[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil EC1-350 Dumps with VCE and PDF 191-200

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V7

Question No: 191 – (Topic 2)

This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data.

lt;ahref=quot;http://foobar.com/index.html?id=quot;gt;See foobarlt;/agt;

What is this attack?

  1. Cross-site-scripting attack

  2. SQL Injection

  3. URL Traversal attack

  4. Buffer Overflow attack

Answer: A

Question No: 192 – (Topic 2)

Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough.

Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet:

Ensurepass 2018 PDF and VCE

How can you protect/fix the problem of your application as shown above?

  1. Because the counter starts with 0, we would stop when the counter is less than 200

  2. Because the counter starts with 0, we would stop when the counter is more than 200

  3. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data

  4. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data

Answer: A,D

Question No: 193 – (Topic 2)

Which of the following encryption is NOT based on block cipher?

  1. DES

  2. Blowfish

  3. AES (Rijndael)

  4. RC4

Answer: D

Question No: 194 – (Topic 2)

Michael is a junior security analyst working for the National Security Agency (NSA) working primarily on breaking terrorist encrypted messages. The NSA has a number of methods they use to decipher encrypted messages including Government Access to Keys (GAK) and inside informants. The NSA holds secret backdoor keys to many of the encryption algorithms used on the Internet. The problem for the NSA, and Michael, is that terrorist organizations are starting to use custom-built algorithms or obscure algorithms purchased from corrupt governments. For this reason, Michael and other security analysts like him have been forced to find different methods of deciphering terrorist messages. One method that Michael thought of using was to hide malicious code inside seemingly harmless programs. Michael first monitors sites and bulletin boards used by known terrorists, and then he is able to glean email addresses to some of these suspected terrorists. Michael then inserts a stealth keylogger into a mapping program file readme.txt and then sends that as an attachment to the terrorist. This keylogger takes screenshots every 2 minutes and also logs all keyboard activity into a hidden file on the terrorist#39;s computer. Then, the keylogger emails those files to Michael twice a day with a built in SMTP server. What technique has Michael used to disguise this keylogging software?

  1. Steganography

  2. Wrapping

  3. ADS

  4. Hidden Channels

Answer: C

Question No: 195 – (Topic 2)

In which step Steganography fits in CEH System Hacking Cycle (SHC)

  1. Step 2: Crack the password

  2. Step 1: Enumerate users

  3. Step 3: Escalate privileges

  4. Step 4: Execute applications

  5. Step 5: Hide files

  6. Step 6: Cover your tracks

Answer: E

Question No: 196 – (Topic 2)

Which definition below best describes a covert channel?

  1. A server program using a port that is not well known

  2. Making use of a protocol in a way it was not intended to be used

  3. It is the multiplexing taking place on a communication link

  4. It is one of the weak channels used by WEP that makes it insecure

Answer: B

Question No: 197 – (Topic 2)

Joseph has just been hired on to a contractor company of the Department of Defense as their Senior Security Analyst. Joseph has been instructed on the company#39;s strict security policies that have been implemented, and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two- factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company.

Joseph#39;s supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number. Joseph#39;s company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two- factor authentication?

  1. Biometric device

  2. OTP

  3. Proximity cards

  4. Security token

Answer: D

Question No: 198 – (Topic 2)

What type of attack is shown here?

Ensurepass 2018 PDF and VCE

  1. Bandwidth exhaust Attack

  2. Denial of Service Attack

  3. Cluster Service Attack

  4. Distributed Denial of Service Attack

Answer: D Explanation:

We think this is a DDoS attack not DoS because the attack is initialed in multiple zombies not single machine.

Question No: 199 – (Topic 2)

What is the correct order of steps in CEH System Hacking Cycle?

Ensurepass 2018 PDF and VCE

  1. Option A

  2. Option B

  3. Option C

  4. Option D

Answer: A

Question No: 200 – (Topic 2)

Identify SQL injection attack from the HTTP requests shown below:

  1. http://www.myserver.c0m/search.asp? lname=smith’;update usertable set passwd=’hAx0r’;-

  2. http://www.myserver.c0m/script.php?mydata=

  3. http://www.victim.com/example accountnumber=67891amp;creditamount=999999999

Answer: A

Topic 3, Volume C

100% Ensurepass Free Download!
Download Free Demo:EC1-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.