[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 321-330

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 321 – (Topic 4)

How can telnet be used to fingerprint a web server?

  1. telnet webserverAddress 80 HEAD / HTTP/1.0

  2. telnet webserverAddress 80 PUT / HTTP/1.0

  3. telnet webserverAddress 80 HEAD / HTTP/2.0

  4. telnet webserverAddress 80 PUT / HTTP/2.0

Answer: A

Question No: 322 – (Topic 4)

In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)

  1. HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

  2. NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

  3. NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

  4. CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)

Answer: A,C

Question No: 323 – (Topic 4)

A hacker was able to sniff packets on a company#39;s wireless network. The following information was discovereD.

The Key 10110010 01001011

The Cyphertext 01100101 01011010

Using the Exlcusive OR, what was the original message?

A. 00101000 11101110

B. 11010111 00010001

C. 00001101 10100100

D. 11110010 01011011

Answer: B

Question No: 324 – (Topic 4)

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

  1. if (billingAddress = 50) {update field} else exit

  2. if (billingAddress != 50) {update field} else exit

  3. if (billingAddress gt;= 50) {update field} else exit

  4. if (billingAddress lt;= 50) {update field} else exit

Answer: D

Question No: 325 – (Topic 4)

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application#39;s search form and introduces the following code in the search input fielD.

IMG SRC=vbscript:msgbox(quot;Vulnerablequot;);gt; originalAttribute=quot;SRCquot; originalPath=quot;vbscript:msgbox(quot;Vulnerablequot;);gt;quot;

When the analyst submits the form, the browser returns a pop-up window that says quot;Vulnerablequot;.

Which web applications vulnerability did the analyst discover?

  1. Cross-site request forgery

  2. Command injection

  3. Cross-site scripting

  4. SQL injection

Answer: C

Question No: 326 – (Topic 4)

What statement is true regarding LM hashes?

  1. LM hashes consist in 48 hexadecimal characters.

  2. LM hashes are based on AES128 cryptographic standard.

  3. Uppercase characters in the password are converted to lowercase.

  4. LM hashes are not generated when the password length exceeds 15 characters.

Answer: D

Question No: 327 – (Topic 4)

While testing the company#39;s web applications, a tester attempts to insert the following test script into the search area on the company#39;s web sitE.

lt;scriptgt;alert(quot; Testing Testing Testing quot;)lt;/scriptgt;

Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: quot;Testing Testing Testingquot;. Which vulnerability has been detected in the web application?

  1. Buffer overflow

  2. Cross-site request forgery

  3. Distributed denial of service

  4. Cross-site scripting

Answer: D

Question No: 328 – (Topic 4)

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

  1. Netstat WMI Scan

  2. Silent Dependencies

  3. Consider unscanned ports as closed

  4. Reduce parallel connections on congestion

Answer: D

Question No: 329 – (Topic 4)

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

  1. Multiple keys for non-repudiation of bulk data

  2. Different keys on both ends of the transport medium

  3. Bulk encryption for data transmission over fiber

  4. The same key on each end of the transmission medium

Answer: D

Question No: 330 – (Topic 4)

A consultant has been hired by the V.P. of a large financial organization to assess the company#39;s security posture. During the security testing, the consultant comes across child pornography on the V.P.#39;s computer. What is the consultant#39;s obligation to the financial organization?

  1. Say nothing and continue with the security testing.

  2. Stop work immediately and contact the authorities.

  3. Delete the pornography, say nothing, and continue security testing.

  4. Bring the discovery to the financial organization#39;s human resource department.

Answer: B

100% Ensurepass Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC0-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.