Ethical Hacking and Countermeasures V8
Question No: 501 – (Topic 6)
is one of the programs used to wardial.
Answer: E Explanation:
ToneLoc is one of the programs used to wardial. While this is considered an quot;old schoolquot; technique, it is still effective at finding backdoors and out of band network entry points.
Question No: 502 – (Topic 6)
What does the term “Ethical Hacking” mean?
Someone who is hacking for ethical reasons.
Someone who is using his/her skills for ethical reasons.
Someone who is using his/her skills for defensive purposes.
Someone who is using his/her skills for offensive purposes.
Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills.
Question No: 503 – (Topic 6)
John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool?
Answer: C Explanation:
Nessus is the world#39;s most popular vulnerability scanner, estimated to be used by over 75, 000 organizations world-wide. Nmap is mostly used for scanning, not for detecting vulnerabilities. Hping is a free packet generator and analyzer for the TCP/IP protocol and make is used to automatically build large applications on the *nix plattform.
Question No: 504 – (Topic 6)
What does an ICMP (Code 13) message normally indicates?
It indicates that the destination host is unreachable
It indicates to the host that the datagram which triggered the source quench message will need to be re-sent
It indicates that the packet has been administratively dropped in transit
It is a request to the host to cut back the rate at which it is sending traffic to the Internet destination
Explanation: CODE 13 and type 3 is destination unreachable due to communication administratively prohibited by filtering hence maybe they meant quot;code 13quot;, therefore would be C).
A – Type 3 B – Type 4
C – Type 3 Code 13 D – Typ4 4
Question No: 505 – (Topic 6)
SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts.
Which of the following features makes this possible? (Choose two)
It used TCP as the underlying protocol.
It uses community string that is transmitted in clear text.
It is susceptible to sniffing.
It is used by all network devices on the market.
Explanation: Simple Network Management Protocol (SNMP) is a protocol which can be used by administrators to remotely manage a computer or network device. There are typically 2 modes of remote SNMP monitoring. These modes are roughly #39;READ#39; and #39;WRITE#39; (or PUBLIC and PRIVATE). If an attacker is able to guess a PUBLIC community
string, they would be able to read SNMP data (depending on which MIBs are installed) from the remote device. This information might include system time, IP addresses, interfaces, processes running, etc. Version 1 of SNMP has been criticized for its poor security. Authentication of clients is performed only by a quot;community stringquot;, in effect a type of password, which is transmitted in cleartext.
Question No: 506 – (Topic 6)
What port scanning method involves sending spoofed packets to a target system and then looking for adjustments to the IPID on a zombie system?
Blind Port Scanning
Answer: B Explanation: From NMAP:
-sI lt;zombie host[:probeport]gt; Idlescan: This advanced scan method allows for a truly blind TCP port scan of the target (meaning no packets are sent to the tar- get from your real IP address). Instead, a unique side-channel attack exploits predictable quot;IP fragmentation IDquot; sequence generation on the zombie host to glean information about the open ports on the target.
Question No: 507 – (Topic 6)
(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)
Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?
What is odd about this attack? Choose the best answer.
This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
This is back orifice activity as the scan comes form port 31337.
The attacker wants to avoid creating a sub-carries connection that is not normally valid.
These packets were crafted by a tool, they were not created by a standard IP stack.
Answer: B Explanation:
Port 31337 is normally used by Back Orifice. Note that 31337 is hackers spelling of ‘elite’, meaning ‘elite hackers’.
Question No: 508 – (Topic 6)
Which type of Nmap scan is the most reliable, but also the most visible, and likely to be picked up by and IDS?
Answer: D Explanation:
The TCP full connect (-sT) scan is the most reliable.
Question No: 509 – (Topic 6)
What are two things that are possible when scanning UDP ports? (Choose two.
A reset will be returned
An ICMP message will be returned
The four-way handshake will not be completed
An RFC 1294 message will be returned
Explanation: Closed UDP ports can return an ICMP type 3 code 3 message. No response can mean the port is open or the packet was silently dropped.
Question No: 510 – (Topic 6)
Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first?
Explanation: Regional registries maintain records from the areas from which they govern. ARIN is responsible for domains served within North and South America and therefore,
would be a good starting point for a .com domain.
100% Free Download!
–Download Free Demo:EC0-350 Demo PDF
100% Pass Guaranteed!
–Download 2017 EnsurePass EC0-350 Full Exam PDF and VCE
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|