CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 84)

Page 83 of 191
PDF with 878 Questions

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

  1. There is no way to tell because a hash cannot be reversed
  2. The right most portion of the hash is always the same
  3. The hash always starts with AB923D
  4. The left most portion of the hash is always the same
  5. A portion of the hash will be all 0's

Answer(s): B

Explanation:

When looking at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long.



Which of these are phases of a reverse social engineering attack?
Select the best answers.

  1. Sabotage
  2. Assisting
  3. Deceiving
  4. Advertising
  5. Manipulating

Answer(s): A,B,D

Explanation:

According to "Methods of Hacking: Social
Engineering", by Rick Nelson, the three phases of reverse social engineering attacks are sabotage, advertising, and assisting.



When working with Windows systems, what is the RID of the true administrator account?

  1. 500
  2. 501
  3. 1000
  4. 1001
  5. 1024
  6. 512

Answer(s): A

Explanation:

Because of the way in which Windows functions, the true administrator account always has a RID of 500.



The GET method should never be used when sensitive data such as credit is being sent to a CGI program. This is because any GET command will appear in the URL and will be logged by any servers. For example, let’s say that you’ve entered your credit card information into a form that uses the GET method. The URL may appear like this:
https://www.xsecurity-bank.com/creditcard.asp?cardnumber=454543433532234
The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information.
How would you protect from this type of attack?

  1. Replace the GET with POST method when sending data
  2. Never include sensitive information in a script
  3. Use HTTOS SSLV3 to send the data instead of plain HTTPS
  4. Encrypt the data before you send using GET method

Answer(s): A

Explanation:

If the method is "get", the user agent takes the value of action, appends a ? to it, then appends the form data set, encoded using the application/x-www-form-urlencoded content type. The user agent then traverses the link to this URI. If the method is "post" --, the user agent conducts an HTTP post transaction using the value of the action attribute and a message created according to the content type specified by the enctype attribute.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Exam Discussions & Posts