EC0-350 Exam Questions

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

A pentester gains acess to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffi...

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

What are the three types of authentication?

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. W...

Which of the following business challenges could be solved by using a vulnerability scanner?

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this sec...

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see...

Which set of access control solutions implements two-factor authentication?

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for e...

Advanced encryption standard is an algorithm used for which of the following?

Which statement best describes a server type under an N-tier architecture?

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to expl...

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof...

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronical...

Which security control role does encryption meet?

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed lik...

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A company has hired a security administrator to maintain and administer Linux and Windows- based systems. Written in the nightly report file is the following. Firewall log files ar...

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

At a Windows Server command prompt, which command could be used to list the running services?

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Which of the following is considered an acceptable option when managing a risk?

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage serv...

__________ is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditi...

A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could...

Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filte...

What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)

Which of the following LM hashes represents a password of less than 8 characters?

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect's workstation. He comes across a file that is just called...

Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tas...

Which Windows system tool checks integrity of critical files that has been digitally signed by Microsoft?

Botnets are networks of compromised computers that are controlled remotely and surreptitiously by one or more cyber criminals. How do cyber criminals infect a victim's computer wit...

What is the essential difference between an `Ethical Hacker' and a `Cracker'?

What does the term "Ethical Hacking" mean?

Who is an Ethical Hacker?

What is "Hacktivism"?

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

What are the two basic types of attacks? (Choose two.

User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?