EC-COUNCIL EC0-350, de formation et d'essai

Pass4Test est un fournisseur professionnel des documentations à propos du test Certification IT, avec lequel vous pouvez améliorer le future de votre carrière. Vous trouverez que nos Q&As seraient persuadantes d'après d'avoir essayer nos démos gratuits. Le démo de EC-COUNCIL EC0-350 (même que les autres démos) est gratuit à télécharger. Vous n'aurez pas aucune hésitation après travailler avec notre démo.

Pass4Test est un site particulier d'offrir la formation à propos de test Certification IT. C'est un bon choix pour vous aider à réussir le test EC-COUNCIL EC0-350. Pass4Test offre toutes les informations et les documentations plus nouvelles qui peut vous donner plus de chances à réussir le test.

Pass4Test est un bon site d'offrir la facilité aux candidats de test EC-COUNCIL EC0-350. Selon les anciens test, l'outil de formation EC-COUNCIL EC0-350 est bien proche de test réel.

Le programme de formation EC-COUNCIL EC0-350 offert par Pass4Test comprend les exercices et les test simulation. Vous voyez aussi les autres sites d'offrir l'outil de formation, mais c'est pas difficile à découvrir une grand écart de la qualité entre Pass4Test et les autres fournisseurs. Celui de Pass4Test est plus complet et convenable pour la préparation dans une courte terme.

L'équipe de Pass4Test autorisée offre sans arrêt les bonnes resources aux candidats de test Certification EC-COUNCIL EC0-350. Les documentations particulièrement visée au test EC-COUNCIL EC0-350 aide beaucoup de candidats. La Q&A de la version plus nouvelle est lancée maintenant. Vous pouvez télécharger le démo gratuit en Internet. Généralement, vous pouvez réussir le test 100% avec l'aide de Pass4Test, c'est un fait preuvé par les professionnels réputés IT. Ajoutez le produit au panier, vous êtes l'ensuite à réussir le test EC-COUNCIL EC0-350.

Code d'Examen: EC0-350
Nom d'Examen: EC-COUNCIL (Ethical hacking and countermeasures)
Questions et réponses: 878 Q&As

Dans l'Industrie IT, le certificat IT peut vous permet d'une space plus grande de se promouvoir. Généralement, la promotion de l'entreprise repose sur ce que vous avec la certification. Le Certificat EC-COUNCIL EC0-350 est bien autorisé. Avec le certificat EC-COUNCIL EC0-350, vous aurez une meilleure carrière dans le future. Vous pouvez télécharger tout d'abord la partie gratuite de Q&A EC-COUNCIL EC0-350.

Aujourd'hui, il y a pleine de professionnels IT dans cette société. Ces professionnels sont bien populaires mais ils ont à être en face d'une grande compétition. Donc beaucoup de professionnels IT se prouver par les tests de Certification très difficile à réussir. Pass4Test est voilà pour offrir un raccourci au succès de test Certification.

EC0-350 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-350.html

NO.1 A client has approached you with a penetration test requirement. They are concerned with the
possibility of external threat, and have invested considerable resources in protecting their
Internet exposure. However, their main concern is the possibility of an employee elevating his/her
privileges and gaining access to information outside of their department. What kind of penetration
test would you recommend that would best address the client's concern?
A.A Grey Hat test
B.A Grey Box test
C.A Black Hat test
D.A White Hat test
E.A Black Box test
F.A White Box test
Correct:B

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.2 What is the purpose of firewalking?
A.It's a technique used to map routers on a network link
B.It's a technique used to discover Wireless network on foot
C.It's a technique used to discover interface in promiscuous mode
D.It's a technique used to discover what rules are configured on a gateway
Correct:D

