Free EC0-350 Exam Braindumps (page: 29)

Page 28 of 191

Which is the right sequence of packets sent during the initial TCP three way handshake?

  1. FIN, FIN-ACK, ACK
  2. SYN, URG, ACK
  3. SYN, ACK, SYN-ACK
  4. SYN, SYN-ACK, ACK

Answer(s): D

Explanation:

A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.



Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co. Jack tells Jane that there has been a problem with some accounts and asks her to tell him her password 'just to double check our records'. Jane believes that Jack is really an administrator, and tells him her password. Jack now has a user name and password, and can access Brown Co.'s computers, to find the cookie recipe. This is an example of what kind of attack?

  1. Reverse Psychology
  2. Social Engineering
  3. Reverse Engineering
  4. Spoofing Identity
  5. Faking Identity

Answer(s): B

Explanation:

This is a typical case of pretexting. Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is usually done over the telephone.



Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three)

  1. Internet Printing Protocol (IPP) buffer overflow
  2. Code Red Worm
  3. Indexing services ISAPI extension buffer overflow
  4. NeXT buffer overflow

Answer(s): A,B,C

Explanation:

Both the buffer overflow in the Internet Printing Protocol and the ISAPI extension buffer overflow is explained in Microsoft Security Bulletin MS01-023. The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server.



Jim is having no luck performing a penetration test in company’s network. He is running the tests from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Jim is unable to get any useful results.
Why is Jim having these problems?

  1. Security scanners are not designed to do testing through a firewall.
  2. Security scanners cannot perform vulnerability linkage.
  3. Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
  4. All of the above.

Answer(s): D

Explanation:

The Security scanners available online are often to “outdated” to perform a live pentest against a victim.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts