions # 201:

Which of the following techniques will identify if computer files have been changed?

Options:
A.

Network sniffing

B.

Permission sets

C.

Integrity checking hashes

D.

Firewall alerts

Expert Solution
Questions # 202:

Which of the following is used to indicate a single-line comment in structured query language (SQL)?

Options:
A.

--

B.

||

C.

%%

D.

''

Expert Solution
Questions # 203:

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Options:
A.

Metasploit scripting engine

B.

Nessus scripting engine

C.

NMAP scripting engine

D.

SAINT scripting engine

Expert Solution
Questions # 204:

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:
A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Expert Solution
Questions # 205:

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Options:
A.

The web application does not have the secure flag set.

B.

The session cookies do not have the HttpOnly flag set.

C.

The victim user should not have an endpoint security solution.

D.

The victim's browser must have ActiveX technology enabled.

Expert Solution
Questions # 206:

Which security control role does encryption meet?

Options:
A.

Preventative

B.

Detective

C.

Offensive

D.

Defensive

Expert Solution
Questions # 207:

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Options:
A.

Teardrop

B.

SYN flood

C.

Smurf attack

D.

Ping of death

Expert Solution
Questions # 208:

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

Options:
A.

Port scanning

B.

Banner grabbing

C.

Injecting arbitrary data

D.

Analyzing service response

Expert Solution
Questions # 209:

Pentest results indicate that voice over IP traffic is traversing a network.  Which of the following tools will decode a packet capture and extract the voice conversations?

Options:
A.

Cain

B.

John the Ripper

C.

Nikto

D.

Hping

Expert Solution
Questions # 210:

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.

Which of the following programming languages would most likely be used?

Options:
A.

PHP

B.

C#

C.

Python

D.

ASP.NET

Expert Solution
Questions # 211:

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

Options:
A.

Injecting parameters into a connection string using semicolons as a separator

B.

Inserting malicious Javascript code into input parameters

C.

Setting a user's session identifier (SID) to an explicit known value

D.

Adding multiple parameters with the same name in HTTP requests

Expert Solution
Questions # 212:

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:
A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Expert Solution
Questions # 213:

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Options:
A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

Expert Solution
Questions # 214:

What results will the following command yielD. 'NMAP -sS -O -p 123-153 192.168.100.3'?

Options:
A.

A stealth scan, opening port 123 and 153

B.

A stealth scan, checking open ports 123 to 153

C.

A stealth scan, checking all open ports excluding ports 123 to 153

D.

A stealth scan, determine operating system, and scanning ports 123 to 153

Expert Solution
Questions # 215:

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options:
A.

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

B.

The root CA stores the user's hash value for safekeeping.

C.

The CA is the trusted root that issues certificates.

D.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Expert Solution
Questions # 216:

Which of the following cryptography attack methods is usually performed without the use of a computer?

Options:
A.

Ciphertext-only attack

B.

Chosen key attack

C.

Rubber hose attack

D.

Rainbow table attack

Expert Solution
Questions # 217:

Advanced encryption standard is an algorithm used for which of the following?

Options:
A.

Data integrity

B.

Key discovery

C.

Bulk data encryption

D.

Key recovery

Expert Solution
Questions # 218:

Which of the following business challenges could be solved by using a vulnerability scanner?

Options:
A.

Auditors want to discover if all systems are following a standard naming convention.

B.

A web server was compromised and management needs to know if any further systems were compromised.

C.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

Expert Solution
Questions # 219:

Which of the following examples best represents a logical or technical control?

Options:
A.

Security tokens

B.

Heating and air conditioning

C.

Smoke and fire alarms

D.

Corporate security policy

Expert Solution
Questions # 220:

A company has publicly hosted web applications and an internal Intranet protected by a firewall.  Which technique will help protect against enumeration?

Options:
A.

Reject all invalid email received via SMTP.

B.

Allow full DNS zone transfers.

C.

Remove A records for internal hosts.

D.

Enable null session pipes.

Expert Solution
Viewing page 11 out of 14 pages
Viewing questions 201-220 out of questions