CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 40)

Page 39 of 191
PDF with 878 Questions

What does black box testing mean?

  1. You have full knowledge of the environment
  2. You have no knowledge of the environment
  3. You have partial knowledge of the environment

Answer(s): B

Explanation:

Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive.



You are gathering competitive intelligence on ABC.com. You notice that they have jobs listed on a few Internet job-hunting sites. There are two job postings for network and system administrators. How can this help you in footprint the organization?

  1. The IP range used by the target network
  2. An understanding of the number of employees in the company
  3. How strong the corporate security policy is
  4. The types of operating systems and applications being used.

Answer(s): D

Explanation:

From job posting descriptions one can see which is the set of skills, technical knowledge, system experience required, hence it is possible to argue what kind of operating systems and applications the target organization is using.



You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming.
Which command would you execute to extract the Trojan to a standalone file?

  1. c:\> type readme.txt:virus.exe > virus.exe
  2. c:\> more readme.txt | virus.exe > virus.exe
  3. c:\> cat readme.txt:virus.exe > virus.exe
  4. c:\> list redme.txt$virus.exe > virus.exe

Answer(s): C

Explanation:

cat will concatenate, or write, the alternate data stream to its own file named virus.exe



What happens during a SYN flood attack?

  1. TCP connection requests floods a target machine is flooded with randomized source address & ports for the TCP ports.
  2. A TCP SYN packet, which is a connection initiation, is sent to a target machine, giving the target host’s address as both source and destination, and is using the same port on the target host as both source and destination.
  3. A TCP packet is received with the FIN bit set but with no ACK bit set in the flags field.
  4. A TCP packet is received with both the SYN and the FIN bits set in the flags field.

Answer(s): A

Explanation:

To a server that requires an exchange of a sequence of messages. The client system begins by sending a SYN message to the server. The server then acknowledges the SYN message by sending a SYN-ACK message to the client. The client then finishes establishing the connection by responding with an ACK message and then data can be exchanged. At the point where the server system has sent an acknowledgment (SYN-ACK) back to client but has not yet received the ACK message, there is a half-open connection. A data structure describing all pending connections is in memory of the server that can be made to overflow by intentionally creating too many partially open connections. Another common attack is the SYN flood, in which a target machine is flooded with TCP connection requests. The source addresses and source TCP ports of the connection request packets are randomized; the purpose is to force the target host to maintain state information for many connections that will never be completed. SYN flood attacks are usually noticed because the target host (frequently an HTTP or SMTP server) becomes extremely slow, crashes, or hangs. It's also possible for the traffic returned from the target host to cause trouble on routers; because this return traffic goes to the randomized source addresses of the original packets, it lacks the locality properties of "real" IP traffic, and may overflow route caches. On Cisco routers, this problem often manifests itself in the router running out of memory.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts