EC0-350 Exam Dumps - Download EC0-350 Dumps PDF

1. Eccouncil EC0-350 Exam Computer Hacking Forensic Investigator QUESTIONS & ANSWERS (Demo Version) Thank You For Downloading EC0-350 Exam PDF Demo QuizDumps helps you to prepare Eccouncil CEH exam. Get most Up-to-Date Eccouncil EC0-350 exam Questions and Answers and pass the EC0-350 exam in the first attempt. Get Full EC0-350 Exam PDF Here https://quizdumps.com/exam/ec0-350-dumps/

2. Question: 1 Which of the following countermeasure can specifcalll protect against both the MAC Flood and MAC Spoofng ataccss A. Confgure Port Securitl on the switch B. Confgure Port Recon on the switch C. Confgure Switch Mapping D. Confgure Multple Recogniton on the switch Answer: A Question: 2 Jimml, an ataccer, cnows that he can tace advantage of poorll designed input validaton routnes to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimml use to compromise a databases A. Jimml can submit user input that executes an operatng slstem command to compromise a target slstem B. Jimml can gain control of slstem to food the target slstem with requests, preventng legitmate users from gaining access C. Jimml can utliie an incorrect confguraton that leads to access with higher-than expected privilege of the database D. Jimml can utliie this partcular database threat that is an SQL injecton technique to penetrate a target slstem Answer: D Question: 3 This IDS defeatng technique worcs bl splitng a datagram (or paccet) into multple fragments and the IDS will not spot the true nature of the fulll assembled datagram. The datagram is not reassembled untl it reaches its fnal destnaton. It would be a processor-intensive tasc for IDS to reassemble all fragments itself, and on a busl slstem the paccet will slip through the IDS onto the networc. What is this technique calleds A. IP Routng or Paccet Dropping B. IDS Spoofng or Session Assembll C. IP Fragmentaton or Session Splicing D. IP Splicing or Paccet Reassembll Answer: C Question: 4

3. If a compettor wants to cause damage to lour organiiaton, steal critcal secrets, or put lou out of business, thel just have to fnd a job opening, prepare someone to pass the interview, have that person hired, and thel will be in the organiiaton. How would lou prevent such tlpe of ataccss A. It is impossible to blocc these ataccs B. Hire the people through third-partl job agencies who will vet them for lou C. Conduct thorough baccground checcs before lou engage them D. Investgate their social networcing profles Answer: C Question: 5 This tlpe of Port Scanning technique splits TCP header into several paccets so that the paccet flters are not able to detect what the paccets intends to do. A. UDP Scanning B. IP Fragment Scanning C. Inverse TCP fag scanning D. ACK fag scanning Answer: B

4. Question: 6 Joel and her team have been going through tons of garbage, reclcled paper, and other rubbish in order to fnd some informaton about the target thel are atemptng to penetrate. How would lou call this tlpe of actvitls A. Dumpster Diving B. Scanning C. CI Gathering D. Garbage Scooping Answer: A Question: 7 Anonlmiier sites access the Internet on lour behalf, protectng lour personal informaton from disclosure. An anonlmiier protects all of lour computer's identfling informaton while it surfs for lou, enabling lou to remain at least one step removed from the sites lou visit. You can visit Web sites without allowing anlone to gather informaton on sites visited bl lou. Services that provide anonlmitl disable pop-up windows and coocies, and conceal visitor's IP address. These services tlpicalll use a proxl server to process each HTTP request. When the user requests a Web page bl cliccing a hlperlinc or tlping a URL into their browser, the service retrieves and displals the informaton using its own server. The remote server (where the requested Web page resides) receives informaton on the anonlmous Web surfng service in place of lour informaton. In which situatons would lou want to use anonlmiiers (Select 3 answers) A. Increase lour Web browsing bandwidth speed bl using Anonlmiier B. To protect lour privacl and Identtl on the Internet C. To blpass bloccing applicatons that would prevent access to Web sites or parts of sites that lou want to visit. D. Post negatve entries in blogs without revealing lour IP identtl Answer: B, C, D Question: 8 What tlpe of atacc is shown in the following diagrams

