EC0-350の無料問題集（878題）、EC0-350認定試験参考書

EC-COUNCIL EC0-350 問題集

試験コード：EC0-350

試験名称：Ethical hacking and countermeasures

最近更新時間：2024-12-16

問題と解答：全878問

EC0-350 無料でデモをダウンロード：

PDF版 Demo ソフト版 Demo オンライン版 Demo

無料問題集EC0-350 資格取得

質問 1：
Lauren is performing a network audit for her entire company. The entire network is comprised of around 500 computers. Lauren starts an ICMP ping sweep by sending one IP packet to the broadcast address of the network, but only receives responses from around five hosts. Why did this ping sweep only produce a few responses?
A. Only Windows systems will reply to this scan.
B. Only Linux and Unix-like (Non-Windows) systems will reply to this scan.
C. A switched network will not respond to packets sent to the broadcast address.
D. Only servers will reply to this scan.
正解：B

質問 2：
Which of the following is optimized for confidential communications, such as bidirectional voice and video?
A. RC5
B. RC4
C. MD5
D. MD4
正解：B

質問 3：
You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:
A. Sending a mail message to a valid address on the target network, and examining the header information generated by the IMAP servers
B. Examining the SMTP header information generated by using the -mx command parameter of DIG
C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address
D. Sending a mail message to an invalid address on the target network, and examining the header information generated by the POP servers
正解：C

質問 4：
You have just received an assignment for an assessment at a company site. Company's management is concerned about external threat and wants to take appropriate steps to insure security is in place. Anyway the management is also worried about possible threats coming from inside the site, specifically from employees belonging to different Departments. What kind of assessment will you be performing ?
A. White box testing
B. Gray hat testing
C. White hat testing
Internal Testing is also referred to as Gray-box testing.
D. Black hat testing
E. Gray box testing
F. Black box testing
正解：E

質問 5：
John is the network administrator of XSECURITY systems. His network was recently compromised. He analyzes the log files to investigate the attack. Take a look at the following Linux log file snippet. The hacker compromised and "owned" a Linux machine. What is the hacker trying to accomplish here?

A. The hacker is running a buffer overflow exploit to lock down the system
B. The hacker is planting a rootkit
C. The hacker is trying to cover his tracks
D. The hacker is attempting to compromise more machines on the network
正解：C

質問 6：
How would you prevent session hijacking attacks?
A. Using non-Internet protocols like http secures sessions against hijacking
B. Using hardware-based authentication secures sessions against hijacking
C. Using unpredictable sequence numbers secures sessions against hijacking
D. Using biometrics access tokens secures sessions against hijacking
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 7：
Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
A. CRLF injection
B. SQL injection
C. Cross-site scripting
D. Missing patches
正解：D

質問 8：
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?
A. Locate type=ns
B. Set type=ns
C. Request type=ns
D. Transfer type=ns
正解：B

質問 9：
Jane has just accessed her preferred e-commerce web site and she has seen an item she would like to buy. Jane considers the price a bit too steep; she looks at the page source code and decides to save the page locally to modify some of the page variables. In the context of web application security, what do you think Jane has changed?
A. An integer variable
B. A page cannot be changed locally; it can only be served by a web server
C. A 'hidden' form field value
D. A 'hidden' price value
正解：C
解説: (Topexam メンバーにのみ表示されます)

TopExamは君にEC0-350の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。

安全的な支払方式を利用しています

Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のEC0-350問題集は全部Credit Cardで支払われることができます。

領収書について：社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。

弊社のEC-COUNCIL EC0-350を利用すれば試験に合格できます

弊社のEC-COUNCIL EC0-350は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はEC0-350問題集の質問と答えが間違いないのを保証いたします。

この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100％の合格率を保証します。我々の高質量のEC-COUNCIL EC0-350を利用すれば、君は一回で試験に合格できます。

弊社は無料EC-COUNCIL EC0-350サンプルを提供します

お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料EC0-350サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのEC0-350問題集は自分に適するかどうか判断して購入を決めることができます。

EC0-350試験ツール：あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。

一年間の無料更新サービスを提供します

君が弊社のEC-COUNCIL EC0-350をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたEC-COUNCIL EC0-350をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のEC-COUNCIL EC0-350を持っていることを保証します。

弊社は失敗したら全額で返金することを承諾します

我々は弊社のEC0-350問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のEC-COUNCIL EC0-350を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。

EC-COUNCIL Ethical hacking and countermeasures 認定 EC0-350 試験問題:

1. An Attacker creates a zuckerjournals.com website by copying and mirroring HACKERJOURNALS.COM site to spread the news that Hollywood actor Jason Jenkins died in a car accident. The attacker then submits his fake site for indexing in major search engines. When users search for "Jason Jenkins", attacker's fake site shows up and dupes victims by the fake news.

This is another great example that some people do not know what URL's are. Real website:
Fake website: http://www.zuckerjournals.com

The website is clearly not WWW.HACKERJOURNALS.COM. It is obvious for many, but unfortunately some people still do not know what an URL is. It's the address that you enter into the address bar at the top your browser and this is clearly not legit site, its www.zuckerjournals.com How would you verify if a website is authentic or not?

A) Visit the site using secure HTTPS protocol and check the SSL certificate for authenticity
B) Navigate to the site by visiting various blogs and forums for authentic links
C) Enable Cache on your browser and lookout for error message warning on the screen
D) Visit the site by clicking on a link from Google search engine

2. You wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization.
While some of the methods listed below work, which holds the least risk of detection?

A) Telnet to the web server and issue commands to illicit a response.
B) Use the netcraft web site look for the target organization's web site.
C) Make some phone calls and attempt to retrieve the information using social engineering.
D) Use nmap in paranoid mode and scan the web server.

3. What type of attack is shown in the following diagram?

A) SSL Spoofing Attack
B) Man-in-the-Middle (MiTM) Attack
C) Session Hijacking Attack
D) Identity Stealing Attack

4. While attempting to discover the remote operating system on the target computer, you receive the following results from an nmap scan:

Remote operating system guess: Too many signatures match to reliably guess the OS.
Nmap run completed -- 1 IP address (1 host up) scanned in 277.483 seconds What should be your next step to identify the OS?

A) Connect to the active services and review the banner information
B) Perform a tcp traceroute to the system using port 53
C) Run an nmap scan with the -v-v option to give a better output
D) Perform a firewalk with that system as the target IP

5. Hayden is the network security administrator for her company, a large finance firm based in Miami. Hayden just returned from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. Hayden is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of IPs responds with a SYN/ACK response. Before the connection is established she sends RST packets to those hosts to stop the session. She does this to see how her intrusion detection system will log the traffic. What type of scan is Hayden attempting here?

A) The type of scan, she is using is called a NULL scan
B) She is utilizing a SYN scan to find live hosts that are listening on her network
C) Hayden is attempting to find live hosts on her company's network by using an XMAS scan
D) Hayden is using a half-open scan to find live hosts on her network

質問と回答：

質問 # 1
正解： D

質問 # 2
正解： B

質問 # 3
正解： B

質問 # 4
正解： A

質問 # 5
正解： D