EC0-350 Exam Questions

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design,...

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?

How does an operating system protect the passwords used for account logins?

Which of the following programs is usually targeted at Microsoft Office products?

What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection vulnerability?

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Data hiding analysis can be useful in

Smart cards use which protocol to transfer the certificate in a secure manner?

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set: Untrust (Inter...

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a 32-bit address to a 48-bit address?

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

Which type of access control is used on a router or firewall to limit network activity?

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)? (Choose two.)

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

How can telnet be used to fingerprint a web server?

Which of the following problems can be solved by using Wireshark?

Which of the following is an example of an asymmetric encryption implementation?

What is the purpose of conducting security assessments on network resources?

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, r...

Which of the following is an application that requires a host application for replication?

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

What statement is true regarding LM hashes?

What is a successful method for protecting a router from potential smurf attacks?

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

The use of technologies like IPSec can help guarantee the followinG. authenticity, integrity, confidentiality and

A security administrator notices that the log file of the company`s webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php s...

Which of the following is a detective control?

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the test...

A circuit level gateway works at which of the following layers of the OSI Model?

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the...

Which command line switch would be used in NMAP to perform operating system detection?

Bluetooth uses which digital modulation technique to exchange information between paired devices?

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind...

A security policy will be more accepted by employees if it is consistent and has the support of

There is a WEP encrypted wireless access point (AP) with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. What information is neede...

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

How do employers protect assets with security policies pertaining to employee surveillance activities?

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router confi...

Which of the following parameters enables NMAP's operating system detection feature?

Which of the following is an example of IP spoofing?

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?