CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 24)

Page 23 of 191
PDF with 878 Questions

Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of company, he went through a few scanners that are currently available. Here are the scanners that he uses:
1. Axent’s NetRecon (http://www.axent.com)
2. SARA, by Advanced Research Organization (http://www-arc.com/sara)
3. VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, there are many other alternative ways to make sure that the services that have been scanned will be more accurate and detailed for Bob.
What would be the best method to accurately identify the services running on a victim host?

  1. Using Cheops-ng to identify the devices of company.
  2. Using the manual method of telnet to each of the open ports of company.
  3. Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for company.
  4. Using the default port and OS to make a best guess of what services are running on each port for company.

Answer(s): B

Explanation:

By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.



In the context of Trojans, what is the definition of a Wrapper?

  1. An encryption tool to protect the Trojan.
  2. A tool used to bind the Trojan with legitimate file.
  3. A tool used to encapsulated packets within a new header and footer.
  4. A tool used to calculate bandwidth and CPU cycles wasted by the Trojan.

Answer(s): B

Explanation:

These wrappers allow an attacker to take any executable back-door program and combine it with any legitimate executable, creating a Trojan horse without writing a single line of new code.



What happens when one experiences a ping of death?

  1. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the “type” field in the ICMP header is set to 18 (Address Mask Reply).
  2. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset ‘ 8) + (IP data length) >65535.
    In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet.
  3. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the source equal to destination address.
  4. This is when an the IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).

Answer(s): B

Explanation:

A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offest where (IP offset *8) + (IP data length)>65535. This means that when the packet is reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine's OS (becouse the buffer sizes are defined only to accomodate the maximum allowed size of the packet based on RFC 791)...IDS can generally recongize such attacks by looking for packet fragments that have the IP header's protocol field set to 1 (ICMP), the last bit set, and (IP offset *8) +(IP data length)>65535" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 "Ping of Death" attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being datA. Ping of Death attacks can cause crashing, freezing, and rebooting.



Samantha was hired to perform an internal security test of company. She quickly realized that all networks are making use of switches instead of traditional hubs. This greatly limits her ability to gather information through network sniffing.
Which of the following techniques can she use to gather information from the switched network or to disable some of the traffic isolation features of the switch? (Choose two)

  1. Ethernet Zapping
  2. MAC Flooding
  3. Sniffing in promiscuous mode
  4. ARP Spoofing

Answer(s): B,D

Explanation:

In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table.The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. These frames contain false MAC addresses, confusing network devices, such as network switches. As a result frames intended for one machine can be mistakenly sent to another (allowing the packets to be sniffed) or an unreachable host (a denial of service attack).






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts