EC1-350 Dumps EC1-350 Braindumps
EC1-350 Real Questions EC1-350 Practice Test EC1-350 Actual Questions
killexams.com EC-Council EC1-350
Ethical Hacking and Countermeasures V7
https://killexams.com/pass4sure/exam-detail/EC1-350
The traditional traceroute sends out ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets take to reach the destination. The problem is that with the widespread use of firewalls on the Internet today, many of the packets that traceroute sends out end up being filtered, making it impossible to completely trace the path to the destination.
How would you overcome the Firewall restriction on ICMP ECHO packets?
Firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
Firewalls will permit inbound UDP packets to specific ports that hosts sitting behind the firewall are listening for connections. By sending out TCP SYN packets instead of ICMP ECHO packets, traceroute can bypass the most common firewall filters.
Do not use traceroute command to determine the path packets take to reach the destination instead use the custom hacking tool JOHNTHETRACER and run with the command
\> JOHNTHETRACER www.eccouncil.org -F -evade
Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?
alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg: "BACKDOOR SIG – SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) alert
The payload of 485 is what this Snort signature will look for.
Snort will look for 0d0a5b52504c5d3030320d0a in the payload.
Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.
From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.
You are trying to package a RAT Trojan so that Anti-Virus software will not detect it. Which of the listed technique will NOT be effective in evading Anti-Virus scanner?
Convert the Trojan.exe file extension to Trojan.txt disguising as text file
Break the Trojan into multiple smaller files and zip the individual pieces
Change the content of the Trojan using hex editor and modify the checksum
Encrypt the Trojan using multiple hashing algorithms like MD5 and SHA-1
What will the following command produce on a website's login page if executed successfully? SELECT email, passwd, login_id, full_name FROM members WHERE email
= 'someone@somewhere.com'; DROP TABLE members; --'
This code will insert the someone@somewhere.com email address into the members table.
This command will delete the entire members table.
It retrieves the password for the first user in the members table.
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information. What would you call this kind of activity?
CI Gathering
Scanning
Dumpster Diving
Garbage Scooping
What type of port scan is represented here.
Stealth Scan
Full Scan
XMAS Scan
FIN Scan
is found in all versions of NTFS and is described as the ability to fork file data into existing files without affecting their functionality, size, or display to traditional file browsing utilities like dir or Windows Explorer
Alternate Data Streams
Merge Streams
Steganography
Justin is checking some network traffic logs on his firewall. Justin finds some IP packets from a computer purporting to be on the internal network. The packets originate from 172.16.1.44 with an IPID number of 3422. The received response from 172.16.1.44 has an IPID number of 512. What can he infer from this traffic log?
The traffic from 172.16.1.44 is from a Windows 7 computer.
The IPID number differences means the client computer is on wireless.
Traffic from 172.16.1.44 was being spoofed.
The client computer at 172.16.1.44 is a zombie computer.
A company is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purposes. This could lead to prosecution for the sender and for the company's directors if, for example, outgoing email was found to contain material that was pornographic, racist, or likely to incite someone to commit an act of terrorism. You can always defend yourself by "ignorance of the law" clause.
true
false
Paul has just finished setting up his wireless network. He has enabled numerous security features such as changing the default SSID, enabling WPA encryption, and enabling MAC filtering on his wireless router. Paul notices that when he uses his wireless connection, the speed is sometimes 54 Mbps and sometimes it is only 24Mbps or less. Paul connects to his wireless router's management utility and notices that a machine with an unfamiliar name is connected through his wireless connection. Paul checks the router's logs and notices that the unfamiliar machine has the same MAC address as his laptop. What is Paul seeing here?
MAC spoofing
Macof
ARP spoofing
DNS spoofing
What two things will happen if a router receives an ICMP packet, which has a TTL value of 1, and the destination host is several hops away? (Select 2 answers)
The router will discard the packet
The router will decrement the TTL value and forward the packet to the next router on the path to the destination host
The router will send a time exceeded message to the source host
The router will increment the TTL value and forward the packet to the next router on the path to the destination host.
The router will send an ICMP Redirect Message to the source host
Which of the following LM hashes represents a password of less than 8 characters?
A. 0182BD0BD4444BF836077A718CCDF409
B. 44EFCE164AB921CQAAD3B435B51404EE C. BA810DBA98995F1817306D272A9441BB D. CEC52EB9C8E3455DC2265B23734E0DAC E. B757BF5C0D87772FAAD3B435B51404EE F. E52CAC67419A9A224A3B108F3FA6CB6D