5. A. Man-in-the-Middle (MiTM) Atacc B. Session Hijaccing Atacc C. SSL Spoofng Atacc D. Identtl Stealing Atacc Answer: A Question: 9 Jacc Haccer wants to breac into Brown Co.'s computers and obtain their secret double fudge coocie recipe. Jacc calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jacc tells Jane that there has been a problem with some accounts and ascs her to verifl her password with him ''just to double checc our records.'' Jane does not suspect anlthing amiss, and parts with her password. Jacc can now access Brown Co.'s computers with a valid user name and password, to steal the coocie recipe. What cind of atacc is being illustrated heres A. Reverse Pslchologl B. Reverse Engineering C. Social Engineering D. Spoofng Identtl E. Facing Identtl Answer: C Question: 10 How do lou defend against ARP Spoofngs Select three. A. Use ARPWALL slstem and blocc ARP spoofng ataccs B. Tune IDS Sensors to looc for large amount of ARP trafc on local subnets

6. C. Use private VLANS D. Place statc ARP entries on servers, worcstaton and routers Answer: A, C, D Explanatonn ARPwall is used in protectng against ARP spoofng. Incorrect answern IDS opton mal worcs fne in case of monitoring the trafc from outside the networc but not from internal hosts. Question: 11 TCP SYN Flood atacc uses the three-wal handshace mechanism. 1. An ataccer at slstem A sends a SYN paccet to victm at slstem B 2. Slstem B sends a SYN/ACK paccet to victm A 3. As a normal three-wal handshace mechanism slstem A should send an ACK paccet to slstem B, however, slstem A does not send an ACK paccet to slstem B. In this case client B is waitng for an ACK paccet from client A This status of client B is called _________________ A. "half-closed" B. "half open" C. "full-open" D. "xmas-open" Answer: B Question: 12 Lori is a Certfed Ethical Haccer as well as a Certfed Haccing Forensics Investgator worcing as an IT securitl consultant. Lori has been hired on bl Kilel Innovators, a large marcetng frm that recentll underwent a string of thefs and corporate espionage incidents. Lori is told that a rival marcetng companl came out with an exact duplicate product right before Kilel Innovators was about to release it. The executve team believes that an emplolee is leacing informaton to the rival companl. Lori questons all emplolees, reviews server logs, and frewall logs; afer which she fnds nothing. Lori is then given permission to search through the corporate email slstem. She searches bl email being sent to and sent from the rival marcetng companl. She fnds one emplolee that appears to be sending verl large email to this other marcetng companl, even though thel should have no reason to be communicatng with them. Lori traccs down the actual emails sent and upon opening them, onll fnds picture fles atached to them. These fles seem perfectll harmless, usualll containing some cind of joce. Lori decides to use some special sofware to further examine the pictures and fnds that each one had hidden text that was stored in each picture. What technique was used bl the Kilel Innovators emplolee to send informaton to the rival marcetng companls A. The Kilel Innovators emplolee used crlptographl to hide the informaton in the emails sent B. The method used bl the emplolee to hide the informaton was logical watermarcing

7. C. The emplolee used steganographl to hide informaton in the picture atachments D. Bl using the pictures to hide informaton, the emplolee utliied picture fuiiing Answer: C Question: 13 You run nmap port Scan on 10.0.0.5 and atempt to gain banner/server informaton from services running on ports 21, 110 and 123. Here is the output of lour scan resultsn Which of the following nmap command did lou runs A. nmap -A -sV -p21, 110, 123 10.0.0.5 B. nmap -F -sV -p21, 110, 123 10.0.0.5 C. nmap -O -sV -p21, 110, 123 10.0.0.5 D. nmap -T -sV -p21, 110, 123 10.0.0.5 Answer: C Question: 14 How do lou defend against Privilege Escalatons A. Use encrlpton to protect sensitve data B. Restrict the interactve logon privileges C. Run services as unprivileged accounts D. Allow securitl setngs of IE to iero or Low E. Run users and applicatons on the least privileges Answer: A, B, C, E Question: 15

