EC0-350 Exam Questions

Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standar...

Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?

Sniffing is considered an active attack.

A file integrity program such as Tripwire protects against Trojan horse attacks by:

Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt. $ nc -l -p 1026 -u -v In response, he sees the fo...

What does the command in the exhibit do in "Ettercap"? ettercap -NCLzs --quiet

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Se...

A POP3 client contacts the POP3 server:

Samantha was hired to perform an internal security test of XYZ. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits h...

Ethereal works best on ____________.

The follows is an email header. What address is that of the true originator of the message?

Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options?

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?

When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

Which of the following is not considered to be a part of active sniffing?

ARP poisoning is achieved in _____ steps

How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on...

You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?

Tess King, the evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65, 536 bytes. From the i...

Which one of the following instigates a SYN flood attack?

Global deployment of RFC 2827 would help mitigate what classification of attack?

What happens when one experiences a ping of death?

Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

A denial of Service (DoS) attack works on the following principle:

What happens during a SYN flood attack?

What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?

What is the goal of a Denial of Service Attack?

What do you call a system where users need to remember only one username and password, and be authenticated for multiple services?

Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection rev...

What would best be defined as a security test on services against a known vulnerability database using an automated tool?

A Buffer Overflow attack involves:

When working with Windows systems, what is the RID of the true administrator account?

If you send a SYN to an open port, what is the correct response?(Choose all correct answers.

When working with Windows systems, what is the RID of the true administrator account?

You have been called to investigate a sudden increase in network traffic at XYZ. It seems that the traffic generated was too heavy that normal business functions could no longer be...

Henry is an attacker and wants to gain control of a system and use it to flood a target system with requests, so as to prevent legitimate users from gaining access. What type of at...

Eve decides to get her hands dirty and tries out a Denial of Service attack that is relatively new to her. This time she envisages using a different kind of method to attack Browni...

Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack. What should Peter do to prevent a smurf attack? Select the best answer.

John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong. In the context of Session hijacking why would you consi...

What is the key advantage of Session Hijacking?

What type of cookies can be generated while visiting different web sites on the Internet?

Which is the right sequence of packets sent during the initial TCP three way handshake?

What is Hunt used for?

You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just rece...

How would you prevent session hijacking attacks?

Which of the following attacks takes best advantage of an existing authenticated connection?

Tess King is making use of Digest Authentication for her Web site. Why is this considered to be more secure than Basic authentication?

You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform...

You wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization. While some of the met...