CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 81)

Page 80 of 191
PDF with 878 Questions

Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f%70%61%73%73%77%64
The request is made up of:
 %2e%2e%2f%2e%2e%2f%2e%2f% = ../../../
 %65%74%63 = etc
 %2f = /
 %70%61%73%73%77%64 = passwd
How would you protect information systems from these attacks?

  1. Configure Web Server to deny requests involving Unicode characters.
  2. Create rules in IDS to alert on strange Unicode requests.
  3. Use SSL authentication on Web Servers.
  4. Enable Active Scripts Detection at the firewall and routers.

Answer(s): B

Explanation:

This is a typical Unicode attack. By configuring your IDS to trigger on strange Unicode requests you can protect your web-server from this type of attacks.



Which definition below best describes a covert channel?

  1. Making use of a Protocol in a way it was not intended to be used
  2. It is the multiplexing taking place on communication link
  3. It is one of the weak channels used by WEP that makes it insecure
  4. A Server Program using a port that is not well known

Answer(s): A

Explanation:

A covert channel is a hidden communication channel not intended for information transfer at all. Redundancy can often be used to communicate in a covert way. There are several ways that hidden communication can be set up.



How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?

  1. Covert Channel
  2. Crafted Channel
  3. Bounce Channel
  4. Deceptive Channel

Answer(s): A

Explanation:

A covert channel is described as: "any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy." Essentially, it is a method of communication that is not part of an actual computer system design, but can be used to transfer information to users or system processes that normally would not be allowed access to the information.



A digital signature is simply a message that is encrypted with the public key instead of the private key.

  1. True
  2. False

Answer(s): B

Explanation:

Digital signatures enable the recipient of information to verify the authenticity of the information's origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. Instead of encrypting information using someone else's public key, you encrypt it with your private key. If the information can be decrypted with your public key, then it must have originated with you.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Exam Discussions & Posts