Testking is usually a boss from the cause of applicants most abundant in present schooling supplies for your EC-Council qualifications audit preparing. The most beneficial schooling is usually a organic EC-Council ec0-350 CBT inside Testking ( space ) definately not any terrible human brain EC-Council ec0-350 soil, EC-Council ec0-350 expense of the particular niece, the value of costs level associated with give back EC-Council ec0-350 along with ec0-350 papers are wonderful , absolutely the warranty EC-Council ec0-350 tried the 1st attempt.
2021 Aug ec0-350 braindumps
Q141. John is using tokens for the purpose of strong authentication. He is not confident that his security is considerably strong.
In the context of Session hijacking why would you consider this as a false sense of security?
A. The token based security cannot be easily defeated.
B. The connection can be taken over after authentication.
C. A token is not considered strong authentication.
D. Token security is not widely used in the industry.
Answer: B
Explanation: A token will give you a more secure authentication, but the tokens will not help against attacks that are directed against you after you have been authenticated.
Q142. Usernames, passwords, e-mail addresses, and the location of CGI scripts may be obtained from which of the following information sources?
A. Company web site
B. Search engines
C. EDGAR Database query
D. Whois query
Answer: A
Explanation: Whois query would not enable us to find the CGI scripts whereas in the actual website, some of them will have scripts written to make the website more user friendly. The EDGAR database would in fact give us a lot of the information requested but not the location of CGI scripts, as would a simple search engine on the Internet if you have the time needed.
Q143. What file system vulnerability does the following command take advantage of?
type c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
A. HFS
B. ADS
C. NTFS
D. Backdoor access
Answer: B
Explanation: ADS (or Alternate Data Streams) is a “feature” in the NTFS file system that makes it possible to hide information in alternate data streams in existing files. The file can have multiple data streams and the data streams are accessed by filename:stream.
Q144. What happens when one experiences a ping of death?
A. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the “type” field in the ICMP header is set to 18 (Address Mask Reply).
B. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset ‘ 8) + (IP data length) >65535. In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
C. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the source equal to destination address.
D. This is when an the IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).
Answer: B
Explanation: A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offest where (IP offset *8) + (IP data length)>65535. This means that when the packet is reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine's OS (becouse the buffer sizes are defined only to accomodate the maximum allowed size of the packet based on RFC 791)...IDS can generally recongize such attacks by looking for packet fragments that have the IP header's protocol field set to 1 (ICMP), the last bit set, and (IP offset *8) +(IP data length)>65535" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 "Ping of Death" attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being data. Ping of Death attacks can cause crashing, freezing, and rebooting.
Q145. An nmap command that includes the host specification of 202.176.56-57.* will scan _______ number of hosts.
A. 2
B. 256
C. 512
D. Over 10,000
Answer: C
Explanation: The hosts with IP address 202.176.56.0-255 & 202.176.56.0-255 will be scanned (256+256=512)
Update ec0-350 torrent:
Q146. John the hacker is sniffing the network to inject ARP packets. He injects broadcast frames onto the wire to conduct MiTM attack. What is the destination MAC address of a broadcast frame?
A. 0xFFFFFFFFFFFF
B. 0xAAAAAAAAAAAA
C. 0xBBBBBBBBBBBB
D. 0xDDDDDDDDDDDD
Answer: A
Explanation: 0xFFFFFFFFFFFF is the destination MAC address of the broadcast frame.
Q147. LM authentication is not as strong as Windows NT authentication so you may want to disable its use, because an attacker eavesdropping on network traffic will attack the weaker protocol. A successful attack can compromise the user's password. How do you disable LM authentication in Windows XP?
A. Stop the LM service in Windows XP
B. Disable LSASS service in Windows XP
C. Disable LM authentication in the registry
D. Download and install LMSHUT.EXE tool from Microsoft website
Answer: C
Explanation: http://support.microsoft.com/kb/299656
Q148. Peter is a Network Admin. He is concerned that his network is vulnerable to a smurf attack.
What should Peter do to prevent a smurf attack?
Select the best answer.
A. He should disable unicast on all routers
B. Disable multicast on the router
C. Turn off fragmentation on his router
D. Make sure all anti-virus protection is updated on all systems
E. Make sure his router won't take a directed broadcast
Answer: E
Explanation: Unicasts are one-to-one IP transmissions, by disabling this he would disable most network transmissions but still not prevent the smurf attack. Turning of multicast or fragmentation on the router has nothing to do with Peter’s concerns as a smurf attack uses broadcast, not multicast and has nothing to do with fragmentation. Anti-virus protection will not help prevent a smurf attack. A smurf attack is a broadcast from a spoofed source. If directed broadcasts are enabled on the destination all the computers at the destination will respond to the spoofed source, which is really the victim. Disabling directed broadcasts on a router can prevent the attack.
Q149. Because UDP is a connectionless protocol: (Select 2)
A. UDP recvfrom() and write() scanning will yield reliable results
B. It can only be used for Connect scans
C. It can only be used for SYN scans
D. There is no guarantee that the UDP packets will arrive at their destination
E. ICMP port unreachable messages may not be returned successfully
Answer: DE
Explanation: Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP scanners must also implement retransmission of packets that appear to be lost (or you will get a bunch of false positives).
Q150. You work as security technician at ABC.com. While doing web application testing, you might be required to look through multiple web pages online which can take a long time. Which of the processes listed below would be a more efficient way of doing this type of validation?
A. Use mget to download all pages locally for further inspection.
B. Use wget to download all pages locally for further inspection.
C. Use get* to download all pages locally for further inspection.
D. Use get() to download all pages locally for further inspection.
Answer: B
Explanation: Wget is a utility used for mirroring websites, get* doesn’t work, as for the actual FTP command to work there needs to be a space between get and * (ie. get *), get(); is just bogus, that’s a C function that’s written 100% wrong. mget is a command used from “within” ftp itself, ruling out A. Which leaves B use wget, which is designed for mirroring and download files, especially web pages, if used with the –R option (ie. wget –R www.ABC.com) it could mirror a site, all expect protected portions of course.
Note: GNU Wget is a free network utility to retrieve files from the World Wide Web using HTTP and FTP and can be used to make mirrors of archives and home pages thus enabling work in the background, after having logged off.