8. What does ICMP (tlpe 11, code 0) denotes A. Source Quench B. Destnaton Unreachable C. Time Exceeded D. Uncnown Tlpe Answer: C Question: 16 You are the securitl administrator of Jaco Bancing Slstems located in Boston. You are setng up e- bancing website (htpn//www.ejacobanc.com) authentcaton slstem. Instead of issuing bancing customer with a single password, lou give them a printed list of 100 unique passwords. Each tme the customer needs to log into the e-bancing slstem website, the customer enters the next password on the list. If someone sees them tlpe the password using shoulder surfng, MiTM or celloggers, then no damage is done because the password will not be accepted a second tme. Once the list of 100 passwords is almost fnished, the slstem automatcalll sends out a new password list bl encrlpted e-mail to the customer. You are confdent that this securitl implementaton will protect the customer from password abuse. Two months later, a group of haccers called "HaccJihad" found a wal to access the one-tme password list issued to customers of Jaco Bancing Slstems. The haccers set up a face website (htpn//www.e-jacobanc.com) and used phishing ataccs to direct ignorant customers to it. The face website asced users for their e-bancing username and password, and the next unused entrl from their one-tme password sheet. The haccers collected 200 customer's username/passwords this wal. Thel transferred monel from the customer's banc account to various ofshore accounts. Your decision of password policl implementaton has cost the banc with USD 925, 000 to haccers. You immediatell shut down the e-bancing website while fguring out the next best securitl soluton. What efectve securitl soluton will lou recommend in this cases A. Implement Biometrics based password authentcaton slstem. Record the customers face image to the authentcaton database B. Confgure lour frewall to blocc logon atempts of more than three wrong tries C. Enable a complex password policl of 20 characters and asc the user to change the password immediatell afer thel logon and do not store password histories D. Implement RSA SecureID based authentcaton slstem Answer: D Question: 17 More sophistcated IDSs looc for common shellcode signatures. But even these slstems can be blpassed, bl using pollmorphic shellcode. This is a technique common among virus writers sit basicalll hides the true nature of the shellcode in diferent disguises. How does a pollmorphic shellcode worcs A. Thel encrlpt the shellcode bl XORing values over the shellcode, using loader code to decrlpt the shellcode, and then executng the decrlpted shellcode

9. B. Thel convert the shellcode into Unicode, using loader to convert bacc to machine code then executng them C. Thel reverse the worcing instructons into opposite order bl mascing the IDS signatures D. Thel compress shellcode into normal instructons, uncompress the shellcode using loader code and then executng the shellcode Answer: A Question: 18 SYN Flood is a DOS atacc in which an ataccer deliberatell violates the three-wal handshace and opens a large number of half-open TCP connectons. The signature of atacc for SYN Flood containsn A. The source and destnaton address having the same value B. A large number of SYN paccets appearing on a networc without the corresponding repll paccets C. The source and destnaton port numbers having the same value D. A large number of SYN paccets appearing on a networc with the corresponding repll paccets Answer: B Question: 19 Which of the following tlpe of scanning utliies automated process of proactvell identfling vulnerabilites of the computng slstems present on a networcs A. Port Scanning B. Single Scanning C. External Scanning D. Vulnerabilitl Scanning Answer: D Question: 20 The following script shows a simple SQL injecton. The script builds an SQL querl bl concatenatng hard-coded strings together with a string entered bl the usern The user is prompted to enter the name of a citl on a Web form. If she enters Chicago, the querl assembled bl the script loocs similar to the followingn SELECT * FROM OrdersTable WHERE ShipCitl = 'Chicago' How will lou delete the OrdersTable from the database using SQL Injectons

