CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-350

Free EC0-350 Exam Braindumps (page: 86)

Page 85 of 191
PDF with 878 Questions

The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful. From the options given below choose the one best interprets the following entry:
Apr 26 06:43:05 [6282] IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)


Interpret the following entry:
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107.53

  1. An IDS evasion technique
  2. A buffer overflow attempt
  3. A DNS zone transfer
  4. Data being retrieved from 63.226.81.13.

Answer(s): B

Explanation:

The IDS log file is depicting numerous attacks, however, most of them are from different attackers, in reference to the attack in question, he is trying to mask his activity by trying to act legitimate, during his session on the honeypot, he changes users two times by using the "su" command, but never triess to attempt anything to severe.



On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner?

  1. Use "Is"
  2. Use "lsof"
  3. Use "echo"
  4. Use "netstat"

Answer(s): B

Explanation:

lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several UNIX flavors.



Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually in place to secure the company's network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company is lacking in. This report then becomes the basis for all of Charlie's remaining tests.
What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?

  1. Charlie has performed a BREACH analysis; showing the company where its weak points are
  2. This analysis would be considered a vulnerability analysis
  3. This type of analysis is called GAP analysis
  4. This initial analysis performed by Charlie is called an Executive Summary

Answer(s): C

Explanation:

In business and economics, gap analysis is a tool that helps a company to compare its actual performance with its potential performance.
At its core are two questions: "Where are we?" and "Where do we want to be?". http://en.wikipedia.org/wiki/Gap_analysis



Which of the following statements about a zone transfer correct?(Choose three.

  1. A zone transfer is accomplished with the DNS
  2. A zone transfer is accomplished with the nslookup service
  3. A zone transfer passes all zone information that a DNS server maintains
  4. A zone transfer passes all zone information that a nslookup server maintains
  5. A zone transfer can be prevented by blocking all inbound TCP port 53 connections
  6. Zone transfers cannot occur on the Internet

Answer(s): A,C,E

Explanation:

Securing DNS servers should be a priority of the organization. Hackers obtaining DNS information can discover a wealth of information about an organization. This information can be used to further exploit the network.






Post your Comments and Discuss EC-Council EC0-350 exam with other Community members:

EC0-350 Exam Discussions & Posts