[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 331-340

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 331 – (Topic 4)

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

  1. Cross-site scripting

  2. SQL injection

  3. Missing patches

  4. CRLF injection

Answer: C

Question No: 332 – (Topic 4)

Which of the following parameters enables NMAP#39;s operating system detection feature?

  1. NMAP -sV

  2. NMAP -oS

  3. NMAP -sR

  4. NMAP -O

Answer: D

Question No: 333 – (Topic 4)

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm#39;s public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

DatE. Mon, 16 Jan 2011 01:41:33 GMT

Content-TypE. text/html Accept-Ranges: bytes

Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT ETaG. quot;b0aac0542e25c31:89dquot;

Content-Length: 7369

Which of the following is an example of what the engineer performed?

  1. Cross-site scripting

  2. Banner grabbing

  3. SQL injection

  4. Whois database query

Answer: B

Question No: 334 – (Topic 4)

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

  1. Firewall

  2. Honeypot

  3. Core server

  4. Layer 4 switch

Answer: B

Question No: 335 – (Topic 4)

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

  1. Sender#39;s public key

  2. Receiver#39;s private key

  3. Receiver#39;s public key

  4. Sender#39;s private key

Answer: D

Question No: 336 – (Topic 4)

Which of the following is an application that requires a host application for replication?

  1. Micro

  2. Worm

  3. Trojan

  4. Virus

Answer: D

Question No: 337 – (Topic 4)

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

  1. The request to the web server is not visible to the administrator of the vulnerable application.

  2. The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

  3. The successful attack does not show an error message to the administrator of the affected application.

  4. The vulnerable application does not display errors with information about the injection results to the attacker.

Answer: D

Question No: 338 – (Topic 4)

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

Starting NMAP 5.21 at 2011-03-15 11:06

NMAP scan report for Host is up (1.00s latency).

Not shown: 993 closed ports PORT STATE SERVICE

21/tcp open ftp 23/tcp open telnet 80/tcp open http

139/tcp open netbios-ssn 515/tcp open

631/tcp open ipp 9100/tcp open

MAC Address: 00:00:48:0D:EE:89

  1. The host is likely a Windows machine.

  2. The host is likely a Linux machine.

  3. The host is likely a router.

  4. The host is likely a printer.

Answer: D

Question No: 339 – (Topic 4)

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

  1. guidelines and practices for security controls.

  2. financial soundness and business viability metrics.

  3. standard best practice for configuration management.

  4. contract agreement writing standards.

Answer: A

Question No: 340 – (Topic 4)

A corporation hired an ethical hacker to test if it is possible to obtain users#39; login credentials using methods other than social engineering. Access to offices and to a network node is granted. Results from server scanning indicate all are adequately patched and physical access is denied, thus, administrators have access only through Remote Desktop. Which technique could be used to obtain login credentials?

  1. Capture every users#39; traffic with Ettercap.

  2. Capture LANMAN Hashes and crack them with LC6.

  3. Guess passwords using Medusa or Hydra against a network service.

  4. Capture administrators RDP traffic and decode it with Cain and Abel.

Answer: D

100% Ensurepass Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC0-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.