[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil EC0-350 Dumps with VCE and PDF 601-610

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 601 – (Topic 7)

What is the term 8 to describe an attack that falsifies a broadcast ICMP echo request and includes a primary and secondary victim?

  1. Fraggle Attack

  2. Man in the Middle Attack

  3. Trojan Horse Attack

  4. Smurf Attack

  5. Back Orifice Attack

Answer: D Explanation:

Trojan and Back orifice are Trojan horse attacks.Man in the middle spoofs the Ip and redirects the victems packets to the cracker The infamous Smurf attack. preys on ICMP#39;s capability to send traffic to the broadcast address. Many hosts can listen and respond to a single ICMP echo request sent to a broadcast address.

Network Intrusion Detection third Edition by Stephen Northcutt and Judy Novak pg 70 The quot;smurfquot; attack#39;s cousin is called quot;fragglequot;, which uses UDP echo packets in the same fashion as the ICMP echo packets; it was a simple re-write of quot;smurfquot;.

Question No: 602 – (Topic 7)

Peter, a Network Administrator, has come to you looking for advice on a tool that would help him perform SNMP enquires over the network. Which of these tools would do the SNMP enumeration he is looking for?

Select the best answers.

  1. SNMPUtil

  2. SNScan

  3. SNMPScan

  4. Solarwinds IP Network Browser

  5. NMap

Answer: A,B,D Explanation: Explanations:

SNMPUtil is a SNMP enumeration utility that is a part of the Windows 2000 resource kit. With SNMPUtil, you can retrieve all sort of valuable information through SNMP. SNScan is a SNMP network scanner by Foundstone. It does SNMP scanning to find open SNMP ports. Solarwinds IP Network Browser is a SNMP enumeration tool with a graphical tree- view of the remote machine#39;s SNMP data.

Question No: 603 – (Topic 7)

Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?

  1. Netcat -h -U

  2. Netcat -hU lt;host(s.gt;

  3. Netcat -sU -p 1-1024 lt;host(s.gt;

  4. Netcat -u -v -w2 lt;hostgt; 1-1024

  5. Netcat -sS -O target/1024

Answer: D

Explanation: The proper syntax for a UDP scan using Netcat is quot;Netcat -u -v -w2 lt;hostgt; 1-1024quot;. Netcat is considered the Swiss-army knife of hacking tools because it is so versatile.

Question No: 604 – (Topic 7)

Under what conditions does a secondary name server request a zone transfer from a primary name server?

  1. When a primary SOA is higher that a secondary SOA

  2. When a secondary SOA is higher that a primary SOA

  3. When a primary name server has had its service restarted

  4. When a secondary name server has had its service restarted

  5. When the TTL falls to zero

Answer: A

Explanation: Understanding DNS is critical to meeting the requirements of the CEH. When the serial number that is within the SOA record of the primary server is higher than the Serial number within the SOA record of the secondary DNS server, a zone transfer will take place.

Question No: 605 – (Topic 7)

Let#39;s imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)

  1. Install DNS logger and track vulnerable packets

  2. Disable DNS timeouts

  3. Install DNS Anti-spoofing

  4. Disable DNS Zone Transfer

Answer: C Explanation:

Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur.

Question No: 606 – (Topic 7)

Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

  1. Teardrop

  2. Smurf

  3. Ping of Death

  4. SYN flood

  5. SNMP Attack

Answer: A Explanation:

The teardrop attack uses overlapping packet fragments to confuse a target system and cause the system to reboot or crash.

Question No: 607 – (Topic 7)

What hacking attack is challenge/response authentication used to prevent?

  1. Replay attacks

  2. Scanning attacks

  3. Session hijacking attacks

  4. Password cracking attacks

Answer: A

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it. With a challenge/response authentication you ensure that captured packets can’t be retransmitted without a new authentication.

Question No: 608 – (Topic 7)

What is a NULL scan?

  1. A scan in which all flags are turned off

  2. A scan in which certain flags are off

  3. A scan in which all flags are on

  4. A scan in which the packet size is set to zero

  5. A scan with a illegal packet size

Answer: A

Explanation: A null scan has all flags turned off.

Question No: 609 – (Topic 7)

While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong doing. However, you are concerned about affecting the normal functionality of the email server. From the following options choose how best you can achieve this objective?

  1. Block port 25 at the firewall.

  2. Shut off the SMTP service on the server.

  3. Force all connections to use a username and password.

  4. Switch from Windows Exchange to UNIX Sendmail.

  5. None of the above.

Answer: E

Explanation: Blocking port 25 in the firewall or forcing all connections to use username and password would have the consequences that the server is unable to communicate with other SMTP servers. Turning of the SMTP service would disable the email function completely. All email servers use SMTP to communicate with other email servers and therefore changing email server will not help.

Question No: 610 – (Topic 7)

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

A. 137 and 139

B. 137 and 443

C. 139 and 443

D. 139 and 445

Answer: D

Explanation: NULL sessions take advantage of “features” in the SMB (Server Message Block) protocol that exist primarily for trust relationships. You can establish a NULL session with a Windows host by logging on with a NULL user name and password. Primarily the following ports are vulnerable if they are accessible:

Ensurepass 2018 PDF and VCE

C:\Documents and Settings\user-nwz\Desktop\1.JPG

100% Ensurepass Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC0-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.