EC0-350 Exam Questions

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into t...

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the app...

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database h...

Which of the following items is unique to the N-tier architecture method of designing software applications?

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer...

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settin...

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handsha...

Which type of scan is used on the eye to measure the layer of blood vessels?

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst d...

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site. <script>alert(" Testing Testing...

A hacker was able to sniff packets on a company's wireless network. The following information was discovered. The Key 10110010 01001011 The Cyphertext 01100101 01011010 Using the E...

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming int...

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106: Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.16...

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Which results will be returned with the following Google search query? site:target.com - site:Marketing.target.com accounting

One advantage of an application-level firewall is the ability to

Which type of security document is written with specific step-by-step details?

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from f...

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may b...

How can rainbow tables be defeated?

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to...

If the final set of security controls does not eliminate all risk in a system, what could be done next?

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Co...

What is the best defense against privilege escalation vulnerability?

Fingerprinting VPN firewalls is possible with which of the following tools?

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Which of the following is a client-server tool utilized to evade firewall inspection?

Which of the following is a symmetric cryptographic standard?

Which of the following cryptography attack methods is usually performed without the use of a computer?

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

Which of the following open source tools would be the best choice to scan a network for potential targets?

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Which cipher encrypts the plain text digit (bit or byte) one by one?

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

Which of the following is a preventive control?

Which of the following describes the characteristics of a Boot Sector Virus?