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.3 Travis works primarily from home as a medical transcriptionist. He just bought a brand new
Dual Core Pentium computer with over 3 GB of RAM. He uses voice recognition software to help
him transfer what he dictates to electronic documents. The voice recognition software is
processor intensive, which is why he bought the new computer. Travis frequently has to get on
the Internet to do research on what he is working on. After about two months of working on his
new computer, he notices that it is not running nearly as fast as it used to. Travis uses antivirus
software, anti-spyware software, and always keeps the computer up-to-date with Microsoft
patches. After another month of working on the computer, Travis' computer is even more
noticeably slow. Every once in awhile, Travis also notices a window or two pop-up on his screen,
but they quickly disappear.He has seen these windows show up, even when he has not been on
the Internet. Travis is really worried about his computer because he spent a lot of money on it, and
he depends on it to work. Travis scans his computer with all kinds of software, and cannot find
anything out of the ordinary. Travis decides to go through Windows Explorer and check out the
file system, folder by folder, to see if there is anything he can find. He spends over four hours
pouring over the files and folders and cannot find anything.But, before he gives up, he notices
that his computer only has about 10 GB of free space available.Since his hard drive is a 200 GB
hard drive, Travis thinks this is very odd. Travis downloads Space Monger and adds up the sizes
for all the folders and files on his computer. According to his calculations, he should have around
150 GB of free space. What is mostly likely the cause of Travis' problems?
A.Travis's computer is infected with stealth kernel level rootkit
B.Travis's computer is infected with Stealth Trojan Virus
C.Travis's computer is infected with Self-Replication Worm that fills the hard disk space
D.Logic Bomb is triggered at random times creating hidden data consuming junk files
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.4 Which programming language is NOT vulnerable to buffer overflow attacks?
A.Java
B.ActiveX
C.C++
D.Assembly Language
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.5 Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been
able to spawn an interactive shell and plans to deface the main web page. He first attempts to use
the "Echo" command to simply overwrite index.html and remains unsuccessful. He then attempts
to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in
which also he remains unsuccessful. What is the probable cause of Bill's problem?
A.The system is a honeypot
B.The HTML file has permissions of read only
C.You cannot use a buffer overflow to deface a web page
D.There is a problem with the shell and he needs to run the attack again
Correct:B

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.6 Why is Social Engineering considered attractive by hackers and commonly done by experts in
the field?
A.It is not considered illegal
B.It is done by well-known hackers
C.It is easy and extremely effective to gain information
D.It does not require a computer in order to commit a crime
Correct:C

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.7 Bill has started to notice some slowness on his network when trying to update his company's
website and while trying to access the website from the Internet. Bill asks the help desk manager
if he has received any calls about slowness from the end users, but the help desk manager says
that he has not. Bill receives a number of calls from customers that cannot access the company
website and cannot purchase anything online. Bill logs on to a couple of his routers and notices
that the logs show network traffic is at an all time high.?He also notices that almost all the traffic
is originating from a specific address. Bill decides to use Geotrace to find out where the suspect
IP is originates from. The Geotrace utility runs a traceroute and finds that the IP is coming from
Panama.?Bill knows that none of his customers are in Panama so he immediately thinks that his
company is under a Denial of Service attack. Now Bill needs to find out more about the originating
IP address. What Internet registry should Bill look in to find the IP address?
A.LACNIC
B.ARIN
C.RIPE LACNIC
D.APNIC
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.8 Clive is conducting a pen-test and has just port scanned a system on the network. He has
identified the operating system as Linux and been able to elicit responses from ports 23, 25 and
53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as
running DNS service. The client confirms these findings and attests to the current availability of
the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On
typing other commands, he sees only blank spaces or underscores symbols on the screen. What
are you most likely to infer from this?
A.The services are protected by TCP wrappers
B.There is a honeypot running on the scanned machine
C.An attacker has replaced the services with trojaned ones
D.This indicates that the telnet and SMTP server have crashed
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.9 Which of the following built-in C/C++ functions you should avoid to prevent your program from
buffer overflow attacks?
A.strcpy()
B.strcat()
C.streadd()
D.strsock()
Correct:A B C

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.10 What type of port scan is shown below? Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23 192.5.2.92:4079 <----NO
RESPONSE------192.5.2.110:23 Scan directed at closed port: ClientServer 192.5.2.92:4079
---------FIN--------->192.5.2.110:23 192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
A.Idle Scan
B.FIN Scan
C.XMAS Scan
D.Windows Scan
Correct:B

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.11 A program that defends against a port scanner will attempt to:
A.Sends back bogus data to the port scanner
B.Log a violation and recommend use of security-auditing tools
C.Limit access by the scanning system to publicly available ports only
D.Update a firewall rule in real time to prevent the port scan from being completed
Correct:D

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.12 Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to
allow a host outside of a firewall to connect transparently and securely through the firewall. He
wonders if his firewall has been breached. What would be your inference?
A.Eric's network has been penetrated by a firewall breach
B.The attacker is using the ICMP protocol to have a covert channel
C.Eric has a Wingate package providing FTP redirection on his network
D.Somebody is using SOCKS on the network to communicate through the firewall
Correct:D

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.13 Mark works as a contractor for the Department of Defense and is in charge of network security.
He has spent the last month securing access to his network from all possible entry points. He has
segmented his network into several subnets and has installed firewalls all over the network. He
has placed very stringent rules on all the firewalls, blocking everything in and out except ports
that must be used. He does need to have port 80 open since his company hosts a website that
must be accessed from the Internet. Mark is fairly confident of his perimeter defenses, but is still
worried about programs like Hping2 that can get into a network through covert channels. How
should mark protect his network from an attacker using Hping2 to scan his internal network?
A.Block ICMP type 13 messages
B.Block all incoming traffic on port 53
C.Block all outgoing traffic on port 53
D.Use stateful inspection on the firewalls
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.14 What file system vulnerability does the following command take advantage of? type
c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
A.HFS
B.ADS
C.NTFS
D.Backdoor access
Correct:B

