Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

EC-Council EC0-350 Exam Questions
Ethical Hacking and Countermeasures (Page 3 )

Updated On: 15-Feb-2026
Page 3 of 153
PDF with 878 Questions

Virus Scrubbers and other malware detection program can only detect items that they are aware of. Which of the following tools would allow you to detect unauthorized changes or modifications of binary files on your system by unknown malware?

  1. System integrity verification tools
  2. Anti-Virus Software
  3. A properly configured gateway
  4. There is no way of finding out until a new updated signature file is released

Answer(s): A

Explanation:

Programs like Tripwire aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.



Sandra is conducting a penetration test for ABC.com. She knows that ABC.com is using wireless networking for some of the offices in the building right down the street. Through social engineering she discovers that they are using 802.11g. Sandra knows that 802.11g uses the same 2.4GHz frequency range as 802.11b. Using NetStumbler and her 802.11b wireless NIC, Sandra drives over to the building to map the wireless networks. However, even though she repositions herself around the building several times, Sandra is not able to detect a single AP.
What do you think is the reason behind this?

  1. Netstumbler does not work against 802.11g.
  2. You can only pick up 802.11g signals with 802.11a wireless cards.
  3. The access points probably have WEP enabled so they cannot be detected.
  4. The access points probably have disabled broadcasting of the SSID so they cannot be detected.
  5. 802.11g uses OFDM while 802.11b uses DSSS so despite the same frequency and 802.11b card cannot see an 802.11g signal.
  6. Sandra must be doing something wrong, as there is no reason for her to not see the signals.

Answer(s): D

Explanation:

Netstumbler can not detect networks that do not respond to broadcast requests.



Joseph has just been hired on to a contractor company of the Department of Defense as their senior Security Analyst. Joseph has been instructed on the Company’s strict security policies that have been implemented and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph’s supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number.
Joseph’s company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication?

  1. Security token
  2. Biometric device
  3. OTP
  4. Proximity cards

Answer(s): A

Explanation:

A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in.



Exhibit

Study the log given in the exhibit,
Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

  1. Disallow UDP 53 in from outside to DNS server
  2. Allow UDP 53 in from DNS server to outside
  3. Disallow TCP 53 in from secondaries or ISP server to DNS server
  4. Block all UDP traffic

Answer(s): C

Explanation:

According to the exhibit, the question is regarding the DNS Zone Transfer. Since Zone Transfers are done with TCP port 53, you should not allow this connect external to you organization.



Windump is the windows port of the famous TCPDump packet sniffer available on a variety of platforms. In order to use this tool on the Windows platform you must install a packet capture library.
What is the name of this library?

  1. NTPCAP
  2. LibPCAP
  3. WinPCAP
  4. PCAP

Answer(s): C

Explanation:

WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.






Post your Comments and Discuss EC-Council EC0-350 exam dumps with other Community members:

Join the EC0-350 Discussion