EC0-350 Exam Questions

Bart is looking for a Windows NT/2000/XP command-line tool that can be used to assign, display, or modify ACL's (access control lists) to files or folders and also one that can be...

Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?

You are gathering competitive intelligence on XYZ.com. You notice that they have jobs listed on a few Internet job-hunting sites. There are two job postings for network and system...

What are the three phases involved in security testing?

You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before. How ca...

You work as security technician at XYZ.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which o...

This packet was taken from a packet sniffer that monitors a Web server. This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standar...

This kind of attack will let you assume a users identity at a dynamically generated web page or site:

____________ will let you assume a users identity at a dynamically generated web page or site.

What is Form Scalpel used for?

Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to buy. Bubba considers the price a bit too steep. He looks at the source code of...

Take a look at the following attack on a Web Server using obstructed URL: 4%63%2f%70 %61%73%73%77%64 The request is made up of: ?%2e%2e%2f%2e%2e%2f%2e%2f% = ../../../ ?%65%74%63 =...

What are the differences between SSL and S-HTTP?

Kevin sends an email invite to Chris to visit a forum for security professionals. Chris clicks on the link in the email message and is taken to a web based bulletin board. Unknown...

Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first at...

Which of the following statements best describes the term Vulnerability?

Bob is a very security conscious computer user. He plans to test a site that is known to have malicious applets, code, and more. Bob always make use of a basic Web Browser to perfo...

Clive has been hired to perform a Black-Box test by one of his clients. How much information will Clive obtain from the client before commencing his test?

Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of XYZ, he went through a few scann...

Jim is having no luck performing a penetration test in XYZ's network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. De...

You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure secu...

What does black box testing mean?

Bryan notices the error on the web page and asks Liza to enter liza' or '1'='1 in the email field. They are greeted with a message "Your login information has been mailed to johndo...

Liza has forgotten her password to an online bookstore. The web application asks her to key in her email so that they can send her the password. Liza enters her email [email protected]...

Kevin has been asked to write a short program to gather user input for a web application. He likes to keep his code neat and simple. He chooses to use printf(str) where he should h...

Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code...

Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below. Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ; After Alteration: Cook...

_________ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity...

Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for ma...

Which of the following is the best way an attacker can passively learn about technologies used in an organization?

Which of the following is most effective against passwords? Select the Answer:

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The file Permission Canonicalization vu...

Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit. Choose the attack type from the choices given below.

You are conducting pen-test against a company's website using SQL Injection techniques. You enter "anuthing or 1=1-" in the username filed of an authentication form. This is the ou...

Your boss Tess King is attempting to modify the parameters of a Web-based application in order to alter the SQL statements that are parsed to retrieve data from the database. What...

When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)

A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?

Look at the following SQL query. SELECT * FROM product WHERE PCategory='computers' or 1=1--' What will it return? Select the best answer.

Sandra is conducting a penetration test for XYZ.com. She knows that XYZ.com is using wireless networking for some of the offices in the building right down the street. Through soci...

WEP is used on 802.11 networks, what was it designed for?

RC4 is known to be a good stream generator. RC4 is used within the WEP standard on wireless LAN. WEP is known to be insecure even if we are using a stream cipher that is known to b...

In an attempt to secure his wireless network, Bob implements a VPN to cover the wireless communications. Immediately after the implementation, users begin complaining about how slo...

In an attempt to secure his wireless network, Bob turns off broadcasting of the SSID. He concludes that since his access points require the client computer to have the proper SSID,...

In an attempt to secure his 802.11b wireless network, Ulf decides to use a strategic antenna positioning. He places the antenna for the access points near the center of the buildin...

Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?

Which of the following is true of the wireless Service Set ID (SSID)? (Select all that apply.)

Which of the following wireless technologies can be detected by NetStumbler? (Select all that apply)

802.11b is considered a ____________ protocol.

While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using...