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.15 After a client sends a connection request (SYN) packet to the server, the server will respond
(SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by
the client. This sequence number is predictable; the attack connects to a service first with its own
IP address, records the sequence number chosen, and then opens a second connection from a
forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but
can guess the correct responses. If the source IP address is used for authentication, then the
attacker can use the one-sided communication to break into the server. What attacks can you
successfully launch against a server using the above technique?
A.Session Hijacking attacks
B.Denial of Service attacks
C.Web page defacement attacks
D.IP spoofing attacks
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.16 Lori has just been tasked by her supervisor toonduct vulnerability scan on the corporate
network.She has been instructed to perform a very thorough test of the network to ensure that
there are no security holes on any of the machines.Lori's company does not own any commercial
scanning products, so she decides to download a free one off the Internet.Lori has never done a
vulnerability scan before, so she is unsure of some of the settings available in the software she
downloaded.One of the options is to choose which ports that can be scanned.Lori wants to do
exactly what her boss has told her, but she does not know what ports should be scanned. If Lori is
supposed to scan all known TCP ports, how many ports should she select in the software?
A.65536
B.1024
C.1025
D.Lori should not scan TCP ports, only UDP ports
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.17 Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his
firewall to block password brute force attempts on his network. He enables blocking the intruder's
IP address for a period of 24 hours time after more than three unsuccessful attempts. He is
confident that this rule will secure his network from hackers on the Internet. But he still receives
hundreds of thousands brute-force attempts generated from various IP addresses around the
world. After some investigation he realizes that the intruders are using a proxy somewhere else
on the Internet which has been scripted to enable the random usage of various proxies on each
request so as not to get caught by the firewall rule. Later he adds another rule to his firewall and
enables small sleep on the password attempt so that if the password is incorrect, it would take 45
seconds to return to the user to begin another attempt. Since an intruder may use multiple
machines to brute force the password, he also throttles the number of connections that will be
prepared to accept from a particular IP address. This action will slow the intruder's attempts.
Samuel wants to completely block hackers brute force attempts on his network. What are the
alternatives to defending against possible brute-force password attacks on his site?
A.Enforce a password policy and use account lockouts after three wrong logon attempts even though this
might lock out legit users
B.Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the
intruder so that you can block them at the Firewall manually
C.Enforce complex password policy on your network so that passwords are more difficult to brute force
D.You cannot completely block the intruders attempt if they constantly switch proxies
Correct:D

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.18 Bob is acknowledged as a hacker of repute and is popular among visitors of 'underground' sites.
Bob is willing to share his knowledge to those who are willing to learn, and many have expressed
their interest in learning from him. However, this knowledge has risks associated with it, as the
same knowledge can be used for malevolent attacks as well. In this context, what would be the
most effective method to bridge the knowledge gap between the "black" hats or crackers and the
"white" hats or computer security professionals?
A.Hire more computer security monitoring personnel to monitor computer systems and networks
B.Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards
C.Train more national guard and reservist in the art of computer security to help out in times of emergency
or crises
D.Make obtaining either a computer security certification or accreditation easier to achieve so more
individuals feel that they are a part of something larger than life
Correct:B

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.19 Maurine is working as a security consultant for Hinklemeir Associates.She has asked the
Systems Administrator to create a group policy that would not allow null sessions on the network.
The Systems Administrator is fresh out of college and has never heard of null sessions and does
not know what they are used for. Maurine is trying to explain to the Systems Administrator that
hackers will try to create a null session when footprinting the network. Why would an attacker try
to create a null session with a computer on a network?
A.Enumerate users and shares
B.Install a backdoor for later attacks
C.Escalate his/her privileges on the target server
D.To create a user with administrative privileges for later use
Correct:A

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

NO.20 Samantha has been actively scanning the client network for which she is doing a vulnerability
assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What
protocol is most likely to be listening on those ports?
A.FTP
B.SMB
C.Finger
D.Samba
Correct:B

EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350 examen   EC0-350 examen

Les spécialistes d'expérience de Pass4Test ont fait une formation ciblée au test EC-COUNCIL EC0-350. Cet outil de formation est convenable pour les candidats de test EC-COUNCIL EC0-350. Pass4Test n'offre que les produits de qualité. Vous aurez une meilleure préparation à passer le test avec l'aide de Pass4Test.

Le plus récent matériel de formation EC-COUNCIL EC0-350

Les experts de Pass4Test profitent de leurs expériences et connaissances à augmenter successivement la qualité des docmentations pour répondre une grande demande des candidats, juste pour que les candidats soient permis à réussir le test EC-COUNCIL EC0-350 par une seule fois. Vous allez avoir les infos plus proches de test réel à travers d'acheter le produti de Pass4Test. Notre confiance sont venue de la grande couverture et la haute précision de nos Q&As. 100% précision des réponses vous donnent une confiance 100%. Vous n'auriez pas aucun soucis avant de participer le test.

But que Pass4Test n'offre que les produits de qualité est pour vous aider à réussir le test EC-COUNCIL EC0-350 100%. Le test simulation offert par Pass4Test est bien proche de test réel. Si vous ne pouvez pas passer le test EC-COUNCIL EC0-350, votre argent sera tout rendu.

Code d'Examen: EC0-350
Nom d'Examen: EC-COUNCIL (Ethical hacking and countermeasures)
Questions et réponses: 878 Q&As

Est-ce que vous vous souciez encore de réussir le test EC-COUNCIL EC0-350? Est-ce que vous attendez plus le guide de formation plus nouveaux? Le guide de formation vient de lancer par Pass4Test peut vous donner la solution. Vous pouvez télécharger la partie de guide gratuite pour prendre un essai, et vous allez découvrir que le test n'est pas aussi dur que l'imaginer. Pass4Test vous permet à réussir 100% le test. Votre argent sera tout rendu si vous échouez le test.

Choisir le Pass4Test peut vous aider à réussir 100% le test EC-COUNCIL EC0-350 qui change tout le temps. Pass4Test peut vous offrir les infos plus nouvelles. Dans le site de Pass4Test le servie en ligne est disponible toute la journée. Si vous ne passerez pas le test, votre argent sera tout rendu.

Généralement, les experts n'arrêtent pas de rechercher les Q&As plus proches que test Certification. Les documentations offertes par les experts de Pass4Test peuvent vous aider à passer le test Certification. Les réponses de nos Q&As ont une précision 100%. C'est facile à obtenir le Certificat de EC-COUNCIL après d'utiliser la Q&A de Pass4Test. Vous aurez une space plus grande dans l'industrie IT.

EC0-350 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-350.html

NO.1 Samantha has been actively scanning the client network for which she is doing a vulnerability
assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What
protocol is most likely to be listening on those ports?
A.FTP
B.SMB
C.Finger
D.Samba
Correct:B

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.2 Maurine is working as a security consultant for Hinklemeir Associates.She has asked the
Systems Administrator to create a group policy that would not allow null sessions on the network.
The Systems Administrator is fresh out of college and has never heard of null sessions and does
not know what they are used for. Maurine is trying to explain to the Systems Administrator that
hackers will try to create a null session when footprinting the network. Why would an attacker try
to create a null session with a computer on a network?
A.Enumerate users and shares
B.Install a backdoor for later attacks
C.Escalate his/her privileges on the target server
D.To create a user with administrative privileges for later use
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.3 Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been
able to spawn an interactive shell and plans to deface the main web page. He first attempts to use
the "Echo" command to simply overwrite index.html and remains unsuccessful. He then attempts
to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in
which also he remains unsuccessful. What is the probable cause of Bill's problem?
A.The system is a honeypot
B.The HTML file has permissions of read only
C.You cannot use a buffer overflow to deface a web page
D.There is a problem with the shell and he needs to run the attack again
Correct:B

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.4 Mark works as a contractor for the Department of Defense and is in charge of network security.
He has spent the last month securing access to his network from all possible entry points. He has
segmented his network into several subnets and has installed firewalls all over the network. He
has placed very stringent rules on all the firewalls, blocking everything in and out except ports
that must be used. He does need to have port 80 open since his company hosts a website that
must be accessed from the Internet. Mark is fairly confident of his perimeter defenses, but is still
worried about programs like Hping2 that can get into a network through covert channels. How
should mark protect his network from an attacker using Hping2 to scan his internal network?
A.Block ICMP type 13 messages
B.Block all incoming traffic on port 53
C.Block all outgoing traffic on port 53
D.Use stateful inspection on the firewalls
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.5 Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to
allow a host outside of a firewall to connect transparently and securely through the firewall. He
wonders if his firewall has been breached. What would be your inference?
A.Eric's network has been penetrated by a firewall breach
B.The attacker is using the ICMP protocol to have a covert channel
C.Eric has a Wingate package providing FTP redirection on his network
D.Somebody is using SOCKS on the network to communicate through the firewall
Correct:D

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.6 Which of the following built-in C/C++ functions you should avoid to prevent your program from
buffer overflow attacks?
A.strcpy()
B.strcat()
C.streadd()
D.strsock()
Correct:A B C

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.7 Clive is conducting a pen-test and has just port scanned a system on the network. He has
identified the operating system as Linux and been able to elicit responses from ports 23, 25 and
53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as
running DNS service. The client confirms these findings and attests to the current availability of
the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On
typing other commands, he sees only blank spaces or underscores symbols on the screen. What
are you most likely to infer from this?
A.The services are protected by TCP wrappers
B.There is a honeypot running on the scanned machine
C.An attacker has replaced the services with trojaned ones
D.This indicates that the telnet and SMTP server have crashed
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.8 Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his
firewall to block password brute force attempts on his network. He enables blocking the intruder's
IP address for a period of 24 hours time after more than three unsuccessful attempts. He is
confident that this rule will secure his network from hackers on the Internet. But he still receives
hundreds of thousands brute-force attempts generated from various IP addresses around the
world. After some investigation he realizes that the intruders are using a proxy somewhere else
on the Internet which has been scripted to enable the random usage of various proxies on each
request so as not to get caught by the firewall rule. Later he adds another rule to his firewall and
enables small sleep on the password attempt so that if the password is incorrect, it would take 45
seconds to return to the user to begin another attempt. Since an intruder may use multiple
machines to brute force the password, he also throttles the number of connections that will be
prepared to accept from a particular IP address. This action will slow the intruder's attempts.
Samuel wants to completely block hackers brute force attempts on his network. What are the
alternatives to defending against possible brute-force password attacks on his site?
A.Enforce a password policy and use account lockouts after three wrong logon attempts even though this
might lock out legit users
B.Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the
intruder so that you can block them at the Firewall manually
C.Enforce complex password policy on your network so that passwords are more difficult to brute force
D.You cannot completely block the intruders attempt if they constantly switch proxies
Correct:D

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.9 A client has approached you with a penetration test requirement. They are concerned with the
possibility of external threat, and have invested considerable resources in protecting their
Internet exposure. However, their main concern is the possibility of an employee elevating his/her
privileges and gaining access to information outside of their department. What kind of penetration
test would you recommend that would best address the client's concern?
A.A Grey Hat test
B.A Grey Box test
C.A Black Hat test
D.A White Hat test
E.A Black Box test
F.A White Box test
Correct:B

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.10 Lori has just been tasked by her supervisor toonduct vulnerability scan on the corporate
network.She has been instructed to perform a very thorough test of the network to ensure that
there are no security holes on any of the machines.Lori's company does not own any commercial
scanning products, so she decides to download a free one off the Internet.Lori has never done a
vulnerability scan before, so she is unsure of some of the settings available in the software she
downloaded.One of the options is to choose which ports that can be scanned.Lori wants to do
exactly what her boss has told her, but she does not know what ports should be scanned. If Lori is
supposed to scan all known TCP ports, how many ports should she select in the software?
A.65536
B.1024
C.1025
D.Lori should not scan TCP ports, only UDP ports
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.11 Travis works primarily from home as a medical transcriptionist. He just bought a brand new
Dual Core Pentium computer with over 3 GB of RAM. He uses voice recognition software to help
him transfer what he dictates to electronic documents. The voice recognition software is
processor intensive, which is why he bought the new computer. Travis frequently has to get on
the Internet to do research on what he is working on. After about two months of working on his
new computer, he notices that it is not running nearly as fast as it used to. Travis uses antivirus
software, anti-spyware software, and always keeps the computer up-to-date with Microsoft
patches. After another month of working on the computer, Travis' computer is even more
noticeably slow. Every once in awhile, Travis also notices a window or two pop-up on his screen,
but they quickly disappear.He has seen these windows show up, even when he has not been on
the Internet. Travis is really worried about his computer because he spent a lot of money on it, and
he depends on it to work. Travis scans his computer with all kinds of software, and cannot find
anything out of the ordinary. Travis decides to go through Windows Explorer and check out the
file system, folder by folder, to see if there is anything he can find. He spends over four hours
pouring over the files and folders and cannot find anything.But, before he gives up, he notices
that his computer only has about 10 GB of free space available.Since his hard drive is a 200 GB
hard drive, Travis thinks this is very odd. Travis downloads Space Monger and adds up the sizes
for all the folders and files on his computer. According to his calculations, he should have around
150 GB of free space. What is mostly likely the cause of Travis' problems?
A.Travis's computer is infected with stealth kernel level rootkit
B.Travis's computer is infected with Stealth Trojan Virus
C.Travis's computer is infected with Self-Replication Worm that fills the hard disk space
D.Logic Bomb is triggered at random times creating hidden data consuming junk files
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.12 What file system vulnerability does the following command take advantage of? type
c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
A.HFS
B.ADS
C.NTFS
D.Backdoor access
Correct:B

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.13 Which programming language is NOT vulnerable to buffer overflow attacks?
A.Java
B.ActiveX
C.C++
D.Assembly Language
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.14 What type of port scan is shown below? Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23 192.5.2.92:4079 <----NO
RESPONSE------192.5.2.110:23 Scan directed at closed port: ClientServer 192.5.2.92:4079
---------FIN--------->192.5.2.110:23 192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
A.Idle Scan
B.FIN Scan
C.XMAS Scan
D.Windows Scan
Correct:B

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.15 Bob is acknowledged as a hacker of repute and is popular among visitors of 'underground' sites.
Bob is willing to share his knowledge to those who are willing to learn, and many have expressed
their interest in learning from him. However, this knowledge has risks associated with it, as the
same knowledge can be used for malevolent attacks as well. In this context, what would be the
most effective method to bridge the knowledge gap between the "black" hats or crackers and the
"white" hats or computer security professionals?
A.Hire more computer security monitoring personnel to monitor computer systems and networks
B.Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards
C.Train more national guard and reservist in the art of computer security to help out in times of emergency
or crises
D.Make obtaining either a computer security certification or accreditation easier to achieve so more
individuals feel that they are a part of something larger than life
Correct:B

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.16 What is the purpose of firewalking?
A.It's a technique used to map routers on a network link
B.It's a technique used to discover Wireless network on foot
C.It's a technique used to discover interface in promiscuous mode
D.It's a technique used to discover what rules are configured on a gateway
Correct:D

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.17 After a client sends a connection request (SYN) packet to the server, the server will respond
(SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by
the client. This sequence number is predictable; the attack connects to a service first with its own
IP address, records the sequence number chosen, and then opens a second connection from a
forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but
can guess the correct responses. If the source IP address is used for authentication, then the
attacker can use the one-sided communication to break into the server. What attacks can you
successfully launch against a server using the above technique?
A.Session Hijacking attacks
B.Denial of Service attacks
C.Web page defacement attacks
D.IP spoofing attacks
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.18 Bill has started to notice some slowness on his network when trying to update his company's
website and while trying to access the website from the Internet. Bill asks the help desk manager
if he has received any calls about slowness from the end users, but the help desk manager says
that he has not. Bill receives a number of calls from customers that cannot access the company
website and cannot purchase anything online. Bill logs on to a couple of his routers and notices
that the logs show network traffic is at an all time high.?He also notices that almost all the traffic
is originating from a specific address. Bill decides to use Geotrace to find out where the suspect
IP is originates from. The Geotrace utility runs a traceroute and finds that the IP is coming from
Panama.?Bill knows that none of his customers are in Panama so he immediately thinks that his
company is under a Denial of Service attack. Now Bill needs to find out more about the originating
IP address. What Internet registry should Bill look in to find the IP address?
A.LACNIC
B.ARIN
C.RIPE LACNIC
D.APNIC
Correct:A

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.19 A program that defends against a port scanner will attempt to:
A.Sends back bogus data to the port scanner
B.Log a violation and recommend use of security-auditing tools
C.Limit access by the scanning system to publicly available ports only
D.Update a firewall rule in real time to prevent the port scan from being completed
Correct:D

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

NO.20 Why is Social Engineering considered attractive by hackers and commonly done by experts in
the field?
A.It is not considered illegal
B.It is done by well-known hackers
C.It is easy and extremely effective to gain information
D.It does not require a computer in order to commit a crime
Correct:C

certification EC-COUNCIL   EC0-350   EC0-350 examen   EC0-350   EC0-350

Le temps est tellement précieux dans cette société que une bonn façon de se former avant le test EC-COUNCIL EC0-350 est très important. Pass4Test fait tous efforts à assurer tous les candidats à réussir le test. Aussi, un an de mise à jour est gratuite pour vous. Si vous ne passez pas le test, votre argent sera tout rendu.

Pass4Test offre une formation sur EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 matériaux examen

Pass4Test a de formations plus nouvelles pour le test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349. Les experts dans l'industrie IT de Pass4Test profitant leurs expériences et connaissances professionnelles à lancer les Q&As plus chaudes pour faciliter la préparation du test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 à tous les candidats qui nous choisissent. L'importance de Certification EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 est de plus en plus claire, c'est aussi pourquoi il y a de plus en plus de gens qui ont envie de participer ce test. Parmi tous ces candidats, pas mal de gens ont réussi grâce à Pass4Test. Ces feedbacks peuvent bien prouver nos produits essentiels pour votre réussite de test Certification.

Le test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 est l'un très improtant dans tous les tests de Certification EC-COUNCIL, mais c'est toujours difficile à obtenir ce Certificat. La présence de Pass4Test est pour soulager les candidats. L'équipe de Pass4Test peut vous aider à économiser le temps et l'éffort. Vous pouvez passer le test sans aucune doute sous l'aide de notre Q&A.

Code d'Examen: 312-49

Nom d'Examen: EC-COUNCIL (Computer Hacking Forensic Investigator )

Questions et réponses: 150 Q&As

Code d'Examen: 212-77

Nom d'Examen: EC-COUNCIL (Linux Security )

Questions et réponses: 50 Q&As

Code d'Examen: EC0-350

Nom d'Examen: EC-COUNCIL (Ethical hacking and countermeasures)

Questions et réponses: 878 Q&As

Code d'Examen: EC0-349

Nom d'Examen: EC-COUNCIL (Computer Hacking Forensic Investigator)

Questions et réponses: 374 Q&As

Participer au test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 est un bon choix, parce que dans l'Industire IT, beaucoup de gens tirent un point de vue que le Certificat EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 symbole bien la professionnalité d'un travailleur dans cette industrie.

Vous pouvez télécharger tout d'abord le démo gratuit pour prendre un essai. Vous serez confiant davantage sur Pass4Test après l'essai de démo. Vous allez réussir le test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349 sans aucune doute si vous choisissez le Pass4Test.

Dans ce monde d'informatique, l'industrie IT est suivi par de plus en plus de ges. Dans ce domaine demandant beaucoup de techniques, il faut des Certificat à se preuver les techniques professionnelle. Les Certificats IT sont improtant pour un interviewé pendant un entretien. C'est pas facile à passer le test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349, donc c'est pourquoi beaucoup de professionnels qui choisissent ce Certificat pour se preuver.

Le test simulation offert par Pass4Test est bien proche du test réel. Vous pouvez apprendre tous essences d'un test réel à courte terme avec l'aide de Pass4Test. Pass4Test peut vous assurer le succès 100% de test EC-COUNCIL 312-49 212-77 EC0-350 EC0-349.

EC0-349 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-349.html

NO.1 A forensics investigator is searching the hard drive of a computer for files that were recently moved to
the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find
anything. What is the reason for this?
A.He should search in C:\Windows\System32\RECYCLED folder
B.The Recycle Bin does not exist on the hard drive
C.The files are hidden and he must use a switch to view them
D.Only FAT system contains RECYCLED folder and not NTFS
Answer: C

EC-COUNCIL   certification EC0-349   EC0-349 examen

NO.2 A picture file is recovered from a computer under investigation. During the investigation process, the
file is enlarged 500% to get a better view of its contents. The pictures quality is not degraded at all from
this process. What kind of picture is this file?
A.Raster image
B.Vector image
C.Metafile image
D.Catalog image
Answer: B

EC-COUNCIL   EC0-349   EC0-349   EC0-349

NO.3 What is the last bit of each pixel byte in an image called?
A.Last significant bit
B.Least significant bit
C.Least important bit
D.Null bit
Answer: B

EC-COUNCIL   certification EC0-349   certification EC0-349

NO.4 Madison is on trial for allegedly breaking into her universitys internal network. The police raided her
dorm room and seized all of her computer equipment. Madisons lawyer is trying to convince the judge that
the seizure was unfounded and baseless. Under which US Amendment is Madisons lawyer trying to
prove the police violated?
A.The 10th Amendment
B.The 5th Amendment
C.The 1st Amendment
D.The 4th Amendment
Answer: D

certification EC-COUNCIL   EC0-349 examen   EC0-349   EC0-349

NO.5 Which legal document allows law enforcement to search an office, place of business, or other locale for
evidence relating to an alleged crime?
A.Search warrant
B.Subpoena
C.Wire tap
D.Bench warrant
Answer: A

EC-COUNCIL examen   EC0-349 examen   EC0-349   EC0-349

NO.6 What information do you need to recover when searching a victims computer for a crime committed
with
specific e-mail message?
A.Internet service provider information
B.E-mail header
C.Username and password
D.Firewall log
Answer: B

certification EC-COUNCIL   EC0-349 examen   EC0-349   certification EC0-349

NO.7 When carrying out a forensics investigation, why should you never delete a partition on a dynamic
disk?
A.All virtual memory will be deleted
B.The wrong partition may be set to active
C.This action can corrupt the disk
D.The computer will be set in a constant reboot state
Answer: C

EC-COUNCIL examen   EC0-349   certification EC0-349   EC0-349   certification EC0-349   EC0-349

NO.8 A suspect is accused of violating the acceptable use of computing resources, as he has visited adult
websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit
these sites. However, the suspect has cleared the search history and emptied the cookie cache.
Moreover, he has removed any images he might have downloaded. What can the investigator do to prove
the violation? Choose the most feasible option.
A.Image the disk and try to recover deleted files
B.Seek the help of co-workers who are eye-witnesses
C.Check the Windows registry for connection data (You may or may not recover)
D.Approach the websites for evidence
Answer: A

certification EC-COUNCIL   certification EC0-349   EC0-349 examen   EC0-349   EC0-349

NO.9 What hashing method is used to password protect Blackberry devices?
A.AES
B.RC5
C.MD5
D.SHA-1
Answer: D

EC-COUNCIL   certification EC0-349   certification EC0-349   EC0-349

NO.10 In conducting a computer abuse investigation you become aware that the suspect of the investigation
is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they
provide you assistance with your investigation. What assistance can the ISP provide?
A.The ISP can investigate anyone using their service and can provide you with assistance
B.The ISP can investigate computer abuse committed by their employees, but must preserve the privacy
of their ustomers and therefore cannot assist you without a warrant
C.The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
D.ISPs never maintain log files so they would be of no use to your investigation
Answer: B

EC-COUNCIL examen   EC0-349 examen   certification EC0-349

NO.11 Sectors in hard disks typically contain how many bytes?
A.256
B.512
C.1024
D.2048
Answer: B

EC-COUNCIL   certification EC0-349   EC0-349   certification EC0-349

NO.12 In the following Linux command, what is the outfile?
dd if=/usr/bin/personal/file.txt of=/var/bin/files/file.txt
A./usr/bin/personal/file.txt
B./var/bin/files/file.txt
C./bin/files/file.txt
D.There is not outfile specified
Answer: B

EC-COUNCIL   EC0-349   certification EC0-349   certification EC0-349   EC0-349

NO.13 You are working as an independent computer forensics investigator and receive a call from a systems
administrator for a local school system requesting
your assistance. One of the students at the local high school is suspected of downloading inappropriate
images from the Internet to a PC in the Computer Lab.
When you arrive at the school, the systems administrator hands you a hard drive and tells you that he
made a simple backup copy of the hard drive in the PC
and put it on this drive and requests that you examine the drive for evidence of the suspected images. You
inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of
copy do you need to make to ensure that the evidence found is complete and admissible in future
proceedings?
A.Bit-stream copy
B.Robust copy
C.Full backup copy
D.Incremental backup copy
Answer: A

EC-COUNCIL examen   EC0-349 examen   EC0-349 examen   certification EC0-349

NO.14 Which forensic investigating concept trails the whole incident from how the attack began to how the
victim was
affected?
A.Point-to-point
B.End-to-end
C.Thorough
D.Complete event analysis
Answer: B

EC-COUNCIL   EC0-349   EC0-349 examen   EC0-349

NO.15 The efforts to obtain information before a trial by demanding documents, depositions, questions and
answers written under oath, written requests for admissions of fact, and examination of the scene is a
description of what legal term?
A.Detection
B.Hearsay
C.Spoliation
D.Discovery
Answer: D

EC-COUNCIL examen   EC0-349 examen   EC0-349   EC0-349   EC0-349   EC0-349

NO.16 When a router receives an update for its routing table, what is the metric value change to that path?
A.Increased by 2
B.Decreased by 1
C.Increased by 1
D.Decreased by 2
Answer: C

certification EC-COUNCIL   certification EC0-349   EC0-349 examen   certification EC0-349

NO.17 Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows
computer?
A.The data is still present until the original location of the file is used
B.The data is moved to the Restore directory and is kept there indefinitely
C.The data will reside in the L2 cache on a Windows computer until it is manually deleted
D.It is not possible to recover data that has been emptied from the Recycle Bin
Answer: A

certification EC-COUNCIL   EC0-349   EC0-349   certification EC0-349

NO.18 A forensics investigator needs to copy data from a computer to some type of removable media so he
can
examine the information at another location. The
problem is that the data is around 42GB in size. What type of removable media could the investigator
use?
A.Blu-Ray single-layer
B.HD-DVD
C.Blu-Ray dual-layer
D.DVD-18
Answer: C

EC-COUNCIL examen   EC0-349 examen   EC0-349   EC0-349   EC0-349 examen

NO.19 While searching through a computer under investigation, you discover numerous files that appear to
have had
the first letter of the file name replaced by
the hex code byte E5h. What does this indicate on the computer?
A.The files have been marked as hidden
B.The files have been marked for deletion
C.The files are corrupt and cannot be recovered
D.The files have been marked as read-only
Answer: B

EC-COUNCIL   EC0-349 examen   EC0-349   certification EC0-349   EC0-349

NO.20 What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024
A.Copy the master boot record to a file
B.Copy the contents of the system folder mem to a file
C.Copy the running memory to a file
D.Copy the memory dump file to an image file
Answer: C

EC-COUNCIL examen   EC0-349   EC0-349 examen   EC0-349 examen   EC0-349