Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
EC0-350 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 241-250

September 23, 2017

EnsurePass
2017 Sep ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC0-350.html

Ethical Hacking and Countermeasures V8

Question No: 241 – (Topic 3)

After a client sends a connection request (SYN) packet to the server, the server will respond (SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by the client. This sequence number is predictable; the attack connects to a service first with its own IP address, records the sequence number chosen, and then opens a second connection from a forged IP address. The attack doesn#39;t see the SYN-ACK (or any other packet) from the server, but can guess the correct responses. If the source IP address is used for authentication, then the attacker can use the one-sided communication to break into the server. What attacks can you successfully launch against a server using the above technique?

  1. Denial of Service attacks

  2. Session Hijacking attacks

  3. Web page defacement attacks

  4. IP spoofing attacks

Answer: B

Question No: 242 – (Topic 3)

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy#39;s first task is to scan all the company#39;s external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:

SELECT * from Users where username=#39;admin#39; ?AND password=#39;#39; AND email like #39;%@testers.com%#39;

What will the SQL statement accomplish?

  1. If the page is susceptible to SQL injection, it will look in the Users table for usernames of admin

  2. This statement will look for users with the name of admin, blank passwords, and email addresses that end in @testers.com

  3. This Select SQL statement will log James in if there are any users with NULL passwords

  4. James will be able to see if there are any default user accounts in the SQL database

Answer: B Explanation:

This query will search for admin user with blank password with mail address @testers.com

Question No: 243 – (Topic 3)

What do you call a pre-computed hash?

  1. Sun tables

  2. Apple tables

  3. Rainbow tables

  4. Moon tables

Answer: C

Question No: 244 – (Topic 3)

Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company#39;s network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?

  1. Hayden is attempting to find live hosts on her company#39;s network by using an XMAS scan

  2. She is utilizing a SYN scan to find live hosts that are listening on her network

  3. The type of scan, she is using is called a NULL scan

  4. Hayden is using a half-open scan to find live hosts on her network

Answer: D

Question No: 245 – (Topic 3)

You want to perform advanced SQL Injection attack against a vulnerable website. You are unable to perform command shell hacks on this server. What must be enabled in SQL Server to launch these attacks?

  1. System services

  2. EXEC master access

  3. xp_cmdshell

  4. RDC

Answer: C

Question No: 246 – (Topic 3)

You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.

Here is the captured data in tcpdump.

Ensurepass 2017 PDF and VCE

What are the next sequence and acknowledgement numbers that the router will send to the victim machine?

  1. Sequence number: 82980070 Acknowledgement number: 17768885A.

  2. Sequence number: 17768729 Acknowledgement number: 82980070B.

  3. Sequence number: 87000070 Acknowledgement number: 85320085C.

  4. Sequence number: 82980010 Acknowledgement number: 17768885D.

Answer: A

Question No: 247 – (Topic 3)

You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check for security reasons?

Ensurepass 2017 PDF and VCE

What is the length of the MD5 hash?

  1. 32 character

  2. 64 byte

  3. 48 char

  4. 128 kb

Answer: A

Question No: 248 – (Topic 3)

What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

  1. Scripting languages are hard to learn.

  2. Scripting languages are not object-oriented.

  3. Scripting languages cannot be used to create graphical user interfaces.

  4. Scripting languages are slower because they require an interpreter to run the code.

Answer: D

Question No: 249 – (Topic 3)

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

  1. The tester must capture the WPA2 authentication handshake and then crack it.

  2. The tester must use the tool inSSIDer to crack it using the ESSID of the network.

  3. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

  4. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

Answer: A

Question No: 250 – (Topic 3)

Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company.

Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevinamp;Smith=121″ Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katyamp;Sanchez=121″ Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy#39;s mailbox?

  1. This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access

  2. By changing the mailbox#39;s name in the URL, Kevin is attempting directory transversal

  3. Kevin is trying to utilize query string manipulation to gain access to her email account

  4. He is attempting a path-string attack to gain access to her mailbox

Answer: C

100% Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass EC0-350 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE