CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 34)

Page 33 of 191
PDF with 878 Questions

A Company security System Administrator is reviewing the network system log files. He notes the following:
- Network log files are at 5 MB at 12:00 noon.
- At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?

  1. He should contact the attacker’s ISP as soon as possible and have the connection disconnected.
  2. He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.
  3. He should log the file size, and archive the information, because the router crashed.
  4. He should run a file system check, because the Syslog server has a self correcting file system problem.
  5. He should disconnect from the Internet discontinue any further unauthorized use, because an attack has taken place.

Answer(s): B

Explanation:

You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy.



What is Hunt used for?

  1. Hunt is used to footprint networks
  2. Hunt is used to sniff traffic
  3. Hunt is used to hack web servers
  4. Hunt is used to intercept traffic i.e. man-in-the-middle traffic
  5. Hunt is used for password cracking

Answer(s): D

Explanation:

Hunt can be used to intercept traffic. It is useful with telnet, ftp, and others to grab traffic between two computers or to hijack sessions.



Usernames, passwords, e-mail addresses, and the location of CGI scripts may be obtained from which of the following information sources?

  1. Company web site
  2. Search engines
  3. EDGAR Database query
  4. Whois query

Answer(s): A

Explanation:

Whois query would not enable us to find the CGI scripts whereas in the actual website, some of them will have scripts written to make the website more user friendly. The EDGAR database would in fact give us a lot of the information requested but not the location of CGI scripts, as would a simple search engine on the Internet if you have the time needed.



On a default installation of Microsoft IIS web server, under which privilege does the web server software execute?

  1. Everyone
  2. Guest
  3. System
  4. Administrator

Answer(s): C

Explanation:

If not changed during the installation, IIS will execute as Local System with way to high privileges.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts