Ethical hacking and countermeasures - EC0-350 Exam Practice Test

Question 1

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

A. Cavity virus

B. Stealth virus

C. Tunneling virus

D. Polymorphic virus

Correct Answer: B

Question 2

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

A. NMAP

B. BeEF

C. Nessus

D. Metasploit

Correct Answer: C

Question 3

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)

A. Intrusion Detection System (IDS)

B. 802.1q Port Based Authentication

C. Network Admission Control (NAC)

D. 802.1x Port Based Authentication

E. IPSec Encryption

F. Port Security

Correct Answer: C,D,F

Question 4

Data hiding analysis can be useful in

A. determining the level of encryption used to encrypt the data.

B. identifying the amount of central processing unit (cpu) usage over time to process the data.

C. preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.

D. detecting and recovering data that may indicate knowledge, ownership or intent.

Correct Answer: D

Question 5

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

A. Analysis of interrupts within the software

B. Secure coding principles

C. Systems security and architecture review

D. Proper testing

Correct Answer: A

Question 6

Study the following exploit code taken from a Linux machine and answer the questions below:
echo "ingreslock stream tcp nowait root /bin/sh sh -I" > /tmp/x;
/usr/sbin/inetd -s /tmp/x;
sleep 10;
/bin/ rm -f /tmp/x AAAA...AAA
In the above exploit code, the command "/bin/sh sh -I" is given.
What is the purpose, and why is 'sh' shown twice?

A. The length of such a buffer overflow exploit makes it prohibitive for user to enter manually.
The second 'sh' automates this function.

B. It is a giveaway by the attacker that he is a script kiddy.

C. The command /bin/sh sh -i appearing in the exploit code is actually part of an inetd configuration file.

D. It checks for the presence of a codeword (setting the environment variable) among the environment variables.

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 7

This is an example of whois record.

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

A. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record

B. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

C. IRS Agents will use this information to track individuals using the WHOIS record information

D. Search engines like Google, Bing will expose information listed on the WHOIS record

Correct Answer: A,B

Question 8

Melissa is a virus that attacks Microsoft Windows platforms.
To which category does this virus belong?

A. Boot Sector infector

B. Polymorphic

C. Macro

D. System

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 9

Which of the following is NOT a valid NetWare access level?

A. Administrator

B. Not Logged in

C. Console Access

D. Logged in

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 10

Perimeter testing means determining exactly what your firewall blocks and what it allows. To conduct a good test, you can spoof source IP addresses and source ports. Which of the following command results in packets that will appear to originate from the system at 10.8.8.8? Such a packet is useful for determining whether the firewall is allowing random packets in or out of your network.

A. hping3 -T 10.8.8.8 -S netbios -c 2 -p 80

B. hping3 -O 10.8.8.8 -S server -c 2 -p 80

C. hping3 -a 10.8.8.8 -S springfield -c 2 -p 80

D. hping3 -Y 10.8.8.8 -S windows -c 2 -p 80

Correct Answer: C

Question 11

At a Windows Server command prompt, which command could be used to list the running services?

A. Sc query \\servername

B. Sc query

C. Sc config

D. Sc query type= running

Correct Answer: B

Question 12

You just purchased the latest DELL computer, which comes pre-installed with Windows 7, McAfee antivirus software and a host of other applications. You want to connect Ethernet wire to your cable modem and start using the computer immediately. Windows is dangerously insecure when unpacked from the box, and there are a few things that you must do before you use it.

A. Create a non-admin user with a complex password and logon to this account

B. Install the latest signatures for Antivirus software

C. Key applications such as Adobe Acrobat, Macromedia Flash, Java, Winzip etc., must have the latest security patches installed

D. Configure "Windows Update" to automatic

E. You can start using your computer as vendors such as DELL, HP and IBM would have already installed the latest service packs.

F. New installation of Windows should be patched by installing the latest service packs and hotfixes

G. Install a personal firewall and lock down unused ports from connecting to your computer

Correct Answer: A,B,D,F,G

Question 13

More sophisticated IDSs look for common shellcode signatures. But even these systems can be bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?

A. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the shellcode, and then executing the decrypted shellcode

B. They compress shellcode into normal instructions, uncompress the shellcode using loader code and then executing the shellcode

C. They convert the shellcode into Unicode, using loader to convert back to machine code then executing them

D. They reverse the working instructions into opposite order by masking the IDS signatures

Correct Answer: A

Question 14

Web servers often contain directories that do not need to be indexed. You create a text file with search engine indexing restrictions and place it on the root directory of the Web Server.
User-agent: *
Disallow: /images/
Disallow: /banners/
Disallow: /Forms/
Disallow: /Dictionary/
Disallow: /_borders/
Disallow: /_fpclass/
Disallow: /_overlay/
Disallow: /_private/
Disallow: /_themes/
What is the name of this file?

A. search.txt

B. robots.txt

C. blocklist.txt

D. spf.txt

Correct Answer: B

EC-COUNCIL Ethical hacking and countermeasures - EC0-350 Exam Practice Test

Latest Update

Useful Links

Contact Us