The Secret of ec0-350 test questions

It is more faster and easier to pass the EC-Council ec0-350 exam by using Verified EC-Council ethical hacking and countermeasures questuins and answers. Immediate access to the Replace ec0-350 Exam and find the same core area ec0-350 questions with professionally verified answers, then PASS your exam with a high score now.

2016 Dec ec0-350 exam price

Q101. What does a type 3 code 13 represent?(Choose two. 

A. Echo request 

B. Destination unreachable 

C. Network unreachable 

D. Administratively prohibited 

E. Port unreachable 

F. Time exceeded 

Answer: BD

Explanation: Type 3 code 13 is destination unreachable administratively prohibited. This type of message is typically returned from a device blocking a port. 


Q102. Which of the following statements would not be a proper definition for a Trojan Horse? 

A. An unauthorized program contained within a legitimate program. 

This unauthorized program performs functions unknown (and probably unwanted) by the user. 

B. A legitimate program that has been altered by the placement of unauthorized code within it; this code perform functions unknown (and probably unwanted) by the user. 

C. An authorized program that has been designed to capture keyboard keystrokes while the user remains unaware of such an activity being performed. 

D. Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user. 

Answer: C

Explanation: A Trojan is all about running unauthorized code on the users computer without the user knowing of it. 


Q103. A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer) 

A. Invalid Username 

B. Invalid Password 

C. Authentication Failure 

D. Login Attempt Failed 

E. Access Denied 

Answer: AB

Explanation: As little information as possible should be given about a failed login attempt. Invalid username or password is not desirable. 


Q104. Which of the following Nmap commands would be used to perform a UDP scan of the lower 1024 ports? 

A. Nmap -h -U 

B. Nmap -hU <host(s.> 

C. Nmap -sU -p 1-1024 <host(s.> 

D. Nmap -u -v -w2 <host> 1-1024 

E. Nmap -sS -O target/1024 

Answer: C

Explanation: Nmap -sU -p 1-1024 <hosts.> is the proper syntax. Learning Nmap and its switches are critical for successful completion of the CEH exam. 


Q105. Eric has discovered a fantastic package of tools named Dsniff on the Internet. He has learnt to use these tools in his lab and is now ready for real world exploitation. He was able to effectively intercept communications between the two entities and establish credentials with both sides of the connections. The two remote ends of the communication never notice that Eric is relaying the information between the two. 

What would you call this attack? 

A. Interceptor 

B. Man-in-the-middle 

C. ARP Proxy 

D. Poisoning Attack 

Answer: B

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. 


Renew ec0-350 dumps:

Q106. An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts. 

A. 2 

B. 256 

C. 512 

D. Over 10,000 

Answer: C

Explanation: The hosts with IP address 202.176.56.0-255 & 202.176.56.0-255 will be scanned (256+256=512) 


Q107. Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet. 

What could be the most likely cause? 

A. Someone has spoofed Clive’s IP address while doing a smurf attack. 

B. Someone has spoofed Clive’s IP address while doing a land attack. 

C. Someone has spoofed Clive’s IP address while doing a fraggle attack. 

D. Someone has spoofed Clive’s IP address while doing a DoS attack. 

Answer: A

Explanation: The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet. 


Q108. Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply) 

A. CHAT rooms 

B. WHOIS database 

C. News groups 

D. Web sites E. Search engines 

F. Organization’s own web site 

Answer: ABCDEF 

Explanation: A Security tester should search for information everywhere that he/she can access. 

You never know where you find that small piece of information that could penetrate a strong defense. 


Q109. Bob wants to prevent attackers from sniffing his passwords on the wired network. Which of the following lists the best options? 

A. RSA, LSA, POP 

B. SSID, WEP, Kerberos 

C. SMB, SMTP, Smart card 

D. Kerberos, Smart card, Stanford SRP 

Answer: D

Explanation: Kerberos, Smart cards and Stanford SRP are techniques where the password never leaves the computer. 


Q110. ou are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. 

What encryption algorithm will you be decrypting? 

A. MD4 

B. DES 

C. SHA 

D. SSL 

Answer: B

Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. 



see more ec0-350 dumps