EC-COUNCIL EC0-350 問題集

質問 1：
What is the problem with this ASP script (login.asp)?

A. The ASP script is vulnerable to XSS attack
B. The ASP script is vulnerable to SQL Injection attack
C. The ASP script is vulnerable to Cross Site Scripting attack
D. The ASP script is vulnerable to Session Splice attack
正解：B

質問 2：
BankerFox is a Trojan that is designed to steal users' banking data related to certain banking entities.
When they access any website of the affected banks through the vulnerable Firefox 3.5 browser, the Trojan is activated and logs the information entered by the user. All the information entered in that website will be logged by the Trojan and transmitted to the attacker's machine using covert channel.
BankerFox does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer.

What is the most efficient way an attacker located in remote location to infect this banking Trojan on a victim's machine?
A. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer
B. Physical access - the attacker can simply copy a Trojan horse to a victim's hard disk infecting the machine via Firefox add-on extensions
C. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer
D. Downloading software from a website? An attacker can offer free software, such as shareware programs and pirated mp3 files
E. Custom packaging - the attacker can create a custom Trojan horse that mimics the appearance of a program that is unique to that particular computer
正解：D

質問 3：
The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence numbers of transmitted packets from host B are lower than the packet segment containing the set FIN flag.
A. true
B. false
正解：A

質問 4：
Advanced encryption standard is an algorithm used for which of the following?
A. Bulk data encryption
B. Key recovery
C. Data integrity
D. Key discovery
正解：A

質問 5：
Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?
A. Derek can use a session replay on the packets captured
B. Derek can use KisMAC as it needs two USB devices to generate traffic
C. Use any ARP requests found in the capture
D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 6：
You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123.
Here is the output of your scan results:

Which of the following nmap command did you run?
A. nmap -T -sV -p21, 110, 123 10.0.0.5
B. nmap -F -sV -p21, 110, 123 10.0.0.5
C. nmap -O -sV -p21, 110, 123 10.0.0.5
D. nmap -A -sV -p21, 110, 123 10.0.0.5
正解：C

質問 7：
NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use?
A. 179
B. 445
C. 443
D. 139
正解：B

質問 8：
What does ICMP (type 11, code 0) denote?
A. Time Exceeded
B. Destination Unreachable
C. Unknown Type
D. Source Quench
正解：A

質問 9：
Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.
$ nc -l -p 1026 -u -v
In response, he sees the following message.
cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found 47 Critical Errors.
To fix the errors please do the following:
1. Download Registry Repair from: www.reg-patch.com
2. Install Registry Repair
3. Run Registry Repair
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
What would you infer from this alert?
A. The machine is redirecting traffic to www.reg-patch.com using adware
B. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities
C. An attacker has compromised the machine and backdoored ports 1026 and 1027
D. It is a genuine fault of windows registry and the registry needs to be backed up
正解：B
解説: (Topexam メンバーにのみ表示されます)