Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

EC-Council EC0-350 Exam Questions
Ethical Hacking and Countermeasures (Page 11 )

Updated On: 17-Feb-2026
Page 11 of 153
PDF with 878 Questions

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

  1. Invalid Username
  2. Invalid Password
  3. Authentication Failure
  4. Login Attempt Failed
  5. Access Denied

Answer(s): A,B

Explanation:

As little information as possible should be given about a failed login attempt. Invalid username or password is not desirable.



The programmers on your team are analyzing the free, open source software being used to run FTP services on a server. They notice that there is an excessive number of fgets() and gets() on the source code. These C++ functions do not check bounds.
What kind of attack is this program susceptible to?

  1. Buffer of Overflow
  2. Denial of Service
  3. Shatter Attack
  4. Password Attack

Answer(s): A

Explanation:

C users must avoid using dangerous functions that do not check bounds unless they've ensured that the bounds will never get exceeded. A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer's boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program.



In which of the following should be performed first in any penetration test?

  1. System identification
  2. Intrusion Detection System testing
  3. Passive information gathering
  4. Firewall testing

Answer(s): C



If you receive a RST packet while doing an ACK scan, it indicates that the port is open.(True/False).

  1. True
  2. False

Answer(s): A

Explanation:

When and ACK is sent to an open port, a RST is returned.



Symmetric encryption algorithms are known to be fast but present great challenges on the key management side. Asymmetric encryption algorithms are slow but allow communication with a remote host without having to transfer a key out of band or in person. If we combine the strength of both crypto systems where we use the symmetric algorithm to encrypt the bulk of the data and then use the asymmetric encryption system to encrypt the symmetric key, what would this type of usage be known as?

  1. Symmetric system
  2. Combined system
  3. Hybrid system
  4. Asymmetric system

Answer(s): C

Explanation:

Because of the complexity of the underlying problems, most public-key algorithms involve operations such as modular multiplication and exponentiation, which are much more computationally expensive than the techniques used in most block ciphers, especially with typical key sizes. As a result, public-key cryptosystems are commonly "hybrid" systems, in which a fast symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed.






Post your Comments and Discuss EC-Council EC0-350 exam dumps with other Community members:

Join the EC0-350 Discussion