EC0-350 Exam Questions

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

A botnet can be managed through which of the following?

Which of the following is a strong post designed to stop a car?

What are common signs that a system has been compromised or hacked? (Choose three.)

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employ...

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting...

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other mach...

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID car...

In the OSI model, where does PPTP encryption take place?

What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

An NMAP scan of a server shows port 25 is open. What risk could this pose?

Which of the following are variants of mandatory access control mechanisms? (Choose two.)

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

Which of the following is used to indicate a single-line comment in structured query language (SQL)?

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?

Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)

Which of the following examples best represents a logical or technical control?

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior...

How can a policy help improve an employee's security awareness?

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces...

Which of the following techniques will identify if computer files have been changed?

Which of the following does proper basic configuration of snort as a network intrusion detection system require?

When analyzing the IDS logs, the system administrator notices connections from outside of the LAN have been sending packets where the Source IP address and Destination IP address a...

Which of the following descriptions is true about a static NAT?

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy o...

Which of the following is a component of a risk assessment?

What information should an IT system analysis provide to the risk assessor?

Which security strategy requires using several, varying methods to protect IT systems against attacks?

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. H...

Which of the following programming languages is most vulnerable to buffer overflow attacks?

Which property ensures that a hash function will not produce the same hashed value for two different messages?

From the two screenshots below, which of the following is occurring?

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

An NMAP scan of a server shows port 69 is open. What risk could this pose?

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended...

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP p...

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be i...

What results will the following command yielD. 'NMAP -sS -O -p 123-153 192.168.100.3'?

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker...

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking att...

ICMP ping and ping sweeps are used to check for active systems and to check