The particular fiercer level of competition during the The idea marketplace will make it harder for our The idea workers to find good enough work. EC-Council may be a gun that can assure a reliable occupation. EC-Council Recognition ec0-350 Quiz is undoubtedly an crucial assessment during the ec0-350 Hardcopy. Only when you commenced to prep to your EC-Council review, do youI understand the actual challenging its. Currently, case study stuffs for this checks are so many seem to decide on. You will be charged a lot of time in selecting the correct stuffs. For that reason, candidates acquired misplaced to find an excellent one particular. As there are lots of EC-Council products these days, it is increasingly difficult regarding candidates to find the acceptable one particular.
2016 Nov ec0-350 free exam questions
Q141. You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts.
Which of the following commands accomplish this?
A. Machine A #yes AAAAAAAAAAAAAAAAAAAAAA | nc –v –v –l –p 2222 > /dev/null Machine B #yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null
B. Machine A cat somefile | nc –v –v –l –p 2222 Machine B cat somefile | nc othermachine 2222 C. Machine A nc –l –p 1234 | uncompress –c | tar xvfp Machine B tar cfp - /some/dir | compress –c | nc –w 3 machinea 1234
D. Machine A while true : do nc –v –l –s –p 6000 machineb 2 Machine B while true ; do nc –v –l –s –p 6000 machinea 2 done
Explanation: Machine A is setting up a listener on port 2222 using the nc command and then having the letter A sent an infinite amount of times, when yes is used to send data yes NEVER stops until it recieves a break signal from the terminal (Control+C), on the client end (machine B), nc is being used as a client to connect to machine A, sending the letter B and infinite amount of times, while both clients have established a TCP connection each client is infinitely sending data to each other, this process will run FOREVER until it has been stopped by an administrator or the attacker.
Q142. You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct assesments to protect the company's network. During one of your periodic checks to see how well policy is being observed by the employees, you discover an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. How would you resolve this situation?
A. Reconfigure the firewall
B. Conduct a needs analysis
C. Install a network-based IDS
D. Enforce the corporate security policy
Explanation: The security policy is meant to always be followed until changed. If a need rises to perform actions that might violate the security policy you’ll have to find another way to accomplish the task or wait until the policy has been changed.
Q143. Which of the following keyloggers cannot be detected by anti-virus or anti-spyware products?
A. Covert keylogger
B. Stealth keylogger
C. Software keylogger
D. Hardware keylogger
Explanation: As the hardware keylogger never interacts with the Operating System it is undetectable by anti-virus or anti-spyware products.
Q144. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?
A. The ethical hacker does not use the same techniques or skills as a cracker.
B. The ethical hacker does it strictly for financial motives unlike a cracker.
C. The ethical hacker has authorization from the owner of the target.
D. The ethical hacker is just a cracker who is getting paid.
Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target.
Q145. _____ is the process of converting something from one representation to the simplest form. It deals with the way in which systems convert data from one form to another.
B. Character Mapping
C. Character Encoding
D. UCS transformation formats
Explanation: Canonicalization (abbreviated c14n) is the process of converting data that has more than one possible representation into a "standard" canonical representation. This can be done to compare different representations for equivalence, to count the number of distinct data structures (e.g., in combinatorics), to improve the efficiency of various algorithms by eliminating repeated calculations, or to make it possible to impose a meaningful sorting order.
Updated ec0-350 exam question:
Q146. Harold is the senior security analyst for a small state agency in New York. He has no other security professionals that work under him, so he has to do all the security-related tasks for the agency. Coming from a computer hardware background, Harold does not have a lot of experience with security methodologies and technologies, but he was the only one who applied for the position.
Harold is currently trying to run a Sniffer on the agency’s network to get an idea of what kind of traffic is being passed around but the program he is using does not seem to be capturing anything. He pours through the sniffer’s manual but can’t find anything that directly relates to his problem. Harold decides to ask the network administrator if the has any thoughts on the problem. Harold is told that the sniffer was not working because the agency’s network is a switched network, which can’t be sniffed by some programs without some tweaking.
What technique could Harold use to sniff agency’s switched network?
A. ARP spoof the default gateway
B. Conduct MiTM against the switch
C. Launch smurf attack against the switch
D. Flood switch with ICMP packets
Explanation: ARP spoofing, also known as ARP poisoning, is a technique used to attack an Ethernet network which may allow an attacker to sniff data frames on a local area network (LAN) or stop the traffic altogether (known as a denial of service attack). The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).
Q147. Which of the following ICMP message types are used for destinations unreachables?
Explanation: Type 3 messages are used for unreachable messages. 0 is Echo Reply, 8 is Echo request, 11 is time exceeded, 13 is timestamp and 17 is subnet mask request. Learning these would be advisable for the test.
Q148. What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.
Explanation: NetBIOS traffic can quickly be used to enumerate and attack Windows computers.
Ports 135, 139, and 445 should be blocked.
Q149. Which of the following is an attack in which a secret value like a hash is captured and then reused at a later time to gain access to a system without ever decrypting or decoding the hash.
A. Replay Attacks
B. Brute Force Attacks
C. Cryptography Attacks
D. John the Ripper Attacks
Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it.
Q150. What is the following command used for?
net use \targetipc$ "" /u:""
A. Grabbing the etc/passwd file
B. Grabbing the SAM
C. Connecting to a Linux computer through Samba.
D. This command is used to connect as a null session
E. Enumeration of Cisco routers
Explanation: The null session is one of the most debilitating vulnerabilities faced by Windows.
Null sessions can be established through port 135, 139, and 445.
see more ec0-350 dumps