Real ec0-350 bundle Reviews & Tips

It is impossible to pass EC-Council ec0-350 exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed EC-Council ec0-350 practice questions. You will get a surprising result by our Avant-garde ethical hacking and countermeasures practice guides.

2021 Feb ec0-350 free exam questions

Q161. Which of the following Nmap commands would be used to perform a stack fingerprinting? 

A. Nmap -O -p80 <host(s.> 

B. Nmap -hU -Q<host(s.> 

C. Nmap -sT -p <host(s.> 

D. Nmap -u -o -w2 <host> 

E. Nmap -sS -0p target 

Answer: A

Explanation: This option activates remote host identification via TCP/IP fingerprinting. In other words, it uses a bunch of techniques to detect subtlety in the underlying operating system network stack of the computers you are scanning. It uses this information to create a "fingerprint" which it compares with its database of known OS fingerprints (the nmap-os-fingerprints file. to decide what type of system you are scanning. 

Q162. John is using a special tool on his Linux platform that has a signature database and is therefore able to detect hundred of vulnerabilities in UNIX, Windows, and commonly-used web CGI scripts. Additionally, the database detects DDoS zombies and Trojans. What would be the name of this multifunctional tool? 

A. nmap 

B. hping 

C. nessus 

D. make 

Answer: C

Explanation: Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations world-wide. Nmap is mostly used for scanning, not for detecting vulnerabilities. Hping is a free packet generator and analyzer for the TCP/IP protocol and make is used to automatically build large applications on the *nix plattform. 

Q163. LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP? 

A. Stop the LM service in Windows XP 

B. Disable LSASS service in Windows XP 

C. Disable LM authentication in the registry 

D. Download and install LMSHUT.EXE tool from Microsoft website 

Answer: C


Q164. Exhibit: 

The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack. You also notice "/bin/sh" in the ASCII part of the output. As an analyst what would you conclude about the attack? 

A. The buffer overflow attack has been neutralized by the IDS 

B. The attacker is creating a directory on the compromised machine 

C. The attacker is attempting a buffer overflow attack and has succeeded 

D. The attacker is attempting an exploit that launches a command-line shell 

Answer: D

Explanation: This log entry shows a hacker using a buffer overflow to fill the data buffer and trying to insert the execution of /bin/sh into the executable code part of the thread. It is probably an existing exploit that is used, or a directed attack with a custom built buffer overflow with the “payload” that launches the command shell. 

Q165. You are writing an antivirus bypassing Trojan using C++ code wrapped into chess.c to create an executable file chess.exe. This Trojan when executed on the victim machine, scans the entire system (c:) for data with the following text “Credit Card” and “password”. It then zips all the scanned files and sends an email to a predefined hotmail address. 

You want to make this Trojan persistent so that it survives computer reboots. Which registry entry will you add a key to make it persistent? 






Explanation: HKEY_LOCAL_MACHINE would be the natural place for a registry entry that starts services when the MACHINE is rebooted. 

Topic 7, Sniffers 

248. Exhibit: 

ettercap –NCLzs --quiet 

What does the command in the exhibit do in “Ettercap”? 

A. This command will provide you the entire list of hosts in the LAN 

B. This command will check if someone is poisoning you and will report its IP. 

C. This command will detach from console and log all the collected passwords from the network to a file. 

D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs. 

Answer: C

Explanation: -N = NON interactive mode (without ncurses) 

-C = collect all users and passwords 

-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the 

form "YYYYMMDD-collected-pass.log" 

-z = start in silent mode (no arp storm on start up) 

-s = IP BASED sniffing 

--quiet = "demonize" ettercap. Useful if you want to log all data in background. 

Replace ec0-350 free question:

Q166. ou are gathering competitive intelligence on You notice that they have jobs 

listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization? 

A. The IP range used by the target network 

B. An understanding of the number of employees in the company 

C. How strong the corporate security policy is 

D. The types of operating systems and applications being used. 

Answer: D

Explanation: From job posting descriptions one can see which is the set of skills, technical knowledge, system experience required, hence it is possible to argue what kind of operating systems and applications the target organization is using. 

Q167. What port scanning method is the most reliable but also the most detectable? 

A. Null Scanning 

B. Connect Scanning 

C. ICMP Scanning 

D. Idlescan Scanning 

E. Half Scanning 

F. Verbose Scanning 

Answer: B

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. 

Q168. What ICMP message types are used by the ping command? 

A. Timestamp request (13) and timestamp reply (14) 

B. Echo request (8) and Echo reply (0) 

C. Echo request (0) and Echo reply (1) 

D. Ping request (1) and Ping reply (2) 

Answer: B

Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo 

Q169. An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system. 

What is the most probable reason? 

A. The firewall is blocking port 23 to that system. 

B. He cannot spoof his IP and successfully use TCP. 

C. He needs to use an automated tool to telnet in. 

D. He is attacking an operating system that does not reply to telnet even when open. 


Explanation: Spoofing your IP will only work if you don’t need to get an answer from the target system. In this case the answer (login prompt) from the telnet session will be sent to the “real” location of the IP address that you are showing as the connection initiator. 

Q170. You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges? 

A. Administrator 



D. Whatever account IIS was installed with 

Answer: C

Explanation: If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM. 

see more ec0-350 dumps