EC-COUNCIL meilleur examen 312-76, questions et réponses

Vous n'avez besoin que de faire les exercices à propos du test EC-COUNCIL 312-76 offertes par Pass4Test, vous pouvez réussir le test sans aucune doute. Et ensuite, vous aurez plus de chances de promouvoir avec le Certificat. Si vous ajoutez le produit au panier, nous vous offrirons le service 24h en ligne.

Dans cette époque glorieuse, l'industrie IT est devenue bien intense. C'est raisonnable que le test EC-COUNCIL 312-76 soit un des tests plus populaires. Il y a de plus en plus de gens qui veulent participer ce test, et la réussite de test EC-COUNCIL 312-76 est le rêve pour les professionnels ambitieux.

Pour l'instant, vous pouvez télécharger le démo gratuit de Q&A EC-COUNCIL 312-76 dans Pass4Test pour se former avant le test EC-COUNCIL 312-76.

Le test EC-COUNCIL 312-76 est une examination de techniques professionnelles dans l'Industrie IT. Pass4Test est un site qui peut vous aider à réussir le test EC-COUNCIL 312-76 rapidement. Si vous utiliser l'outil de formation avant le test, vous apprendrez tous essences de test Certification EC-COUNCIL 312-76.

Le test EC-COUNCIL 312-76 est très important dans l'Industrie IT, tous les professionnels le connaîssent ce fait. D'ailleur, c'est difficile à réussir ce test, toutefois le test EC-COUNCIL 312-76 est une bonne façon à examiner les connaissances professionnelles. Un gens avec le Certificat EC-COUNCIL 312-76 sera apprécié par beaucoup d'entreprises. Pass4Test est un fournisseur très important parce que beaucoup de candidats qui ont déjà réussi le test preuvent que le produit de Pass4Test est effectif. Vous pouvez réussir 100% le test EC-COUNCIL 312-76 avec l'aide de Pass4Test.

Choisissez le Pass4Test, choisissez le succès. Le produit offert par Pass4Test vous permet à réussir le test EC-COUNCIL 312-76. C'est necessaire de prendre un test simulation avant participer le test réel. C'est une façon bien effective. Choisir Pass4Test vous permet à réussir 100% le test.

Code d'Examen: 312-76
Nom d'Examen: EC-COUNCIL (Disaster Recovery Professional Practice Test)
Questions et réponses: 290 Q&As

312-76 Démo gratuit à télécharger: http://www.pass4test.fr/312-76.html

NO.1 Which of the following statements best describes the difference between the role of a data owner and
the role of a data custodian?
A. The custodian makes the initial information classification assignments and the operations manager
implements the scheme.
B. The custodian implements the information classification scheme after the initial assignment by the
operations manager.
C. The data custodian implements the information classification scheme after the initial assignment by the
data owner.
D. The data owner implements the information classification scheme after the initial assignment by the
custodian.
Answer: C

certification EC-COUNCIL   312-76 examen   certification 312-76   312-76 examen

NO.2 Which of the following options is an intellectual property right to protect inventions?
A. Snooping
B. Patent
C. Copyright
D. Utility model
Answer: D

certification EC-COUNCIL   certification 312-76   312-76 examen   certification 312-76   certification 312-76   312-76 examen

NO.3 Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a
fixed period of time in exchange for the disclosure of an invention?
A. Snooping
B. Patent
C. Utility model
D. Copyright
Answer: B

certification EC-COUNCIL   312-76 examen   certification 312-76

NO.4 Availability Management deals with the day-to-day availability of services. Which of the following takes
over when a 'disaster' situation occurs?
A. Capacity Management
B. Service Level Management
C. Service Continuity Management
D. Service Reporting
Answer: C

EC-COUNCIL examen   312-76 examen   312-76   certification 312-76   certification 312-76

NO.5 Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months
and six months already passed. Management asks Mark that how often the project team is participating in
the risk reassessment of this project. What should Mark tell management if he is following the best
practices for risk management.?
A. At every status meeting of the project team, project risk management is an agenda item.
B. Project risk management happens at every milestone.
C. Project risk management has been concluded with the project planning.
D. Project risk management is scheduled for every month in the 18-month project.
Answer: A

