Down to date ec0-350 exam prep Guide

Having a EC-Council ec0-350 certification throughout hand can be an advantage regarding those who desire to hunt for a very good job throughout IT area. Taking the particular Actualtests EC-Council ec0-350 online instruction course and achieving the ec0-350 certificate will certainly enhance your profession opportunity. offers 7/24 customer assistance. If you come across some complications during the study, please email to We additionally welcome your assistance and suggestions. We will accomplish our greatest to serve anyone!

2021 Dec ec0-350 braindumps

Q61. What is the proper response for a FIN scan if the port is closed? 







Explanation: Closed ports respond to a FIN scan with a RST. 

Q62. Which of the following are well know password-cracking programs?(Choose all that apply. 

A. L0phtcrack 

B. NetCat 

C. Jack the Ripper 

D. Netbus 

E. John the Ripper 

Answer: AE

Explanation: L0phtcrack and John the Ripper are two well know password-cracking programs. Netcat is considered the Swiss-army knife of hacking tools, but is not used for password cracking 

Q63. What flags are set in a X-MAS scan?(Choose all that apply. 







Answer: CDF

Explanation: FIN, URG, and PSH are set high in the TCP packet for a X-MAS scan 

Q64. John wishes to install a new application onto his Windows 2000 server. 

He wants to ensure that any application he uses has not been Trojaned. 

What can he do to help ensure this? 

A. Compare the file's MD5 signature with the one published on the distribution media 

B. Obtain the application via SSL 

C. Compare the file's virus signature with the one published on the distribution media 

D. Obtain the application from a CD-ROM disc 

Answer: A

Explanation: MD5 was developed by Professor Ronald L. Rivest of MIT. What it does, to quote the executive summary of rfc1321, is: 

[The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. 

In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods. 

Q65. To what does “message repudiation” refer to what concept in the realm of email security? 

A. Message repudiation means a user can validate which mail server or servers a message was passed through. 

B. Message repudiation means a user can claim damages for a mail message that damaged their reputation. 

C. Message repudiation means a recipient can be sure that a message was sent from a particular person. 

D. Message repudiation means a recipient can be sure that a message was sent from a certain host. 

E. Message repudiation means a sender can claim they did not actually send a particular message. 

Answer: E

Explanation: A quality that prevents a third party from being able to prove that a communication between two other parties ever took place. This is a desirable quality if you do not want your communications to be traceable. Non-repudiation is the opposite quality—a third party can prove that a communication between two other parties took place. Non-repudiation is desirable if you want to be able to trace your communications and prove that they occurred. Repudiation – Denial of message submission or delivery. 

Avant-garde ec0-350 practice test:

Q66. What are two things that are possible when scanning UDP ports? (Choose two. 

A. A reset will be returned 

B. An ICMP message will be returned 

C. The four-way handshake will not be completed 

D. An RFC 1294 message will be returned 

E. Nothing 

Answer: BE

Explanation: Closed UDP ports can return an ICMP type 3 code 3 message. No response can mean the port is open or the packet was silently dropped. 

Q67. You have initiated an active operating system fingerprinting attempt with nmap against a target system: 

[root@ceh NG]# /usr/local/bin/nmap -sT -O 

Starting nmap 3.28 ( at 2003-06-18 19:14 IDT Interesting ports on (The 1628 ports scanned but not shown below are in state: closed) Port State Service 21/tcp filtered ftp 22/tcp filtered ssh 25/tcp open smtp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 389/tcp open LDAP 443/tcp open https 465/tcp open smtps 1029/tcp open ms-lsa 1433/tcp open ms-sql-s 2301/tcp open compaqdiag 5555/tcp open freeciv 

5800/tcp open vnc-http 

5900/tcp open vnc 

6000/tcp filtered X11 

Remote operating system guess: Windows XP, Windows 2000, NT4 or 95/98/98SE Nmap run completed -- 1 IP address (1 host up) scanned in 3.334 seconds 

Using its fingerprinting tests nmap is unable to distinguish between different groups of Microsoft based operating systems - Windows XP, Windows 2000, NT4 or 95/98/98SE. 

What operating system is the target host running based on the open ports shown above? 

A. Windows XP 

B. Windows 98 SE 

C. Windows NT4 Server 

D. Windows 2000 Server 


Explanation: The system is reachable as an active directory domain controller (port 389, LDAP) 

Q68. Your lab partner is trying to find out more information about a competitors web site. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registrys. Which one would you suggest she looks in first? 





E. AfriNIC 

Answer: B

Explanation: Regional registries maintain records from the areas from which they govern. ARIN is responsible for domains served within North and South America and therefore, would be a good starting point for a .com domain. 

Q69. What does ICMP (type 11, code 0) denote? 

A. Unknown Type 

B. Time Exceeded 

C. Source Quench 

D. Destination Unreachable 

Answer: B

Explanation: An ICMP Type 11, Code 0 means Time Exceeded [RFC792], Code 0 = Time to Live exceeded in Transit and Code 1 = Fragment Reassembly Time Exceeded. 

Q70. Which of the following systems would not respond correctly to an nmap XMAS scan? 

A. Windows 2000 Server running IIS 5 

B. Any Solaris version running SAMBA Server 

C. Any version of IRIX 

D. RedHat Linux 8.0 running Apache Web Server 

Answer: A

Explanation: When running a XMAS Scan, if a RST packet is received, the port is considered closed, while no response means it is open|filtered. The big downside is that not all systems follow RFC 793 to the letter. A number of systems send RST responses to the probes regardless of whether the port is open or not. This causes all of the ports to be labeled closed. Major operating systems that do this are Microsoft Windows, many Cisco devices, BSDI, and IBM OS/400. 

see more ec0-350 dumps