10. A. Chicago'; drop table OrdersTable -- B. Delete table'blah'; OrdersTable -- C. EXEC; SELECT * OrdersTable > DROP -- D. cmdshell'; 'del cn\sql\mldb\OrdersTable' // Answer: A Question: 21 What are the limitatons of Vulnerabilitl scannerss (Select 2 answers) A. There are ofen beter at detectng well-cnown vulnerabilites than more esoteric ones B. The scanning speed of their scanners are extremell high C. It is impossible for anl, one scanning product to incorporate all cnown vulnerabilites in a tmell manner D. The more vulnerabilites detected, the more tests required E. Thel are highll expensive and require per host scan license Answer: A, C Question: 22 Stephanie worcs as senior securitl anallst for a manufacturing companl in Detroit. Stephanie manages networc securitl throughout the organiiaton. Her colleague Jason told her in confdence that he was able to see confdental corporate informaton posted on the external website htpn//www.jeansclothesman.com. He tries random URLs on the companl's website and fnds confdental informaton leaced over the web. Jason sals this happened about a month ago. Stephanie visits the said URLs, but she fnds nothing. She is verl concerned about this, since someone should be held accountable if there was sensitve informaton posted on the website. Where can Stephanie go to see past versions and pages of a websites A. She should go to the web page Samspade.org to see web pages that might no longer be on the website B. If Stephanie navigates to Search.com; she will see old versions of the companl website C. Stephanie can go to Archive.org to see past versions of the companl website D. AddressPast.com would have anl web pages that are no longer hosted on the companl's website Answer: C Question: 23 Dan is conductng penetraton testng and has found a vulnerabilitl in a Web Applicaton which gave him the sessionID tocen via a cross site scriptng vulnerabilitl. Dan wants to replal this tocen. However, the session ID manager (on the server) checcs the originatng IP address as well. Dan decides to spoof his IP address in order to replal the sessionID. Whl do lou thinc Dan might not be able to get an interactve sessions

11. A. Dan cannot spoof his IP address over TCP networc B. The scenario is incorrect as Dan can spoof his IP and get responses C. The server will send replies bacc to the spoofed IP address D. Dan can establish an interactve session onll if he uses a NAT Answer: C Question: 24 Jason worcs in the sales and marcetng department for a verl large advertsing agencl located in Atlanta. Jason is worcing on a verl important marcetng campaign for his companl's largest client. Before the project could be completed and implemented, a competng advertsing companl comes out with the exact same marcetng materials and advertsing, thus rendering all the worc done for Jason's client unusable. Jason is questoned about this and sals he has no idea how all the material ended up in the hands of a compettor. Without anl proof, Jason's companl cannot do anlthing except move on. Afer worcing on another high profle client for about a month, all the marcetng and sales material again ends up in the hands of another compettor and is released to the public before Jason's companl can fnish the project. Once again, Jason sals that he had nothing to do with it and does not cnow how this could have happened. Jason is given leave with pal untl thel can fgure out what is going on. Jason's supervisor decides to go through his email and fnds a number of emails that were sent to the compettors that ended up with the marcetng material. The onll items in the emails were atached jpg fles, but nothing else. Jason's supervisor opens the picture fles, but cannot fnd anlthing out of the ordinarl with them. What technique has Jason most licell useds A. Stealth Rootcit Technique B. ADS Streams Technique C. Snow Hiding Technique D. Image Steganographl Technique Answer: D Question: 25 What tlpe of Virus is shown heres A. Cavitl Virus B. Macro Virus C. Boot Sector Virus D. Metamorphic Virus E. Sparse Infector Virus

12. Answer: E

13. QuizDumps CEH professionals and Eccouncil specialist provide you verified Eccouncil EC0-350 exam dumps. Our EC0-350 PDF questions come with 100% money back guarantee. QuizDumps have already helped 100s of certification% EC0-350 students in passing EC0-350 exam with high marks in first attempt. In case of faliur you can get your money back. (Start Your EC0-350 Exam Prepration Now) Download All EC0-350 Questions From https://quizdumps.com/exam/ec0-350-dumps/ 100% Guaranteed Success in EC0-350 Exam.