CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 72)

Page 71 of 191
PDF with 878 Questions

Which type of hacker represents the highest risk to your network?

  1. script kiddies
  2. grey hat hackers
  3. black hat hackers
  4. disgruntled employees

Answer(s): D

Explanation:

The disgruntled users have some permission on your database, versus a hacker who might not get into the database. Global Crossings is a good example of how a disgruntled employee -- who took the internal payroll database home on a hard drive -- caused big problems for the telecommunications company. The employee posted the names, Social Security numbers and birthdates of company employees on his Web site. He may have been one of the factors that helped put them out of business.



Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.
Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;
After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;
What attack is being depicted here?

  1. Cookie Stealing
  2. Session Hijacking
  3. Cross Site Scripting
  4. Parameter Manipulation

Answer(s): D

Explanation:

Cookies are the preferred method to maintain state in the stateless HTTP protocol. They are however also used as a convenient mechanism to store user preferences and other data including session tokens. Both persistent and non-persistent cookies, secure or insecure can be modified by the client and sent to the server with URL requests. Therefore any malicious user can modify cookie content to his advantage. There is a popular misconception that non-persistent cookies cannot be modified but this is not true; tools like Winhex are freely available. SSL also only protects the cookie in transit.



What is Form Scalpel used for?

  1. Dissecting HTML Forms
  2. Dissecting SQL Forms
  3. Analysis of Access Database Forms
  4. Troubleshooting Netscape Navigator
  5. Quatro Pro Analysis Tool

Answer(s): A

Explanation:

Form Scalpel automatically extracts forms from a given web page and splits up all fields for editing and manipulation.



How does a denial-of-service attack work?

  1. A hacker tries to decipher a password by using a system, which subsequently crashes the network
  2. A hacker attempts to imitate a legitimate user by confusing a computer or even another person
  3. A hacker prevents a legitimate user (or group of users) from accessing a service
  4. A hacker uses every character, word, or letter he or she can think of to defeat authentication

Answer(s): C

Explanation:

In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by the Internet Architecture Board (IAB).






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Exam Discussions & Posts