[Free] 2018(Jan) EnsurePass Testking ECCouncil EC0-350 Dumps with VCE and PDF 281-290

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 281 – (Topic 3)

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

  1. The victim user must open the malicious link with an Internet Explorer prior to version 8.

  2. The session cookies generated by the application do not have the HttpOnly flag set.

  3. The victim user must open the malicious link with a Firefox prior to version 3.

  4. The web application should not use random tokens.

Answer: D

Question No: 282 – (Topic 3)

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?

  1. Man-in-the-middle attack

  2. Brute-force attack

  3. Dictionary attack

  4. Session hijacking

Answer: C

Question No: 283 – (Topic 3)

A security engineer is attempting to map a company’s internal network. The engineer enters in the following NMAP commanD.

NMAP -n -sS -P0 -p 80 ***.***.**.** What type of scan is this?

  1. Quick scan

  2. Intense scan

  3. Stealth scan

  4. Comprehensive scan

Answer: C

Question No: 284 – (Topic 3)

Which of the following statements are true regarding N-tier architecture? (Choose two.)

  1. Each layer must be able to exist on a physically independent system.

  2. The N-tier architecture must have at least one logical layer.

  3. Each layer should exchange information only with the layers above and below it.

  4. When a layer is changed or updated, the other layers must also be recompiled or modified.

Answer: A,C

Question No: 285 – (Topic 3)

To see how some of the hosts on your network react, Winston sends out SYN packets to an IP range. A number of IPs respond with a SYN/ACK response. Before the connection is established he sends RST packets to those hosts to stop the session. Winston has done this to see how his intrusion detection system will log the traffic. What type of scan is Winston attempting here?

  1. Winston is attempting to find live hosts on your company#39;s network by using an XMAS scan.

  2. He is utilizing a SYN scan to find live hosts that are listening on your network.

  3. This type of scan he is using is called a NULL scan.

  4. He is using a half-open scan to find live hosts on your network.

Answer: D

Question No: 286 – (Topic 3)

If an attacker#39;s computer sends an IPID of 31400 to a zombie (Idle Scanning) computer on an open port, what will be the response?

A. 31400

B. 31402

C. The zombie will not send a response

D. 31401

Answer: B Explanation:

31402 is the correct answer.

Question No: 287 – (Topic 3)

Which of the following Exclusive OR transforms bits is NOT correct?

  1. 0 xor 0 = 0

  2. 1 xor 0 = 1

  3. 1 xor 1 = 1

  4. 0 xor 1 = 1

Answer: C

Question No: 288 – (Topic 3)

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

  1. Vulnerability scanning

  2. Social engineering

  3. Application security testing

  4. Network sniffing

Answer: B

Question No: 289 – (Topic 3)

Jacob is looking through a traffic log that was captured using Wireshark. Jacob has come across what appears to be SYN requests to an internal computer from a spoofed IP address. What is Jacob seeing here?

  1. Jacob is seeing a Smurf attack.

  2. Jacob is seeing a SYN flood.

  3. He is seeing a SYN/ACK attack.

  4. He has found evidence of an ACK flood.

Answer: B

Question No: 290 – (Topic 3)

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to sniff all of the packets in the network?

  1. Fraggle

  2. MAC Flood

  3. Smurf

  4. Tear Drop

Answer: B

100% Ensurepass Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC0-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No