CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 46)

Page 45 of 191
PDF with 878 Questions

Which tool/utility can help you extract the application layer data from each TCP connection from a log file into separate files?

  1. Snort
  2. argus
  3. TCPflow
  4. Tcpdump

Answer(s): C

Explanation:

Tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging. A program like 'tcpdump' shows a summary of packets seen on the wire, but usually doesn't store the data that's actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis.



StackGuard (as used by Immunix), ssp/ProPolice (as used by OpenBSD), and Microsoft's /GS option use _____ defense against buffer overflow attacks.

  1. Canary
  2. Hex editing
  3. Format checking
  4. Non-executing stack

Answer(s): A

Explanation:

Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, it will clobber the canary, making the overflow evident. This is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.



Jim was having no luck performing a penetration test on his company’s network. He was running the test from home and had downloaded every security scanner he could lay his hands on. Despite knowing the IP range of all of the systems and the exact network configuration, Jim was unable to get any useful results. Why is Jim having these problems?

  1. Security scanners can’t perform vulnerability linkage
  2. Security Scanners are not designed to do testing through a firewall
  3. Security Scanners are only as smart as their database and can’t find unpublished vulnerabilities
  4. All of the above

Answer(s): D

Explanation:

Security scanners are designed to find vulnerabilities but not to use them, also they will only find well known vulnerabilities that and no zero day exploits. Therefore you can’t use a security scanner for penetration testing but need a more powerful program.



Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?

  1. Any cookie can be replayed irrespective of the session status
  2. The scenario is invalid as a secure cookie cannot be replayed
  3. It works because encryption is performed at the network layer (layer 1 encryption)
  4. It works because encryption is performed at the application layer (single encryption key)

Answer(s): D






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Discussions & Posts