EC0-350 Exam Questions

David is a security administrator working in Boston. David has been asked by the office's manager to block all POP3 traffic at the firewall because he believes employees are spendi...

You want to capture Facebook website traffic in Wireshark. What display filter should you use that shows all TCP packets that contain the word 'facebook'?

Most cases of insider abuse can be traced to individuals who are introverted, incapable of dealing with stress or conflict, and frustrated with their job, office politics, and lack...

Fake Anti-Virus, is one of the most frequently encountered and persistent threats on the web. This malware uses social engineering to lure users into infected websites with a techn...

How would you describe an attack where an attacker attempts to deliver the payload over multiple packets over long periods of time with the purpose of defeating simple pattern matc...

Jake works as a system administrator at Acme Corp. Jason, an accountant of the firm befriends him at the canteen and tags along with him on the pretext of appraising him about pote...

While performing a ping sweep of a local subnet you receive an ICMP reply of Code 3/Type 13 for all the pings you have sent out. What is the most likely cause of this?

Consider the following code: text=<script>alert(document.cookie)</script> If an attacker can trick a victim user to click a link like this, and the Web application does not validat...

Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking...

What type of Trojan is this?

Maintaining a secure Web server requires constant effort, resources, and vigilance from an organization. Securely administering a Web server on a daily basis is an essential aspect...

In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?

Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web...

An attacker has successfully compromised a remote computer. Which of the following comes as one of the last steps that should be taken to ensure that the compromise cannot be trace...

Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated at...

What is War Dialing?

Steven the hacker realizes the network administrator of Acme Corporation is using syskey in Windows 2008 Server to protect his resources in the organization. Syskey independently e...

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target...

Ursula is a college student at a University in Amsterdam. Ursula originally went to college to study engineering but later changed to marine biology after spending a month at sea w...

Attacking well-known system defaults is one of the most common hacker attacks. Most software is shipped with a default configuration that makes it easy to install and setup the app...

This tool is widely used for ARP Poisoning attack. Name the tool.

BankerFox is a Trojan that is designed to steal users' banking data related to certain banking entities. When they access any website of the affected banks through the vulnerable F...

In the context of password security: a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtC...

You receive an e-mail with the following text message. "Microsoft and HP today warned all customers that a new, highly dangerous virus has been discovered which will erase all your...

Choose one of the following pseudo codes to describe this statement: "If we have written 200 characters to the buffer variable, the stack should stop because it cannot hold any mor...

One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?

Attackers footprint target Websites using Google Hacking techniques. Google hacking is a term that refers to the art of creating complex search engine queries. It detects websites...

Which of the following tool would be considered as Signature Integrity Verifier (SIV)?

Bob has set up three web servers on Windows Server 2008 IIS 7.0. Bob has followed all the recommendations for securing the operating system and IIS. These servers are going to run...

Which of the following statement correctly defines ICMP Flood Attack? (Select 2 answers)

Which type of scan does NOT open a full TCP connection?

Lori was performing an audit of her company's internal Sharepoint pages when she came across the following code. What is the purpose of this code?

What sequence of packets is sent during the initial TCP three-way handshake?

Steve scans the network for SNMP enabled devices. Which port number Steve should scan?

You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them list...

You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire co...

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation...

Which of the following is NOT part of CEH Scanning Methodology?

Lee is using Wireshark to log traffic on his network. He notices a number of packets being directed to an internal IP from an outside IP where the packets are ICMP and their size i...

This method is used to determine the Operating system and version running on a remote target system. What is it called?

William has received a Chess game from someone in his computer programming class through email. William does not really know the person who sent the game very well, but decides to...

John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast...

You are gathering competitive intelligence on an organization. You notice that they have jobs listed on a few Internet job-hunting sites. There are two jobs for network and system...

TCP packets transmitted in either direction after the initial three-way handshake will have which of the following bit set?

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server in your organization. They notice that there is excessive numbe...

What framework architecture is shown in this exhibit?

Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker?

While testing web applications, you attempt to insert the following test script into the search area on the company's web site: <script>alert('Testing Testing Testing')</script> La...

What techniques would you use to evade IDS during a Port Scan? (Select 4 answers)