EC0-350 Exam Questions

Which of the following best describes session key creation in SSL?

How many bits encryption does SHA-1 use?

There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are...

A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting...

In which of the following should be performed first in any penetration test?

Vulnerability mapping occurs after which phase of a penetration test?

Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands...

This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagr...

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the in...

This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate. Ho...

Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information whi...

What type of attack is shown in the following diagram?

Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administr...

How do you defend against ARP Spoofing? Select three.

TCP SYN Flood attack uses the three-way handshake mechanism. 1. An attacker at system A sends a SYN packet to victim at system B 2. System B sends a SYN/ACK packet to victim A 3. A...

Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large m...

You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123. Here is the output of your scan results: Which of t...

How do you defend against Privilege Escalation?

What does ICMP (type 11, code 0) denote?

You are the security administrator of Jaco Banking Systems located in Boston. You are setting up customer with a single password, you give them a printed list of 100 unique passwor...

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers...

SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections. The signature of attack for SYN...

Which of the following type of scanning utilizes automated process of proactively identifying vulnerabilities of the computing systems present on a network?

The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user: The user is prompt...

What are the limitations of Vulnerability scanners? (Select 2 answers)

Stephanie works as senior security analyst for a manufacturing company in Detroit. Stephanie manages network security throughout the organization. Her colleague Jason told her in c...

Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to r...

Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's...

What type of Virus is shown here?

An attacker finds a web page for a target organization that supplies contact information for the company. Using available details to make the message seem authentic, the attacker d...

Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered v...

How does traceroute map the route a packet travels from point A to point B?

How do you defend against DHCP Starvation attack?

What type of session hijacking attack is shown in the exhibit?

The SYN flood attack sends TCP connections requests faster than a machine can process them. Attacker creates a random source address for each packet SYN flag set in each packet is...

What type of port scan is shown below?

Stephanie works as a records clerk in a large office building in downtown Chicago. On Monday, she went to a mandatory security awareness class (Security5) put on by her company's I...

Neil is a network administrator working in Istanbul. Neil wants to setup a protocol analyzer on his network that will receive a copy of every packet that passes through the main of...

In TCP communications there are 8 flags; FIN, SYN, RST, PSH, ACK, URG, ECE, CWR. These flags have decimal numbers assigned to them: FIN = 1 SYN = 2 RST = 4 PSH = 8 ACK = 16 URG = 3...

Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?

Peter extracts the SID list from Windows 2008 Server machine using the hacking tool "SIDExtracter". Here is the output of the SIDs: From the above list identify the user account wi...

What is the problem with this ASP script (login.asp)?

Google uses a unique cookie for each browser used by an individual user on a computer. This cookie contains information that allows Google to identify records about that user on it...

How many bits encryption does SHA-1 use?

In Trojan terminology, what is required to create the executable file chess.exe as shown below?

Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and a...

This attack uses social engineering techniques to trick users into accessing a fake Web site and divulging personal information. Attackers send a legitimate-looking e-mail asking u...

Which of the following statements would NOT be a proper definition for a Trojan Horse?