Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
EC0-350 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 481-490

September 23, 2017

EnsurePass
2017 Sep ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC0-350.html

Ethical Hacking and Countermeasures V8

Question No: 481 – (Topic 5)

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP port 21 – no response TCP port 22 – no response TCP port 23 – Time-to-live exceeded

  1. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of

    the target host.

  2. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server.

  3. The scan on port 23 passed through the filtering device. This indicates that port 23 was not blocked at the firewall.

  4. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error.

Answer: C

Question No: 482 – (Topic 5)

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

  1. Asymmetric

  2. Confidential

  3. Symmetric

  4. Non-confidential

Answer: A

Question No: 483 – (Topic 5)

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

  1. Injecting parameters into a connection string using semicolons as a separator

  2. Inserting malicious Javascript code into input parameters

  3. Setting a user#39;s session identifier (SID) to an explicit known value

  4. Adding multiple parameters with the same name in HTTP requests

Answer: A

Question No: 484 – (Topic 5)

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

  1. UDP 123

  2. UDP 541

  3. UDP 514

  4. UDP 415

Answer: C

Question No: 485 – (Topic 5)

Advanced encryption standard is an algorithm used for which of the following?

  1. Data integrity

  2. Key discovery

  3. Bulk data encryption

  4. Key recovery

Answer: C

Question No: 486 – (Topic 5)

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

  1. Port scanning

  2. Banner grabbing

  3. Injecting arbitrary data

  4. Analyzing service response

Answer: D

Question No: 487 – (Topic 5)

Which of the following are variants of mandatory access control mechanisms? (Choose two.)

  1. Two factor authentication

  2. Acceptable use policy

  3. Username / password

  4. User education program

  5. Sign in register

Answer: A,C

Question No: 488 – (Topic 5)

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.

In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

  1. Semicolon

  2. Single quote

  3. Exclamation mark

  4. Double quote

Answer: B

Question No: 489 – (Topic 5)

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

  1. Metasploit scripting engine

  2. Nessus scripting engine

  3. NMAP scripting engine

  4. SAINT scripting engine

Answer: C

Question No: 490 – (Topic 5)

Which of the following algorithms provides better protection against brute force attacks by

using a 160-bit message digest?

  1. MD5

  2. SHA-1

  3. RC4

  4. MD4

Answer: B

100% Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass EC0-350 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE