[Free] 2018(Jan) EnsurePass Testking ECCouncil EC0-350 Dumps with VCE and PDF 611-620

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC0-350
100% Free Download! 100% Pass Guaranteed!

Ethical Hacking and Countermeasures V8

Question No: 611 – (Topic 7)

What is a Trojan Horse?

  1. A malicious program that captures your username and password

  2. Malicious code masquerading as or replacing legitimate code

  3. An unauthorized user who gains access to your user database and adds themselves as a user

  4. A server that is to be sacrificed to all hacking attempts in order to log and monitor the hacking activity

Answer: B Explanation:

A Trojan Horse is an apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data.

Question No: 612 – (Topic 7)

You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for open ports and you notice a strange port 6666 open.

What is the next step you would do?

  1. Re-install the operating system.

  2. Re-run anti-virus software.

  3. Install and run Trojan removal software.

  4. Run utility fport and look for the application executable that listens on port 6666.

Answer: D

Explanation: Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the #39;netstat -an#39; command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Question No: 613 – (Topic 7)

What ports should be blocked on the firewall to prevent NetBIOS traffic from not coming through the firewall if your network is comprised of Windows NT, 2000, and XP?(Choose all that apply.

A. 110

B. 135

C. 139

D. 161

E. 445

F. 1024

Answer: B,C,E

Explanation: NetBIOS traffic can quickly be used to enumerate and attack Windows computers. Ports 135, 139, and 445 should be blocked.

Question No: 614 – (Topic 7)

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

  1. Full Blown

  2. Thorough

  3. Hybrid

  4. BruteDics

Answer: C

Explanation: A combination of Brute force and Dictionary attack is called a Hybrid attack

or Hybrid dictionary attack.

Question No: 615 – (Topic 7)

Which of the following statements about a zone transfer correct?(Choose three.

  1. A zone transfer is accomplished with the DNS

  2. A zone transfer is accomplished with the nslookup service

  3. A zone transfer passes all zone information that a DNS server maintains

  4. A zone transfer passes all zone information that a nslookup server maintains

  5. A zone transfer can be prevented by blocking all inbound TCP port 53 connections

  6. Zone transfers cannot occur on the Internet

Answer: A,C,E

Explanation: Securing DNS servers should be a priority of the organization. Hackers obtaining DNS information can discover a wealth of information about an organization. This information can be used to further exploit the network.

Question No: 616 – (Topic 7)

What is GINA?

  1. Gateway Interface Network Application

  2. GUI Installed Network Application CLASS

  3. Global Internet National Authority (G-USA)

  4. Graphical Identification and Authentication DLL

Answer: D

Explanation: In computing, GINA refers to the graphical identification and authentication library, a component of some Microsoft Windows operating systems that provides secure authentication and interactive logon services.

Question No: 617 – (Topic 7)

When Jason moves a file via NFS over the company#39;s network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

  1. macof

  2. webspy

  3. filesnarf

  4. nfscopy

Answer: C

Explanation: Filesnarf – sniff files from NFS traffic OPTIONS

-i interface

Specify the interface to listen on.

-v quot;Versusquot; mode. Invert thesenseofmatching, to select non-matching files.


Specify regular expression for filename matching.


Specifyatcpdump(8)filter expression to select traffic to sniff.


Dsniff, nfsd

Question No: 618 – (Topic 7)

What is the algorithm used by LM for Windows2000 SAM?

  1. MD4

  2. DES

  3. SHA

  4. SSL

    Answer: B

    Explanation: Okay, this is a tricky question. We say B, DES, but it could be A “MD4” depending on what their asking – Windows 2000/XP keeps users passwords not quot;apparentlyquot;, but as hashes, i.e. actually as quot;check sumquot; of the passwords. Let#39;s go into the passwords keeping at large. The most interesting structure of the complex SAM-file building is so called V-block. It#39;s size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length, and hash used during the authentication of access to the common resources of other computers LanMan Hash, or simply LM Hash, of the same 16-byte length. Algorithms of the formation of these hashes are following:

    NT Hash formation:

    1. User password is being generated to the Unicode-line.

    2. Hash is being generated based on this line using MD4 algorithm.

    3. Gained hash in being encoded by the DES algorithm, RID (i.e. user identifier) had been used as a key. It was necessary for gaining variant hashes for users who have equal passwords. You remember that all users have different RIDs (RID of the Administrator#39;s built in account is 500, RID of the Guest#39;s built in account is 501, all other users get RIDs equal 1000, 1001, 1002, etc.).

LM Hash formation:

  1. User password is being shifted to capitals and added by nulls up to 14-byte length.

  2. Gained line is divided on halves 7 bytes each, and each of them is being encoded separately using DES, output is 8-byte hash and total 16-byte hash.

  3. Then LM Hash is being additionally encoded the same way as it had been done in the NT Hash formation algorithm step 3.

    Question No: 619 – (Topic 7)

    What is the proper response for a NULL scan if the port is open?

    1. SYN

    2. ACK

    3. FIN

    4. PSH

    5. RST

    6. No response

Answer: F

Explanation: A NULL scan will have no response if the port is open.

Question No: 620 – (Topic 7)

In the following example, which of these is the quot;exploitquot;?

Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting.

Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites.

Select the best answer.

  1. Microsoft Corporation is the exploit.

  2. The security quot;holequot; in the product is the exploit.

  3. Windows 2003 Server

  4. The exploit is the hacker that would use this vulnerability.

  5. The documented method of how to use the vulnerability to gain unprivileged access.

Answer: E

Explanation: Explanations:

Microsoft is not the exploit, but if Microsoft documents how the vulnerability can be used to gain unprivileged access, they are creating the exploit. If they just say that there is a hole in the product, then it is only a vulnerability. The security quot;holequot; in the product is called the quot;vulnerabilityquot;. It is documented in a way that shows how to use the vulnerability to gain unprivileged access, and it then becomes an quot;exploitquot;. In the example given, Windows 2003 Server is the TOE (Target of Evaluation). A TOE is an IT System, product or component that requires security evaluation or is being identified. The hacker that would use this vulnerability is exploiting it, but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged access is the correct answer.

100% Ensurepass Free Download!
Download Free Demo:EC0-350 Demo PDF
100% Ensurepass Free Guaranteed!
EC0-350 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No