CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 38)

Page 37 of 191
PDF with 878 Questions

Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.

  1. Linux passwords can be encrypted with MD5
  2. Linux passwords can be encrypted with SHA
  3. Linux passwords can be encrypted with DES
  4. Linux passwords can be encrypted with Blowfish
  5. Linux passwords are encrypted with asymmetric algrothims

Answer(s): A,C,D

Explanation:

Linux passwords are enrcypted using MD5, DES, and the NEW addition Blowfish. The default on most linux systems is dependant on the distribution, RedHat uses MD5, while slackware uses DES. The blowfish option is there for those who wish to use it. The encryption algorithm in use can be determined by authconfig on RedHat-based systems, or by reviewing one of two locations, on PAM-based systems (Pluggable Authentication Module) it can be found in /etc/pam.d/, the system-auth file or authconfig files. In other systems it can be found in /etc/security/ directory.



Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?

  1. Overloading Port Address Translation
  2. Dynamic Port Address Translation
  3. Dynamic Network Address Translation
  4. Static Network Address Translation

Answer(s): D

Explanation:

Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.



In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.
If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

  1. Full Blown
  2. Thorough
  3. Hybrid
  4. BruteDics

Answer(s): C

Explanation:

A combination of Brute force and Dictionary attack is called a Hybrid attack or Hybrid dictionary attack.



You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state.
What should be the next logical step that should be performed?

  1. Connect to open ports to discover applications.
  2. Perform a ping sweep to identify any additional systems that might be up.
  3. Perform a SYN scan on port 21 to identify any additional systems that might be up.
  4. Rescan every computer to verify the results.

Answer(s): C

Explanation:

As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts