Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

EC-Council EC0-350 Exam Questions
Ethical Hacking and Countermeasures (Page 27 )

Updated On: 17-Feb-2026
Page 27 of 153
PDF with 878 Questions

You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption.
What encryption algorithm will you be decrypting?

  1. MD4
  2. DES
  3. SHA
  4. SSL

Answer(s): B

Explanation:

The LM hash is computed as follows.
1. The user’s password as an OEM string is converted to uppercase.
2. This password is either null-padded or truncated to 14 bytes.
3. The “fixed-length” password is split into two 7-byte halves.
4. These values are used to create two DES keys, one from each 7-byte half.
5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.
6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.



Which of the following would be the best reason for sending a single SMTP message to an address that does not exist within the target company?

  1. To create a denial of service attack.
  2. To verify information about the mail administrator and his address.
  3. To gather information about internal hosts used in email treatment.
  4. To gather information about procedures that are in place to deal with such messages.

Answer(s): C

Explanation:

The replay from the email server that states that there is no such recipient will also give you some information about the name of the email server, versions used and so on.



What are the two basic types of attacks?(Choose two.

  1. DoS
  2. Passive
  3. Sniffing
  4. Active
  5. Cracking

Answer(s): B,D

Explanation:

Passive and active attacks are the two basic types of attacks.



A Company security System Administrator is reviewing the network system log files. He notes the following:
- Network log files are at 5 MB at 12:00 noon.
- At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?

  1. He should contact the attacker’s ISP as soon as possible and have the connection disconnected.
  2. He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.
  3. He should log the file size, and archive the information, because the router crashed.
  4. He should run a file system check, because the Syslog server has a self correcting file system problem.
  5. He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Answer(s): B

Explanation:

You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy.



What is Hunt used for?

  1. Hunt is used to footprint networks
  2. Hunt is used to sniff traffic
  3. Hunt is used to hack web servers
  4. Hunt is used to intercept traffic i.e. man-in-the-middle traffic
  5. Hunt is used for password cracking

Answer(s): D

Explanation:

Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions.






Post your Comments and Discuss EC-Council EC0-350 exam dumps with other Community members:

Join the EC0-350 Discussion