CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 18)

Page 17 of 191
PDF with 878 Questions

Which of the following is most effective against passwords ?
Select the Answer:

  1. Dictionary Attack
  2. BruteForce attack
  3. Targeted Attack
  4. Manual password Attack

Answer(s): B

Explanation:

The most effective means of password attack is brute force, in a brute force attack the program will attempt to use every possible combination of characters. While this takes longer then a dictionary attack, which uses a text file of real words, it is always capable of breaking the password.



Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his test?

  1. IP Range, OS, and patches installed.
  2. Only the IP address range.
  3. Nothing but corporate name.
  4. All that is available from the client site.

Answer(s): C

Explanation:

Penetration tests can be conducted in one of two ways: black-box (with no prior knowledge the infrastructure to be tested) or white-box (with complete knowledge of the infrastructure to be tested). As you might expect, there are conflicting opinions about this choice and the value that either approach will bring to a project.



You want to use netcat to generate huge amount of useless network data continuously for various performance testing between 2 hosts.
Which of the following commands accomplish this?

  1. Machine A
    #yes AAAAAAAAAAAAAAAAAAAAAA | nc –v –v –l –p 2222 > /dev/null
    Machine B
    #yes BBBBBBBBBBBBBBBBBBBBBB | nc machinea 2222 > /dev/null
  2. Machine A
    cat somefile | nc –v –v –l –p 2222
    Machine B
    cat somefile | nc othermachine 2222
  3. Machine A
    nc –l –p 1234 | uncompress –c | tar xvfp
    Machine B
    tar cfp - /some/dir | compress –c | nc –w 3 machinea 1234
  4. Machine A
    while true : do
    nc –v –l –s –p 6000 machineb 2
    Machine B
    while true ; do
    nc –v –l –s –p 6000 machinea 2
    done

Answer(s): A

Explanation:

Machine A is setting up a listener on port 2222 using the nc command and then having the letter A sent an infinite amount of times, when yes is used to send data yes NEVER stops until it recieves a break signal from the terminal (Control+C), on the client end (machine B), nc is being used as a client to connect to machine A, sending the letter B and infinite amount of times, while both clients have established a TCP connection each client is infinitely sending data to each other, this process will run FOREVER until it has been stopped by an administrator or the attacker.



Global deployment of RFC 2827 would help mitigate what classification of attack?

  1. Sniffing attack
  2. Denial of service attack
  3. Spoofing attack
  4. Reconnaissance attack
  5. Prot Scan attack

Answer(s): C

Explanation:

RFC 2827 - Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts