Proper study guides for Up to the minute EC-Council ethical hacking and countermeasures certified begins with EC-Council ec0-350 preparation products which designed to deliver the Certified ec0-350 questions by making you pass the ec0-350 test at your first time. Try the free ec0-350 demo right now.
2021 Oct ec0-350 test questions
Q151. On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?
A. Everyone
B. Guest
C. System
D. Administrator
Answer: C
Explanation: If not changed during the installation, IIS will execute as Local System with way to high privileges.
Q152. What is the goal of a Denial of Service Attack?
A. Capture files from a remote computer.
B. Render a network or computer incapable of providing normal service.
C. Exploit a weakness in the TCP stack.
D. Execute service at PS 1009.
Answer: B
Explanation: In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).
Q153. A file integrity program such as Tripwire protects against Trojan horse attacks by:
A. Automatically deleting Trojan horse programs
B. Rejecting packets generated by Trojan horse programs
C. Using programming hooks to inform the kernel of Trojan horse behavior
D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse
Answer: D
Explanation: Tripwire generates a database of the most common files and directories on your system. Once it is generated, you can then check the current state of your system against the original database and get a report of all the files that have been modified, deleted or added. This comes in handy if you allow other people access to your machine and even if you don't, if someone else does get access, you'll know if they tried to modify files such as /bin/login etc.
Q154. You visit a website to retrieve the listing of a company's staff members. But you can not find it on the website. You know the listing was certainly present one year before. How can you retrieve information from the outdated website?
A. Through Google searching cached files
B. Through Archive.org
C. Download the website and crawl it
D. Visit customers' and prtners' websites
Answer: B
Explanation: Archive.org mirrors websites and categorizes them by date and month depending on the crawl time. Archive.org dates back to 1996, Google is incorrect because the cache is only as recent as the latest crawl, the cache is over-written on each subsequent crawl. Download the website is incorrect because that's the same as what you see online. Visiting customer partners websites is just bogus. The answer is then Firmly, C, archive.org
Q155. You are concerned that someone running PortSentry could block your scans, and you decide to slow your scans so that no one detects them. Which of the following commands will help you achieve this?
A. nmap -sS -PT -PI -O -T1 <ip address>
B. nmap -sO -PT -O -C5 <ip address>
C. nmap -sF -PT -PI -O <ip address>
D. nmap -sF -P0 -O <ip address>
Answer: A
Explanation: -T[0-5]: Set timing template (higher is faster)
Refresh ec0-350 download:
Q156. While footprinting a network, what port/service should you look for to attempt a zone transfer?
A. 53 UDP
B. 53 TCP
C. 25 UDP
D. 25 TCP
E. 161 UDP
F. 22 TCP
G. 60 TCP
Answer: B
Explanation: IF TCP port 53 is detected, the opportunity to attempt a zone transfer is there.
Q157. The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence number of transmitted packets from host B are lower than the packet segment containing the set FIN flag.
A. True
B. False
Answer: A
Explanation: For sequence number purposes, the SYN is considered to occur before the first actual data octet of the segment in which it occurs, while the FIN is considered to occur after the last actual data octet in a segment in which it occurs. So packets receiving out of order will still be accepted.
Q158. What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?
A. All are hacking tools developed by the legion of doom
B. All are tools that can be used not only by hackers, but also security personnel
C. All are DDOS tools
D. All are tools that are only effective against Windows
E. All are tools that are only effective against Linux
Answer: C
Explanation: All are DDOS tools.
Q159. Michael is the security administrator for the for ABC company. Michael has been charged with strengthening the company’s security policies, including its password policies. Due to certain legacy applications. Michael was only able to enforce a password group policy in Active Directory with a minimum of 10 characters. He has informed the company’s employes, however that the new password policy requires that everyone must have complex passwords with at least 14 characters. Michael wants to ensure that everyone is using complex passwords that meet the new security policy requirements. Michael has just logged on to one of the network’s domain controllers and is about to run the following command:
What will this command accomplish?
A. Dumps SAM password hashes to pwd.txt
B. Password history file is piped to pwd.txt
C. Dumps Active Directory password hashes to pwd.txt
D. Internet cache file is piped to pwd.txt
Answer: A
Explanation: Pwdump is a hack tool that is used to grab Windows password hashes from a remote Windows computer. Pwdump > pwd.txt will redirect the output from pwdump to a text file named pwd.txt
Q160. Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?
A. To create a denial of service attack.
B. To verify information about the mail administrator and his address.
C. To gather information about internal hosts used in email treatment.
D. To gather information about procedures that are in place to deal with such messages.
Answer: C
Explanation: The replay from the email server that states that there is no such recipient will also give you some information about the name of the email server, versions used and so on.
see more ec0-350 dumps
