Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
EC0-350 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 591-600

September 23, 2017

EnsurePass
2017 Sep ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC0-350.html

Ethical Hacking and Countermeasures V8

Question No: 591 – (Topic 6)

Destination unreachable administratively prohibited messages can inform the hacker to what?

  1. That a circuit level proxy has been installed and is filtering traffic

  2. That his/her scans are being blocked by a honeypot or jail

  3. That the packets are being malformed by the scanning software

  4. That a router or other packet-filtering device is blocking traffic

  5. That the network is functioning normally

Answer: D

Explanation: Destination unreachable administratively prohibited messages are a good way to discover that a router or other low-level packet device is filtering traffic. Analysis of the ICMP message will reveal the IP address of the blocking device and the filtered port. This further adds the to the network map and information being discovered about the network and hosts.

Question No: 592 – (Topic 6)

Which Type of scan sends a packets with no flags set? Select the Answer

  1. Open Scan

  2. Null Scan

  3. Xmas Scan

  4. Half-Open Scan

Answer: B Explanation:

The types of port connections supported are:

  • TCP Full Connect. This mode makes a full connection to the target#39;s TCP ports and can save any data or banners returned from the target. This mode is the most accurate for determining TCP services, but it is also easily recognized by Intrusion Detection Systems (IDS).

  • UDP ICMP Port Unreachable Connect. This mode sends a short UDP packet to the target#39;s UDP ports and looks for an ICMP Port Unreachable message in return. The absence of that message indicates either the port is used, or the target does not return the ICMP message which can lead to false positives. It can save any data or banners returned from the target. This mode is also easily recognized by IDS.

  • TCP Full/UDP ICMP Combined. This mode combines the previous two modes into one operation.

  • TCP SYN Half Open. (Windows XP/2000 only) This mode sends out a SYN packet to the target port and listens for the appropriate response. Open ports respond with a SYN|ACK and closed ports respond with ACK|RST or RST. This mode is less likely to be noted by IDS, but since the connection is never fully completed, it cannot gather data or banner information. However, the attacker has full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the SYN packet.

  • TCP Other. (Windows XP/2000 only) This mode sends out a TCP packet with any combination of the SYN, FIN, ACK, RST, PSH, URG flags set to the target port and listens for the response. Again, the attacker can have full control over TTL, Source Port, MTU, Sequence number, and Window parameters in the custom TCP packet. The Analyze feature helps with analyzing the response based on the flag settings chosen. Each operating system responds differently to these special combinations. The tool includes presets for XMAS, NULL, FIN and ACK flag settings.

Question No: 593 – (Topic 6)

Which of the following command line switch would you use for OS detection in Nmap?

  1. -D

  2. -O

  3. -P

  4. -X

Answer: B

Explanation: OS DETECTION:

-O: Enable OS detection (try 2nd generation w/fallback to 1st)

-O2: Only use the new OS detection system (no fallback)

-O1: Only use the old (1st generation) OS detection system

-osscan-limit: Limit OS detection to promising targets

-osscan-guess: Guess OS more aggressively

Question No: 594 – (Topic 6)

Network Administrator Patricia is doing an audit of the network. Below are some of her findings concerning DNS. Which of these would be a cause for alarm?

Select the best answer.

  1. There are two external DNS Servers for Internet domains. Both are AD integrated.

  2. All external DNS is done by an ISP.

  3. Internal AD Integrated DNS servers are using private DNS names that are

  4. unregistered.

  5. Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

Answer: A

Explanation: Explanations:

  1. There are two external DNS Servers for Internet domains. Both are AD integrated. This is the correct answer. Having an AD integrated DNS external server is a serious cause for alarm. There is no need for this and it causes vulnerability on the network.

  2. All external DNS is done by an ISP.

    This is not the correct answer. This would not be a cause for alarm. This would actually reduce the company#39;s network risk as it is offloaded onto the ISP.

  3. Internal AD Integrated DNS servers are using private DNS names that are unregistered. This is not the correct answer. This would not be a cause for alarm. This would actually reduce the company#39;s network risk.

  4. Private IP addresses are used on the internal network and are registered with the internal AD integrated DNS server.

This is not the correct answer. This would not be a cause for alarm. This would actually reduce the company#39;s network risk.

Question No: 595 – (Topic 6)

Peter extracts the SIDs list from Windows 2000 Server machine using the hacking tool “SIDExtractor”. Here is the output of the SIDs:

Ensurepass 2017 PDF and VCE

From the above list identify the user account with System Administrator privileges.

  1. John

  2. Rebecca

  3. Sheela

  4. Shawn

  5. Somia

  6. Chang

  7. Micah

Answer: F

Explanation: The SID of the built-in administrator will always follow this example: S-1-5- domain-500

Question No: 596 – (Topic 6)

Which of the following systems would not respond correctly to an nmap XMAS scan?

  1. Windows 2000 Server running IIS 5

  2. Any Solaris version running SAMBA Server

  3. Any version of IRIX

  4. RedHat Linux 8.0 running Apache Web Server

Answer: A Explanation:

When running a XMAS Scan, if a RST packet is received, the port is considered closed, while no response means it is open|filtered. The big downside is that not all systems follow RFC 793 to the letter. A number of systems send RST responses to the probes regardless of whether the port is open or not. This causes all of the ports to be labeled closed. Major operating systems that do this are Microsoft Windows, many Cisco devices, BSDI, and IBM OS/400.

Question No: 597 – (Topic 6)

Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

  1. Finger

  2. FTP

  3. Samba

  4. SMB

Answer: D

Explanation: The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.

Question No: 598 – (Topic 6)

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

  1. An attacker, working slowly enough, can evade detection by the IDS.

  2. Network packets are dropped if the volume exceeds the threshold.

  3. Thresholding interferes with the IDS’ ability to reassemble fragmented packets.

  4. The IDS will not distinguish among packets originating from different sources.

    Answer: A

    Question No: 599 – (Topic 6)

    One of your team members has asked you to analyze the following SOA record. What is the TTL?

    Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600

    3600 604800 2400.

    A. 200303028

    B. 3600

    C. 604800

    D. 2400

  5. 60

F. 4800

Answer: D

Explanation: The SOA includes a timeout value. This value can tell an attacker how long any DNS quot;poisoningquot; would last. It is the last set of numbers in the record.

Question No: 600 – (Topic 6)

You have initiated an active operating system fingerprinting attempt with nmap against a target system:

Ensurepass 2017 PDF and VCE

What operating system is the target host running based on the open ports shown above?

  1. Windows XP

  2. Windows 98 SE

  3. Windows NT4 Server

  4. Windows 2000 Server

Answer: D

Explanation: The system is reachable as an active directory domain controller (port 389, LDAP)

Topic 7, Volume G

100% Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass EC0-350 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE