Act now and download your EC-Council ec0-350 test today! Do not waste time for the worthless EC-Council ec0-350 tutorials. Download Most recent EC-Council ethical hacking and countermeasures exam with real questions and answers and begin to learn EC-Council ec0-350 with a classic professional.
2021 Sep ec0-350 practice test
Q61. DRAG DROP
Drag the application to match with its correct description.
Exhibit:
Answer:
Q62. According to the CEH methodology, what is the next step to be performed after footprinting?
A. Enumeration
B. Scanning
C. System Hacking
D. Social Engineering
E. Expanding Influence
Answer: B
Explanation: Once footprinting has been completed, scanning should be attempted next.
Scanning should take place on two distinct levels: network and host.
Q63. What are the three phases involved in security testing?
A. Reconnaissance, Conduct, Report
B. Reconnaissance, Scanning, Conclusion
C. Preparation, Conduct, Conclusion
D. Preparation, Conduct, Billing
Answer: C
Explanation: Preparation phase - A formal contract is executed containing non-disclosure of the client's data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test. Conduct phase - In this phase the penetration test is executed, with the tester looking for potential vulnerabilities. Conclusion phase - The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.
Q64. Exhibit:
Please study the exhibit carefully.
Which Protocol maintains the communication on that way?
A. UDP
B. IP
C. TCP
D. ARP
E. RARP
Answer: C
Explanation: A TCP connection is always initiated with the 3-way handshake, which establishes and negotiates the actual connection over which data will be sent.
Q65. Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!''
From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using his dial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:
H@cker Mess@ge:
Y0u @re De@d! Fre@ks!
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact.
How did the attacker accomplish this hack?
A. ARP spoofing
B. SQL injection
C. DNS poisoning
D. Routing table injection
Answer: C
Explanation: External calls for the Web site has been redirected to another server by a successful DNS poisoning.
Leading ec0-350 practice exam:
Q66. Which of the following act in the united states specifically criminalizes the transmission of unsolicited commercial e-mail(SPAM) without an existing business relationship.
A. 2004 CANSPAM Act
B. 2003 SPAM Preventing Act
C. 2005 US-SPAM 1030 Act
D. 1990 Computer Misuse Act
Answer: A
Explanation: The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them. The law, which became effective January 1, 2004, covers email whose primary purpose is advertising or promoting a commercial product or service, including content on a Web site. A "transactional or relationship message" – email that facilitates an agreed-upon transaction or updates a customer in an existing business relationship – may not contain false or misleading routing information, but otherwise is exempt from most provisions of the CAN-SPAM Act.
Q67. A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it?
Select the best answers.
A. Use port security on his switches.
B. Use a tool like ARPwatch to monitor for strange ARP activity.
C. Use a firewall between all LAN segments.
D. If you have a small network, use static ARP entries.
E. Use only static IP addresses on all PC's.
Answer: ABD
Explanations:
By using port security on his switches, the switches will only allow the first MAC address that is connected to the switch to use that port, thus preventing ARP spoofing. ARPWatch is a tool that monitors for strange ARP activity. This may help identify ARP spoofing when it happens. Using firewalls between all LAN segments is possible and may help, but is usually pretty unrealistic. On a very small network, static ARP entries are a possibility. However, on a large network, this is not an realistic option. ARP spoofing doesn't have anything to do with static or dynamic IP addresses. Thus, this option won't help you.
Q68. Exhibit: * Missing*
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?
A. Port 1890 (Net-Devil Trojan)
B. Port 1786 (Net-Devil Trojan)
C. Port 1909 (Net-Devil Trojan)
D. Port 6667 (Net-Devil Trojan)
Answer: D
Explanation: From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's.
Q69. How would you prevent session hijacking attacks?
A. Using biometrics access tokens secures sessions against hijacking
B. Using non-Internet protocols like http secures sessions against hijacking
C. Using hardware-based authentication secures sessions against hijacking
D. Using unpredictable sequence numbers secures sessions against hijacking
Answer: D
Explanation: Protection of a session needs to focus on the unique session identifier because it is the only thing that distinguishes users. If the session ID is compromised, attackers can impersonate other users on the system. The first thing is to ensure that the sequence of identification numbers issued by the session management system is unpredictable; otherwise, it's trivial to hijack another user's session. Having a large number of possible session IDs (meaning that they should be very long) means that there are a lot more permutations for an attacker to try.
Q70. Which of the following activities would not be considered passive footprinting?
A. Search on financial site such as Yahoo Financial
B. Perform multiple queries through a search engine
C. Scan the range of IP address found in their DNS database
D. Go through the rubbish to find out any information that might have been discarded
Answer: C
Explanation: Passive footprinting is a method in which the attacker never makes contact with the target. Scanning the targets IP addresses can be logged at the target and therefore contact has been made.