New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. ECCouncil
  3. Certified Ethical Hacker
  4. EC0-350 - Ethical Hacking and Countermeasures V8

EC0-350 Exam Dumps - Ethical Hacking and Countermeasures V8

Go to page:
Question # 41

Kevin is an IT security analyst working for Emerson Time Makers, a watch manufacturing company in Miami. Kevin and his girlfriend Katy recently broke up after a big fight. Kevin believes that she was seeing another person. Kevin, who has an online email account that he uses for most of his mail, knows that Katy has an account with that same company. Kevin logs into his email account online and gets the following URL after successfully logged in: http://www.youremailhere.com/mail.asp?mailbox=Kevin &Smith=121%22 Kevin changes the URL to: http://www.youremailhere.com/mail.asp?mailbox=Katy &Sanchez=121%22 Kevin is trying to access her email account to see if he can find out any information. What is Kevin attempting here to gain access to Katy's mailbox?

A.

This type of attempt is called URL obfuscation when someone manually changes a URL to try and gain unauthorized access

B.

By changing the mailbox's name in the URL, Kevin is attempting directory transversal

C.

Kevin is trying to utilize query string manipulation to gain access to her email account

D.

He is attempting a path-string attack to gain access to her mailbox

Full Access
Question # 42

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

A.

Vulnerability scanning

B.

Social engineering

C.

Application security testing

D.

Network sniffing

Full Access
Question # 43

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)

A.

Port Security

B.

IPSec Encryption

C.

Network Admission Control (NAC)

D.

802.1q Port Based Authentication

E.

802.1x Port Based Authentication

F.

Intrusion Detection System (IDS)

Full Access
Question # 44

What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

A.

Scripting languages are hard to learn.

B.

Scripting languages are not object-oriented.

C.

Scripting languages cannot be used to create graphical user interfaces.

D.

Scripting languages are slower because they require an interpreter to run the code.

Full Access
Question # 45

Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?

A.

Jacob is seeing a Smurf attack.

B.

Jacob is seeing a SYN flood.

C.

He is seeing a SYN/ACK attack.

D.

He has found evidence of an ACK flood.

Full Access
Question # 46

Blake is in charge of securing all 20 of his company's servers. He has enabled hardware and software firewalls, hardened the operating systems, and disabled all unnecessary services on all the servers. Unfortunately, there is proprietary AS400 emulation software that must run on one of the servers that requires the telnet service to function properly. Blake is especially concerned about this since telnet can be a very large security risk in an organization. Blake is concerned about how this particular server might look to an outside attacker so he decides to perform some footprinting, scanning, and penetration tests on the server. Blake telnets into the server using Port 80 and types in the following command:

HEAD / HTTP/1.0

After pressing enter twice, Blake gets the following results: What has Blake just accomplished?

A.

Downloaded a file to his local computer

B.

Submitted a remote command to crash the server

C.

Poisoned the local DNS cache of the server

D.

Grabbed the Operating System banner

Full Access
Question # 47

Web servers are often the most targeted and attacked hosts on organizations' networks. Attackers may exploit software bugs in the Web server, underlying operating system, or active content to gain unauthorized access.

Identify the correct statement related to the above Web Server installation?

A.

Lack of proper security policy, procedures and maintenance

B.

Bugs in server software, OS and web applications

C.

Installing the server with default settings

D.

Unpatched security flaws in the server software, OS and applications

Full Access
Question # 48

Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?

A.

CI Gathering

B.

Scanning

C.

Dumpster Diving

D.

Garbage Scooping

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps