Latest Certified Success Dumps Download

EC0-350 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 181-190

September 23, 2017

2017 Sep ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 181 – (Topic 2)

LAN Manager Passwords are concatenated to 14 bytes, and split in half. The two halves

are hashed individually. If the password is 7 characters or less, than the second half of the hash is always:

  1. 0xAAD3B435B51404EE

  2. 0xAAD3B435B51404AA

  3. 0xAAD3B435B51404BB

  4. 0xAAD3B435B51404CC

Answer: A

Question No: 182 – (Topic 2)

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn#39;t work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

  1. Look for quot;zero-dayquot; exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank#39;s network

  2. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly- paid or disgruntled employee, and offer them money if they#39;ll abuse their access privileges by providing you with sensitive information

  3. Launch DDOS attacks against Merclyn Barley Bank#39;s routers and firewall systems using 100, 000 or more quot;zombiesquot; and quot;botsquot;

  4. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank#39;s Webserver to that of your machine using DNS Cache Poisoning techniques

Answer: B

Question No: 183 – (Topic 2)

Which of the following is NOT part of CEH Scanning Methodology?

  1. Check for Live systems

  2. Check for Open Ports

  3. Banner Grabbing

  4. Prepare Proxies

  5. Social Engineering attacks

  6. Scan for Vulnerabilities

  7. Draw Network Diagrams

Answer: E

Question No: 184 – (Topic 2)

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

Ensurepass 2017 PDF and VCE

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today#39;s end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

What is Rogue security software?

  1. A flash file extension to Firefox that gets automatically installed when a victim visits rogue software disabling websites

  2. A Fake AV program that claims to rid a computer of malware, but instead installs spyware or other malware onto the computer. This kind of software is known as rogue security software.

  3. Rogue security software is based on social engineering technique in which the attackers lures victim to visit spear phishing websites

  4. This software disables firewalls and establishes reverse connecting tunnel between the victim#39;s machine and that of the attacker

Answer: B

Question No: 185 – (Topic 2)

Blane is a network security analyst for his company. From an outside IP, Blane performs an XMAS scan using Nmap. Almost every port scanned does not illicit a response. What can he infer from this kind of response?

  1. These ports are open because they do not illicit a response.

  2. He can tell that these ports are in stealth mode.

  3. If a port does not respond to an XMAS scan using NMAP, that port is closed.

  4. The scan was not performed correctly using NMAP since all ports, no matter what their state, will illicit some sort of response from an XMAS scan.

Answer: A

Question No: 186 – (Topic 2)

Fred is the network administrator for his company. Fred is testing an internal switch. From an external IP address, Fred wants to try and trick this switch into thinking it already has established a session with his computer. How can Fred accomplish this?

  1. Fred can accomplish this by sending an IP packet with the RST/SIN bit and the source address of his computer.

  2. He can send an IP packet with the SYN bit and the source address of his computer.

  3. Fred can send an IP packet with the ACK bit set to zero and the source address of the switch.

  4. Fred can send an IP packet to the switch with the ACK bit and the source address of his machine.

Answer: D

Question No: 187 – (Topic 2)

Bob was frustrated with his competitor, Brownies Inc., and decided to launch an attack that would result in serious financial losses. He planned the attack carefully and carried out the attack at the appropriate moment.

Meanwhile, Trent, an administrator at Brownies Inc., realized that their main financial transaction server had been attacked. As a result of the attack, the server crashed and Trent needed to reboot the system, as no one was able to access the resources of the company. This process involves human interaction to fix it.

What kind of Denial of Service attack was best illustrated in the scenario above?

  1. Simple DDoS attack

  2. DoS attacks which involves flooding a network or system

  3. DoS attacks which involves crashing a network or system

  4. DoS attacks which is done accidentally or deliberately

Answer: C

Question No: 188 – (Topic 2)

You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company#39;s network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.

Your peer, Peter Smith who works at the same department disagrees with you. He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of quot;weakest linkquot; in the security chain. What is Peter Smith talking about?

  1. Untrained staff or ignorant computer users who inadvertently become the weakest link in your security chain

  2. quot;zero-dayquot; exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks

  3. quot;Polymorphic virusesquot; are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks

  4. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Answer: A

Question No: 189 – (Topic 2)

Joseph has just been hired on to a contractor company of the Department of Defense as their Senior Security Analyst. Joseph has been instructed on the company#39;s strict security policies that have been implemented, and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two- factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph#39;s supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number. Joseph#39;s company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two- factor authentication?

  1. Biometric device

  2. OTP

  3. Proximity cards

  4. Security token

Answer: D

Question No: 190 – (Topic 2)

Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough.

Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:

Ensurepass 2017 PDF and VCE

How can you protect/fix the problem of your application as shown above?

  1. Because the counter starts with 0, we would stop when the counter is less than 200

  2. Because the counter starts with 0, we would stop when the counter is more than 200

  3. Add a separate statement to signify that if we have written less than 200 characters to

    the buffer, the stack should stop because it cannot hold any more data

  4. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

Answer: A,D

100% Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass EC0-350 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE