CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 60)

Page 59 of 191
PDF with 878 Questions

Exhibit: * Missing*
Jason's Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard "hexdump" representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server's port number by decoding the packet?

  1. Port 1890 (Net-Devil Trojan)
  2. Port 1786 (Net-Devil Trojan)
  3. Port 1909 (Net-Devil Trojan)
  4. Port 6667 (Net-Devil Trojan)

Answer(s): D

Explanation:

From trace, 0x1A0B is 6667, IRC Relay Chat, which is one port used. Other ports are in the 900's.



Clive has been monitoring his IDS and sees that there are a huge number of ICMP Echo Reply packets that are being received on the external gateway interface. Further inspection reveals that they are not responses from the internal hosts’ requests but simply responses coming from the Internet.
What could be the most likely cause?

  1. Someone has spoofed Clive’s IP address while doing a smurf attack.
  2. Someone has spoofed Clive’s IP address while doing a land attack.
  3. Someone has spoofed Clive’s IP address while doing a fraggle attack.
  4. Someone has spoofed Clive’s IP address while doing a DoS attack.

Answer(s): A

Explanation:

The smurf attack, named after its exploit program, is a denial-of-service attack that uses spoofed broadcast ping messages to flood a target system. In such an attack, a perpetrator sends a large amount of ICMP echo (ping) traffic to IP broadcast addresses, all of it having a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, hundreds of machines might reply to each packet.



When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this?

  1. macof
  2. webspy
  3. filesnarf
  4. nfscopy

Answer(s): C

Explanation:

Filesnarf - sniff files from NFS traffic
OPTIONS
-i interface
Specify the interface to listen on.
-v "Versus" mode. Invert the sense of matching, to
select non-matching files.
pattern
Specify regular expression for filename matching.
expression
Specify a tcpdump(8) filter expression to select
traffic to sniff.
SEE ALSO
Dsniff, nfsd



Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats but it does not secure the data from the specific threats but it does no secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it can’t mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

  1. Bob can explain that using a weak key management technique is a form of programming error
  2. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
  3. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
  4. Bob can explain that a random number generation can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error

Answer(s): C

Explanation:

In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Exam Discussions & Posts