EC-COUNCIL   312-76 examen   312-76 examen

NO.6 Which of the following BCP teams is the first responder and deals with the immediate effects of the
disaster?
A. Emergency management team
B. Damage assessment team
C. Off-site storage team
D. Emergency action team
Answer: D

EC-COUNCIL examen   certification 312-76   certification 312-76   certification 312-76   certification 312-76

NO.7 Which of the following types of attacks occurs when an attacker successfully inserts an intermediary
software or program between two communicating hosts?
A. Password guessing attack
B. Dictionary attack
C. Man-in-the-middle attack
D. Denial-of-service attack
Answer: C

EC-COUNCIL examen   certification 312-76   312-76 examen   312-76 examen   312-76

NO.8 Which of the following tools in Helix Windows Live is used to reveal the database password of password
protected MDB files created using Microsoft Access or with Jet Database Engine?
A. Asterisk logger
B. FAU
C. Access Pass View
D. Galleta
Answer: C

certification EC-COUNCIL   certification 312-76   312-76 examen   certification 312-76   certification 312-76

Selon les feedbacks offerts par les candidats, c'est facile à réussir le test EC-COUNCIL 312-76 avec l'aide de la Q&A de Pass4Test qui est recherché particulièrement pour le test Certification EC-COUNCIL 312-76. C'est une bonne preuve que notre produit est bien effective. Le produit de Pass4Test peut vous aider à renforcer les connaissances demandées par le test EC-COUNCIL 312-76, vous aurez une meilleure préparation avec l'aide de Pass4Test.

Dernières EC-COUNCIL 312-49 examen pratique questions et réponses

Si vous travaillez quand même très dur et dépensez beaucoup de temps pour préparer le test EC-COUNCIL 312-49, mais ne se savez pas du tout c'est où le raccourci pour passer le test certification, Pass4Test peut vous donner une solution efficace. Vous vous sentirez magiquement jouer un effet multiplicateur.

Il y a plusieurs de façons pour réussir le test EC-COUNCIL 312-49, vous pouvez travailler dur et dépenser beaucoup d'argents, ou vous pouvez travailler plus efficacement avec moins temps dépensés.

Code d'Examen: 312-49
Nom d'Examen: EC-COUNCIL (Computer Hacking Forensic Investigator )
Questions et réponses: 150 Q&As

Choisissez le Pass4Test, choisissez le succès de test EC-COUNCIL 312-49. Bonne chance à vous.

Maintenant, beaucoup de professionnels IT prennent un même point de vue que le test EC-COUNCIL 312-49 est le tremplin à surmonter la pointe de l'Industrie IT. Beaucoup de professionnels IT mettent les yeux au test Certification EC-COUNCIL 312-49.

Bien qu'Il y ait plein de talentueux dans cette société, il manque beaucoup de professionnels dans les domaine en cours de développement, l'Industrie IT est l'un de ces domaines. Donc le test EC-COUNCIL 312-49 est un bon l'examination de technique informatique. Pass4Test est un site d'offrir la formation particulière au test EC-COUNCIL 312-49.

La grande couverture, la bonne qualité et la haute précision permettent le Pass4Test à avancer les autre sites web. Donc le Pass4Test est le meilleur choix et aussi l'assurance pour le succès de test EC-COUNCIL 312-49.

Selon les feedbacks offerts par les candidats, c'est facile à réussir le test EC-COUNCIL 312-49 avec l'aide de la Q&A de Pass4Test qui est recherché particulièrement pour le test Certification EC-COUNCIL 312-49. C'est une bonne preuve que notre produit est bien effective. Le produit de Pass4Test peut vous aider à renforcer les connaissances demandées par le test EC-COUNCIL 312-49, vous aurez une meilleure préparation avec l'aide de Pass4Test.

312-49 Démo gratuit à télécharger: http://www.pass4test.fr/312-49.html

NO.1 A suspect is accused of violating the acceptable use of computing resources, as he has visited
adult websites and downloaded images. The investigator wants to demonstrate that the suspect
did indeed visit these sites. However, the suspect has cleared the search history and emptied the
cookie cache. Moreover, he has removed any images he might have downloaded. What can the
investigator do to prove the violation? Choose the most feasible option.
A. Image the disk and try to recover deleted files
B. Seek the help of co-workers who are eye-witnesses
C. Check the Windows registry for connection data (You may or may not recover)
D. Approach the websites for evidence
Answer: A

EC-COUNCIL examen   312-49   certification 312-49

NO.2 When examining a file with a Hex Editor, what space does the file header occupy?
A. the last several bytes of the file
B. the first several bytes of the file
C. none, file headers are contained in the FAT
D. one byte at the beginning of the file
Answer: D

certification EC-COUNCIL   312-49 examen   certification 312-49   certification 312-49

NO.3 When an investigator contacts by telephone the domain administrator or controller listed by a
whois lookup to request all e-mails sent and received for a user account be preserved, what
U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
Answer: D

EC-COUNCIL examen   312-49   312-49   312-49

NO.4 A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is
an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the
attacker by studying the log. Please note that you are required to infer only what is explicit in the
excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting,
basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)
03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111
TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 23678634 2878772
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111
UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84
Len: 64
01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................
00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................
00 00 00 11 00 00 00 00 ........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773
UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104
Len: 1084
47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............
00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ...............
3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.

EC-COUNCIL 312-76 examen pratique questions et réponses

Les experts de Pass4Test profitent de leurs expériences et connaissances à augmenter successivement la qualité des docmentations pour répondre une grande demande des candidats, juste pour que les candidats soient permis à réussir le test EC-COUNCIL 312-76 par une seule fois. Vous allez avoir les infos plus proches de test réel à travers d'acheter le produti de Pass4Test. Notre confiance sont venue de la grande couverture et la haute précision de nos Q&As. 100% précision des réponses vous donnent une confiance 100%. Vous n'auriez pas aucun soucis avant de participer le test.

Dans cette société, il y a plein de gens talentueux, surtout les professionnels de l'informatique. Beaucoup de gens IT se battent dans ce domaine pour améliorer l'état de la carrière. Le test 312-76 est lequel très important dans les tests de Certification EC-COUNCIL. Pour être qualifié de EC-COUNCIL, on doit obtenir le passport de test EC-COUNCIL 312-76.

Quand vous hésitez même à choisir Pass4Test, le démo gratuit dans le site Pass4Test est disponible pour vous à essayer avant d'acheter. Nos démos vous feront confiant à choisir Pass4Test. Pass4Test est votre meilleur choix à passer l'examen de Certification EC-COUNCIL 312-76, et aussi une meilleure assurance du succès du test 312-76. Vous choisissez Pass4Test, vous choisissez le succès.

Pass4Test est un site qui peut réalise le rêve de beaucoup de professionnels. Pass4Test peut vous donner un coup de main pour réussir le test Certification EC-COUNCIL 312-76 via son guide d'étude. Est-ce que vous vous souciez de test Certification EC-COUNCIL 312-76? Est-ce que vous êtes en cours de penser à chercher quelques Q&As à vous aider? Pass4Test peut résoudre ces problèmes. Les documentations offertes par Pass4Test peuvent vous provider une préparation avant le test plus efficace. Le test de simulation de Pass4Test est presque le même que le test réel. Étudier avec le guide d'étude de Pass4Test, vous pouvez passer le test avec une haute note.

Code d'Examen: 312-76
Nom d'Examen: EC-COUNCIL (Disaster Recovery Professional Practice Test)
Questions et réponses: 290 Q&As

But que Pass4Test n'offre que les produits de qualité est pour vous aider à réussir le test EC-COUNCIL 312-76 100%. Le test simulation offert par Pass4Test est bien proche de test réel. Si vous ne pouvez pas passer le test EC-COUNCIL 312-76, votre argent sera tout rendu.

312-76 Démo gratuit à télécharger: http://www.pass4test.fr/312-76.html

NO.1 You work as a project manager for TYU project. You are planning for risk mitigation. You need to identify
the risks that will need a more in-depth analysis. Which of the following activities will help you in this?
A. Quantitative analysis
B. Estimate activity duration
C. Risk identification
D. Qualitative analysis
Answer: D

certification EC-COUNCIL   312-76 examen   312-76   certification 312-76

NO.2 Which of the following is the duration of time and a service level within which a business process must
be restored after a disaster in order to avoid unacceptable consequences associated with a break in
business continuity?
A. RTA
B. RPO
C. RCO
D. RTO
Answer: D

EC-COUNCIL   certification 312-76   312-76 examen   312-76

NO.3 Which of the following BCP teams is the first responder and deals with the immediate effects of the
disaster?
A. Emergency action team
B. Emergency-management team
C. Damage-assessment team
D. Off-site storage team
Answer: A

certification EC-COUNCIL   312-76   312-76   certification 312-76

NO.4 Which of the following BCP teams is the first responder and deals with the immediate effects of the
disaster?
A. Emergency management team
B. Damage assessment team
C. Off-site storage team
D. Emergency action team
Answer: D

EC-COUNCIL   312-76   certification 312-76   312-76 examen

NO.5 Which of the following is the simulation of the disaster recovery plans?
A. Walk-through test
B. Full operational test
C. Paper test
D. Preparedness test
Answer: B

EC-COUNCIL   312-76   certification 312-76

NO.6 Fill in the blank with the appropriate number:
RAID-________ is a combination of RAID-1 and RAID-0.
A. 10
Answer: A

EC-COUNCIL   certification 312-76   312-76   312-76

NO.7 Which of the following statements best describes the difference between the role of a data owner and
the role of a data custodian?
A. The custodian makes the initial information classification assignments and the operations manager
implements the scheme.
B. The custodian implements the information classification scheme after the initial assignment by the
operations manager.
C. The data custodian implements the information classification scheme after the initial assignment by the
data owner.
D. The data owner implements the information classification scheme after the initial assignment by the
custodian.
Answer: C

EC-COUNCIL   312-76   certification 312-76

NO.8 Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a
fixed period of time in exchange for the disclosure of an invention?
A. Snooping
B. Patent
C. Utility model
D. Copyright
Answer: B

EC-COUNCIL   312-76 examen   312-76 examen   312-76 examen   certification 312-76

NO.9 You work as a Database Administrator for Bluewell Inc. The company has a SQL Server 2005
computer. The company asks you to implement a RAID system to provide fault tolerance to a database.
You want to implement disk mirroring. Which of the following RAID levels will you use to accomplish the
task?
A. RAID-5
B. RAID-0
C. RAID-1
D. RAID-10
Answer: C

certification EC-COUNCIL   312-76   certification 312-76

NO.10 Della works as a security manager for SoftTech Inc. She is training some of the newly recruited
personnel in the field of security management. She is giving a tutorial on DRP. She explains that the major
goal of a disaster recovery plan is to provide an organized way to make decisions if a disruptive event
occurs and asks for the other objectives of the DRP. If you are among some of the newly recruited
personnel in SoftTech Inc, what will be your answer for her question?
Each correct answer represents a part of the solution. Choose three.
A. Guarantee the reliability of standby systems through testing and simulation.
B. Protect an organization from major computer services failure.
C. Minimize the risk to the organization from delays in providing services.
D. Maximize the decision-making required by personnel during a disaster.
Answer: A,B,C

certification EC-COUNCIL   312-76   312-76   312-76 examen   312-76

NO.11 Which of the following levels of RAID provides security features that are availability, enhanced
performance, and fault tolerance?
A. RAID-10
B. RAID-5
C. RAID-0
D. RAID-1
Answer: A

EC-COUNCIL   312-76 examen   certification 312-76

NO.12 IT Service Continuity Management (ITSCM) is used to support the overall Business Continuity
Management (BCM) in order to ensure that the required IT infrastructure and the IT service provision are
recovered within an agreed business time scales. Which of the following are the benefits of implementing
IT Service Continuity Management?
Each correct answer represents a complete solution. Choose all that apply.
A. It prioritizes the recovery of IT services by working with BCM and SLM.
B. It minimizes costs related with recovery plans using proper proactive planning and testing.
C. It confirms competence, impartiality, and performance capability of an organization that performs
audits.
D. It minimizes disruption in IT services when it follows a major interruption or disaster.
Answer: A,B,D

EC-COUNCIL   certification 312-76   312-76   312-76 examen   certification 312-76

NO.13 Which of the following roles is responsible for the review and risk analysis of all the contracts on
regular basis?
A. The IT Service Continuity Manager
B. The Configuration Manager
C. The Supplier Manager
D. The Service Catalogue Manager
Answer: C

EC-COUNCIL examen   312-76 examen   certification 312-76

NO.14 Availability Management deals with the day-to-day availability of services. Which of the following takes
over when a 'disaster' situation occurs?
A. Capacity Management
B. Service Level Management
C. Service Continuity Management
D. Service Reporting
Answer: C

certification EC-COUNCIL   312-76 examen   312-76 examen

NO.15 You are responsible for network and information security at a large hospital. It is a significant concern
that any change to any patient record can be easily traced back to the person who made that change.
What is this called?
A. Availability
B. Non repudiation
C. Confidentiality
D. Data Protection
Answer: B

EC-COUNCIL   312-76   certification 312-76   312-76   312-76 examen

NO.16 Which of the following control measures are considered while creating a disaster recovery plan?
Each correct answer represents a part of the solution. Choose three.
A. Detective measures
B. Supportive measures
C. Corrective measures
D. Preventive measures
Answer: A,C,D

EC-COUNCIL examen   certification 312-76   312-76

NO.17 Which of the following are some of the parts of a project plan?
Each correct answer represents a complete solution. Choose all that apply.
A. Risk identification
B. Team members list
C. Risk analysis
D. Project schedule
Answer: A,B,C,D

EC-COUNCIL   312-76   312-76 examen   certification 312-76   312-76 examen   312-76

NO.18 You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the
network of your company. You develop a signature based on the characteristics of the detected virus.
Which of the following phases in the Incident handling process will utilize the signature to resolve this
incident?
A. Eradication
B. Identification
C. Containment
D. Recovery
Answer: A

EC-COUNCIL   312-76   312-76   certification 312-76

NO.19 Which of the following statements about disaster recovery plan documentation are true?
Each correct answer represents a complete solution. Choose all that apply.
A. The documentation regarding a disaster recovery plan should be stored in backup tapes.
B. The documentation regarding a disaster recovery plan should be stored in floppy disks.
C. The disaster recovery plan documentation should be stored onsite only.
D. The disaster recovery plan documentation should be stored offsite only.
Answer: A,D

certification EC-COUNCIL   certification 312-76   312-76   312-76 examen

NO.20 Which of the following is established during the Business Impact Analysis by the owner of a process in
accepted business continuity planning methodology?
A. Recovery Consistency Objective
B. Recovery Time Objective
C. Recovery Point Objective
D. Recovery Time Actual
Answer: B

EC-COUNCIL   certification 312-76   312-76   certification 312-76

NO.21 Which of the following response teams aims to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote information sharing among members
and the community at large?
A. CERT
B. CSIRT
C. FedCIRC
D. FIRST
Answer: D

certification EC-COUNCIL   312-76   312-76 examen   certification 312-76

NO.22 Mark is the project manager of the HAR Project. The project is scheduled to last for eighteen months
and six months already passed. Management asks Mark that how often the project team is participating in
the risk reassessment of this project. What should Mark tell management if he is following the best
practices for risk management.?
A. At every status meeting of the project team, project risk management is an agenda item.
B. Project risk management happens at every milestone.
C. Project risk management has been concluded with the project planning.
D. Project risk management is scheduled for every month in the 18-month project.
Answer: A

EC-COUNCIL   312-76 examen   312-76   312-76   312-76 examen   312-76

NO.23 Which of the following statements are true about classless routing protocols?
Each correct answer represents a complete solution. Choose two.
A. The same subnet mask is used everywhere on the network.
B. They extend the IP addressing scheme.
C. IGRP is a classless routing protocol.
D. They support VLSM and discontiguous networks.
Answer: B,D

certification EC-COUNCIL   312-76 examen   312-76   312-76   312-76 examen

NO.24 You work as the project manager for Bluewell Inc. Your project has several risks that will affect several
stakeholder requirements. Which project management plan will define who will be available to share
information on the project risks?
A. Communications Management Plan
B. Resource Management Plan
C. Risk Management Plan
D. Stakeholder management strategy
Answer: A

EC-COUNCIL   312-76   312-76   certification 312-76   312-76

NO.25 Pete works as a Network Security Officer for Gentech Inc. He wants to encrypt his network traffic. The
specific requirement for the encryption algorithm is that it must be a symmetric key block cipher. Which of
the following techniques will he use to fulfill this requirement?
A. AES
B. DES
C. IDEA
D. PGP
Answer: B

EC-COUNCIL   312-76   312-76   312-76 examen   certification 312-76

NO.26 Which of the following cryptographic system services assures the receiver that the received message
has not been altered?
A. Authentication
B. Confidentiality
C. Non-repudiation
D. Integrity
Answer: D

EC-COUNCIL examen   312-76   312-76   312-76   312-76   certification 312-76

NO.27 Which of the following tools in Helix Windows Live is used to reveal the database password of password
protected MDB files created using Microsoft Access or with Jet Database Engine?
A. Asterisk logger
B. FAU
C. Access Pass View
D. Galleta
Answer: C

EC-COUNCIL examen   312-76   312-76   312-76   312-76

NO.28 Which of the following types of attacks occurs when an attacker successfully inserts an intermediary
software or program between two communicating hosts?
A. Password guessing attack
B. Dictionary attack
C. Man-in-the-middle attack
D. Denial-of-service attack
Answer: C

EC-COUNCIL   312-76 examen   312-76 examen   certification 312-76   certification 312-76

NO.29 Which of the following options is an intellectual property right to protect inventions?
A. Snooping
B. Patent
C. Copyright
D. Utility model
Answer: D

EC-COUNCIL   312-76   312-76   312-76   312-76

NO.30 Which of the following backup sites takes the longest recovery time?
A. Cold backup site
B. Hot backup site
C. Warm backup site
D. Mobile backup site
Answer: A

EC-COUNCIL examen   certification 312-76   certification 312-76   312-76

Après une longue attente, les documentations de test EC-COUNCIL 312-76 qui combinent tous les efforts des experts de Pas4Test sont finalement sorties. Les documentations de Pass4Test sont bien répandues pendant les candidats. L'outil de formation est réputée par sa haute précision et grade couverture des questions, d'ailleurs, il est bien proche que test réel. Vous pouvez réussir le test EC-COUNCIL 312-76 à la première fois.

312-50 dernières questions d'examen certification EC-COUNCIL et réponses publiés

Pass4Test provide non seulement le produit de qualité, mais aussi le bon service. Si malheureusement vous ne pouvez pas réussir le test, votre argent sera tout rendu. Le service de la mise à jour gratuite est aussi pour vous bien que vous passiez le test Certification.

Nous croyons que pas mal de candidats voient les autres site web qui offrent les ressources de Q&A EC-COUNCIL 312-50. En fait, le Pass4Test est le seul site qui puisse offrir la Q&A recherchée par les experts réputés dans l'Industrie IT. Grâce à la Q&A de Pass4Test impressionée par la bonne qualité, vous pouvez réussir le test EC-COUNCIL 312-50 sans aucune doute.

Aujourd'hui, il y a pleine de professionnels IT dans cette société. Ces professionnels sont bien populaires mais ils ont à être en face d'une grande compétition. Donc beaucoup de professionnels IT se prouver par les tests de Certification très difficile à réussir. Pass4Test est voilà pour offrir un raccourci au succès de test Certification.

Pass4Test est un site qui peut réalise le rêve de beaucoup de professionnels. Pass4Test peut vous donner un coup de main pour réussir le test Certification EC-COUNCIL 312-50 via son guide d'étude. Est-ce que vous vous souciez de test Certification EC-COUNCIL 312-50? Est-ce que vous êtes en cours de penser à chercher quelques Q&As à vous aider? