ec0-350 interactive bootcamp(31 to 40) for IT examinee: Dec 2021 Edition

Proper study guides for Avant-garde EC-Council ethical hacking and countermeasures certified begins with EC-Council ec0-350 preparation products which designed to deliver the Validated ec0-350 questions by making you pass the ec0-350 test at your first time. Try the free ec0-350 demo right now.

2021 Dec ec0-350 exam price

Q31. Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that can’t be easily guessed but there remain people who attempt to compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed? 

A. The attacker guessed the new name 

B. The attacker used the user2sid program 

C. The attacker used to sid2user program 

D. The attacker used NMAP with the V option 

Answer: C

Explanation: User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection. 

Q32. Usernames, passwords, e-mail addresses, and the location of CGI scripts may be obtained from which of the following information sources? 

A. Company web site 

B. Search engines 

C. EDGAR Database query 

D. Whois query 

Answer: A

Explanation: Whois query would not enable us to find the CGI scripts whereas in the actual website, some of them will have scripts written to make the website more user friendly. The EDGAR database would in fact give us a lot of the information requested but not the location of CGI scripts, as would a simple search engine on the Internet if you have the time needed. 

Q33. An attacker runs netcat tool to transfer a secret file between two hosts. 

Machine A: netcat -l -p 1234 < secretfile 

Machine B: netcat > 1234 

He is worried about information being sniffed on the network. How would the attacker use netcat to encrypt the information before transmitting onto the wire? 

A. Machine A: netcat -l -p -s password 1234 < testfileMachine B: netcat <machine A IP> 1234 

B. Machine A: netcat -l -e magickey -p 1234 < testfileMachine B: netcat <machine A IP> 1234 

C. Machine A: netcat -l -p 1234 < testfile -pw passwordMachine B: netcat <machine A IP> 1234 -pw password 

D. Use cryptcat instead of netcat 

Answer: D

Explanation: Netcat cannot encrypt the file transfer itself but would need to use a third party application to encrypt/decrypt like openssl. Cryptcat is the standard netcat enhanced with twofish encryption. 

Q34. Which definition among those given below best describes a covert channel? 

A. A server program using a port that is not well known. 

B. Making use of a protocol in a way it is not intended to be used. 

C. It is the multiplexing taking place on a communication link. 

D. It is one of the weak channels used by WEP which makes it insecure. 


Explanation: A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." 

Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information. 

Q35. You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social engineering, you come to know that they are enforcing strong passwords. You understand that all users are required to use passwords that are at least 8 characters in length. All passwords must also use 3 of the 4 following categories: lower case letters, capital letters, numbers and special characters. 

With your existing knowledge of users, likely user account names and the possibility that they will choose the easiest passwords possible, what would be the fastest type of password cracking attack you can run against these hash values and still get results? 

A. Online Attack 

B. Dictionary Attack 

C. Brute Force Attack 

D. Hybrid Attack 

Answer: D

Explanation: A dictionary attack will not work as strong passwords are enforced, also the minimum length of 8 characters in the password makes a brute force attack time consuming. A hybrid attack where you take a word from a dictionary and exchange a number of letters with numbers and special characters will probably be the fastest way to crack the passwords. 

Update ec0-350 question:

Q36. You are conducting an idlescan manually using HPING2. During the scanning process, you notice that almost every query increments the IPID- regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Which of he following options would be a possible reason? 

A. Hping2 can’t be used for idlescanning 

B. The Zombie you are using is not truly idle 

C. These ports are actually open on the target system 

D. A stateful inspection firewall is resetting your queries 

Answer: B

Explanation: If the IPID increments more than one value that means that there has been network traffic between the queries so the zombie is not idle. 

Q37. John Beetlesman, the hacker has successfully compromised the Linux System of Agent Telecommunications, Inc’s WebServer running Apache. He has downloaded sensitive documents and database files off the machine. 

Upon performing various tasks, Beetlesman finally runs the following command on the Linux box before disconnecting. 

for ((i=0;i<1;i++));do 

?dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda 


What exactly is John trying to do? 

A. He is making a bit stream copy of the entire hard disk for later download 

B. He is deleting log files to remove his trace 

C. He is wiping the contents of the hard disk with zeros 

D. He is infecting the hard disk with random virus strings 


Explanation: dd copies an input file to an output file with optional conversions. –if is input file, -of is output file. /dev/zero is a special file that provides as many null characters (ASCII NULL, 0x00; not ASCII character "digit zero", "0", 0x30) as are read from it. /dev/hda is the hard drive. 

Q38. SNMP is a connectionless protocol that uses UDP instead of TCP packets? (True or False) 

A. True 

B. False 

Answer: A

Explanation: TCP and UDP provide transport services. But UDP was preferred. This is due to TCP characteristics, it is a complicate protocol and it consume to many memory and CPU resources. Where as UDP is easy to build and run. Into devices (repeaters and modems) vendors have built simple version of IP and UDP. 

Q39. While performing ping scans into a target network you get a frantic call from the organization’s security team. They report that they are under a denial of service attack. When you stop your scan, the smurf attack event stops showing up on the organization’s IDS monitor. How can you modify your scan to prevent triggering this event in the IDS? 

A. Scan more slowly. 

B. Do not scan the broadcast IP. 

C. Spoof the source IP address. 

D. Only scan the Windows systems. 

Answer: B

Explanation: Scanning the broadcast address makes the scan target all IP addresses on that subnet at the same time. 


Drag the term to match with it’s description 



see more ec0-350 dumps