EC0-350 Exam Questions

What makes web application vulnerabilities so aggravating? (Choose two)

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies ca...

Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in the web server program. He wants to proceed by installing a backdoor program....

While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80. What can you infer from this observation?

You are the security administrator for a large network. You want to prevent attackers from running any sort of traceroute into your DMZ and discover the internal structure of publi...

Bob, an Administrator at XYZ was furious when he discovered that his buddy Trent, has launched a session hijack attack against his network, and sniffed on his communication, includ...

Network Intrusion Detection systems can monitor traffic in real time on networks. Which one of the following techniques can be very effective at avoiding proper detection?

What do you conclude from the nmap results below? (The 1592 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 25/tcp open smtp 80/tcp open...

Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first at...

Snort is an open source Intrusion Detection system. However, it can also be used for a few other purposes as well. Which of the choices below indicate the other features offered by...

When referring to the Domain Name Service, what is denoted by a `zone'?

Statistics from cert.org and other leading security organizations has clearly showed a steady rise in the number of hacking incidents perpetrated against companies. What do you thi...

You are doing IP spoofing while you scan your target. You find that the target has port 23 open. Anyway you are unable to connect. Why?

While examining a log report you find out that an intrusion has been attempted by a machine whose IP address is displayed as 0xde.0xad.0xbe.0xef. It looks to you like a hexadecimal...

All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?

What is a sheepdip?

If you come across a sheepdip machine at your client's site, what should you do?

If you come across a sheepdip machaine at your client site, what would you infer?

What type of attack changes its signature and/or payload to avoid detection by antivirus programs?

You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

Which of the following is not an effective countermeasure against replay attacks?

To scan a host downstream from a security gateway, Firewalking:

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address : An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system co...

You perform the above traceroute and notice that hops 19 and 20 both show the same IP address. This probably indicates what?

Which of the following are potential attacks on cryptography? (Select 3)

What is a primary advantage a hacker gains by using encryption or programs such as Loki?

What is the tool Firewalk used for?

You have performed the traceroute below and notice that hops 19 and 20 both show the same IP address. What can be inferred from this output?

During the intelligence gathering phase of a penetration test, you come across a press release by a security products vendor stating that they have signed a multi-million dollar ag...

Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determ...

Neil is closely monitoring his firewall rules and logs on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web s...

Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to allow a host outside of a firewall to connect transparently and securely through th...

Basically, there are two approaches to network intrusion detection: signature detection, and anomaly detection. The signature detection approach utilizes well-known signatures for...

John has a proxy server on his network which caches and filters web access. He shuts down all unnecessary ports and services. Additionally, he has installed a firewall (Cisco PIX)...

A program that defends against a port scanner will attempt to:

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

Exhibit: Given the following extract from the snort log on a honeypot, what service is being exploited? :

There are two types of honeypots- high and low interaction. Which of these describes a low interaction honeypot? Select the best answers.

An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to...

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

Study the following exploit code taken from a Linux machine and answer the questions below: echo "ingreslock stream tcp nowait root /bin/sh sh -I" > /tmp/x; /usr/sbin/inetd -s /tmp...

The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and g...

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) then it was intended to hold. What is the most common cause of...

The following exploit code is extracted from what kind of attack?

StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks.

Symmetric encryption algorithms are known to be fast but present great challenges on the key management side. Asymmetric encryption algorithms are slow but allow communication with...

Steven the hacker realizes that the network administrator of XYZ is using syskey to protect organization resources in the Windows 2000 Server. Syskey independently encrypts the has...

In the context of using PKI, when Sven wishes to send a secret message to Bob, he looks up Bob's public key in a directory, uses it to encrypt the message before sending it off. Bo...

What is SYSKEY # of bits used for encryption?

Which of the following is NOT true of cryptography?