ECCouncil EC1-350 Dumps
Exam: Ethical Hacking and Countermeasures V7
ECCouncil EC1-350 Exam Tutorial
Question No : 1 - Topic 1
You are the Security Administrator of Xtrinity, Inc. You write security policies and conduct
assessments to protect the company's network. During one of your periodic checks to see
how well policy is being observed by the employees, you discover an employee has
attached cell phone 3G modem to his telephone line and workstation. He has used this cell
phone 3G modem to dial in to his workstation, thereby bypassing your firewall. A security
breach has occurred as a direct result of this activity. The employee explains that he used
the modem because he had to download software for a department project. How would you
resolve this situation?
A. Reconfigure the firewall
B. Enforce the corporate security policy
C. Install a network-based IDS
D. Conduct a needs analysis
Question No : 2 - Topic 1
Syslog is a standard for logging program messages. It allows separation of the software
that generates messages from the system that stores them and the software that reports
and analyzes them. It also provides devices, which would otherwise be unable to
communicate a means to notify administrators of problems or performance.
What default port Syslog daemon listens on?
Question No : 3 - Topic 1
Bret is a web application administrator and has just read that there are a number of
surprisingly common web application vulnerabilities that can be exploited by
unsophisticated attackers with easily available tools on the Internet. He has also read that
when an organization deploys a web application, they invite the world to send HTTP
requests. Attacks buried in these requests sail past firewalls, filters, platform hardening,
SSL, and IDS without notice because they are inside legal HTTP requests. Bret is
determined to weed out vulnerabilities.
What are some of the common vulnerabilities in web applications that he should be
A. Non-validated parameters, broken access control, broken account and session management, cross-site scripting and buffer overflows are just a few common vulnerabilities
B. Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities
C. No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities
D. No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities
Question No : 4 - Topic 1
Jason works in the sales and marketing department for a very large advertising agency
located in Atlanta. Jason is working on a very important marketing campaign for his
company's largest client. Before the project could be completed and implemented, a
competing advertising company comes out with the exact same marketing materials and
advertising, thus rendering all the work done for Jason's client unusable. Jason is
questioned about this and says he has no idea how all the material ended up in the hands
of a competitor.
Without any proof, Jason's company cannot do anything except move on. After working on
another high profile client for about a month, all the marketing and sales material again
ends up in the hands of another competitor and is released to the public before Jason's
company can finish the project. Once again, Jason says that he had nothing to do with it
and does not know how this could have happened. Jason is given leave with pay until they
can figure out what is going on.
Jason's supervisor decides to go through his email and finds a number of emails that were
sent to the competitors that ended up with the marketing material. The only items in the
emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files,
but cannot find anything out of the ordinary with them.
What technique has Jason most likely used?
A. Stealth Rootkit Technique
B. ADS Streams Technique
C. Snow Hiding Technique
D. Image Steganography Technique
Question No : 5 - Topic 1
Stephanie works as senior security analyst for a manufacturing company in Detroit.
Stephanie manages network security throughout the organization. Her colleague Jason told
her in confidence that he was able to see confidential corporate information posted on the
external website http://www.jeansclothesman.com. He tries random URLs on the
company's website and finds confidential information leaked over the web. Jason says this
happened about a month ago. Stephanie visits the said URLs, but she finds nothing. She is
very concerned about this, since someone should be held accountable if there was
sensitive information posted on the website.
Where can Stephanie go to see past versions and pages of a website?
A. She should go to the web page Samspade.org to see web pages that might no longer be on the website
B. If Stephanie navigates to Search.com; she will see old versions of the company website
C. Stephanie can go to Archive.org to see past versions of the company website
D. AddressPast.com would have any web pages that are no longer hosted on the company's website
Question No : 6 - Topic 1
An attacker has successfully compromised a remote computer. Which of the following
comes as one of the last steps that should be taken to ensure that the compromise cannot
be traced back to the source of the problem?
A. Install patches
B. Setup a backdoor
C. Install a zombie for DDOS
D. Cover your tracks
Question No : 7 - Topic 1
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation
routines to create or alter SQL commands to gain access to private data or execute
commands in the database. What technique does Jimmy use to compromise a database?
A. Jimmy can submit user input that executes an operating system command to compromise a target system
B. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users from gaining access
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of the database
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target system
Question No : 8 - Topic 1
You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from
services running on ports 21, 110 and 123.
Here is the output of your scan results:
Which of the following nmap command did you run?
A. nmap -A -sV -p21,110,123 10.0.0.5
B. nmap -F -sV -p21,110,123 10.0.0.5
C. nmap -O -sV -p21,110,123 10.0.0.5
D. nmap -T -sV -p21,110,123 10.0.0.5
Question No : 9 - Topic 1
Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double
fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an
administrator from Brown Co. Jack tells Jane that there has been a problem with some
accounts and asks her to verify her password with him ''just to double check our records.''
Jane does not suspect anything amiss, and parts with her password. Jack can now access
Brown Co.'s computers with a valid user name and password, to steal the cookie recipe.
What kind of attack is being illustrated here?
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity
Question No : 10 - Topic 1
Attackers footprint target Websites using Google Hacking techniques. Google hacking is a
term that refers to the art of creating complex search engine queries. It detects websites
that are vulnerable to numerous exploits and vulnerabilities. Google operators are used to
locate specific strings of text within the search results.
The configuration file contains both a username and a password for an SQL database.
Most sites with forums run a PHP message base. This file gives you the keys to that forum,
including FULL ADMIN access to the database. WordPress uses config.php that stores the
database Username and Password.
Which of the below Google search string brings up sites with "config.php" files?
A. Search:index config/php
B. Wordpress:index config.php
C. intitle:index.of config.php
D. Config.php:index list
Question No : 11 - Topic 1
XSS attacks occur on Web pages that do not perform appropriate bounds checking on data
entered by users. Characters like < > that mark the beginning/end of a tag should be
converted into HTML entities.
What is the correct code when converted to html entities?
A. Option A
B. Option B
C. Option C
D. Option D
Question No : 12 - Topic 1
How many bits encryption does SHA-1 use?
A. 64 bits
B. 128 bits
C. 256 bits
D. 160 bits
Question No : 13 - Topic 1
Most cases of insider abuse can be traced to individuals who are introverted, incapable of
dealing with stress or conflict, and frustrated with their job, office politics, and lack of
respect or promotion. Disgruntled employees may pass company secrets and intellectual
property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee:
a. Frequently leaves work early, arrive late or call in sick
b. Spends time surfing the Internet or on the phone
c. Responds in a confrontational, angry, or overly aggressive way to simple requests or
d. Always negative; finds fault with everything
These disgruntled employees are the biggest threat to enterprise security. How do you deal
with these threats? (Select 2 answers)
A. Limit access to the applications they can run on their desktop computers and enforce strict work hour rules
B. By implementing Virtualization technology from the desktop to the data centre, organizations can isolate different environments with varying levels of access and security to various employees
C. Organizations must ensure that their corporate data is centrally managed and delivered to users just and when needed
D. Limit Internet access, e-mail communications, access to social networking sites and job hunting portals
Question No : 14 - Topic 1
Consider the following code:
If an attacker can trick a victim user to click a link like this, and the Web application does
not validate input, then the victim's browser will pop up an alert showing the users current
set of cookies. An attacker can do much more damage, including stealing passwords,
resetting your home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?
A. Create an IP access list and restrict connections based on port number
B. Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts
D. Connect to the server using HTTPS protocol instead of HTTP
Question No : 15 - Topic 1
Web servers often contain directories that do not need to be indexed. You create a text file
with search engine indexing restrictions and place it on the root directory of the Web
What is the name of this file?
Question No : 16 - Topic 1
What type of Trojan is this?
A. RAT Trojan
B. E-Mail Trojan
C. Defacement Trojan
D. Destructing Trojan
E. Denial of Service Trojan
Question No : 17 - Topic 1
Anonymizer sites access the Internet on your behalf, protecting your personal information
from disclosure. An anonymizer protects all of your computer's identifying information while
it surfs for you, enabling you to remain at least one step removed from the sites you visit.
You can visit Web sites without allowing anyone to gather information on sites visited by
you. Services that provide anonymity disable pop-up windows and cookies, and conceal
visitor's IP address.
These services typically use a proxy server to process each HTTP request. When the user
requests a Web page by clicking a hyperlink or typing a URL into their browser, the service
retrieves and displays the information using its own server. The remote server (where the
requested Web page resides) receives information on the anonymous Web surfing service
in place of your information.
In which situations would you want to use anonymizer? (Select 3 answers)
A. Increase your Web browsing bandwidth speed by using Anonymizer
B. To protect your privacy and Identity on the Internet
C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.
D. Post negative entries in blogs without revealing your IP identity
Question No : 18 - Topic 1
SNMP is a connectionless protocol that uses UDP instead of TCP packets (True or False)
Question No : 19 - Topic 1
Shayla is an IT security consultant, specializing in social engineering and external
penetration tests. Shayla has been hired on by Treks Avionics, a subcontractor for the
Department of Defense. Shayla has been given authority to perform any and all tests
necessary to audit the company's network security.
No employees for the company, other than the IT director, know about Shayla's work she
will be doing. Shayla's first step is to obtain a list of employees through company website
contact pages. Then she befriends a female employee of the company through an online
chat website. After meeting with the female employee numerous times, Shayla is able to
gain her trust and they become friends. One day, Shayla steals the employee's access
badge and uses it to gain unauthorized access to the Treks Avionics offices.
What type of insider threat would Shayla be considered?
A. She would be considered an Insider Affiliate
B. Because she does not have any legal access herself, Shayla would be considered an Outside Affiliate
C. Shayla is an Insider Associate since she has befriended an actual employee
D. Since Shayla obtained access with a legitimate company badge; she would be considered a Pure Insider
Question No : 20 - Topic 1
What does FIN in TCP flag define?
A. Used to abort a TCP connection abruptly
B. Used to close a TCP connection
C. Used to acknowledge receipt of a previous packet or transmission
D. Used to indicate the beginning of a TCP connection