[Free] 2018(Jan) EnsurePass Testking ECCouncil EC0-350 Dumps with VCE and PDF 561-570

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 561 – (Topic 6)

Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

  1. UDP is filtered by a gateway

  2. The packet TTL value is too low and cannot reach the target

  3. The host might be down

  4. The destination network might be down

  5. The TCP windows size does not match

  6. ICMP is filtered by a gateway

Answer: A,B,C,F

Explanation: If the destination host or the destination network is down there is no way to get an answer and if TTL (Time To Live) is set too low the UDP packets will “die” before reaching the host because of too many hops between the scanning computer and the target. The TCP receive window size is the amount of received data (in bytes) that can be buffered during a connection. The sending host can send only that amount of data before it must wait for an acknowledgment and window update from the receiving host and ICMP is mainly used for echo requests and not in port scans.

Question No: 562 – (Topic 6)

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com

Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately.

Which organization coordinates computer crime investigations throughout the United States?

  1. NDCA

  2. NICP

  3. CIRP

  4. NPC

  5. CIA

Answer: D

Question No: 563 – (Topic 6)

While reviewing the result of scanning run against a target network you come across the following:

Ensurepass 2018 PDF and VCE

Which among the following can be used to get this output?

  1. A Bo2k system query.

  2. nmap protocol scan

  3. A sniffer

  4. An SNMP walk

Answer: D

Explanation: SNMP lets you quot;readquot; information from a device. You make a query of the server (generally known as the quot;agentquot;). The agent gathers the information from the host system and returns the answer to your SNMP client. It#39;s like having a single interface for all your informative Unix commands. Output like system.sysContact.0 is called a MIB.

Question No: 564 – (Topic 6)

A XYZ security System Administrator is reviewing the network system log files.

He notes the following:

->Network log files are at 5 MB at 12:00 noon.

->At 14:00 hours, the log files at 3 MB.

What should he assume has happened and what should he do about the situation?

  1. He should contact the attacker’s ISP as soon as possible and have the connection disconnected.

  2. He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.

  3. He should log the file size, and archive the information, because the router crashed.

  4. He should run a file system check, because the Syslog server has a self correcting file system problem.

  5. He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Answer: B

Explanation: You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy.

Question No: 565 – (Topic 6)

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

  1. CHAT rooms

  2. WHOIS database

  3. News groups

  4. Web sites

  5. Search engines

  6. Organization’s own web site

Answer: A,B,C,D,E,F

Explanation: A Security tester should search for information everywhere that he/she can access. You never know where you find that small piece of information that could penetrate a strong defense.

Question No: 566 – (Topic 6)

What is the proper response for a X-MAS scan if the port is closed?

  1. SYN

  2. ACK

  3. FIN

  4. PSH

  5. RST

  6. No response

Answer: E Explanation:

Closed ports respond to a X-MAS scan with a RST.

Question No: 567 – (Topic 6)

John has scanned the web server with NMAP. However, he could not gather enough information to help him identify the operating system running on the remote host accurately.

What would you suggest to John to help identify the OS that is being used on the remote web server?

  1. Connect to the web server with a browser and look at the web page.

  2. Connect to the web server with an FTP client.

  3. Telnet to port 8080 on the web server and look at the default page code.

  4. Telnet to an open port and grab the banner.

Answer: D

Explanation: Most people don’t care about changing the banners presented by applications listening to open ports and therefore you should get fairly accurate information when grabbing banners from open ports with, for example, a telnet application.

Question No: 568 – (Topic 6)

You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs?

  1. The zombie you are using is not truly idle.

  2. A stateful inspection firewall is resetting your queries.

  3. Hping2 cannot be used for idle scanning.

  4. These ports are actually open on the target system.

Answer: A

Explanation: If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you.

Question No: 569 – (Topic 6)

While investigating a claim of a user downloading illegal material, the investigator goes through the files on the suspect#39;s workstation. He comes across a file that is just called quot;file.txtquot; but when he opens it, he finds the following:

Ensurepass 2018 PDF and VCE

What can he infer from this file?

  1. A picture that has been renamed with a .txt extension

  2. An encrypted file

  3. An encoded file

  4. A buffer overflow

Answer: D

Question No: 570 – (Topic 6)

Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic?

  1. Network aliasing

  2. Domain Name Server (DNS) poisoning

  3. Reverse Address Resolution Protocol (ARP)

  4. Port scanning

Answer: B Explanation:

This reference is close to the one listed DNS poisoning is the correct answer.

This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning.

100% Ensurepass Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC0-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No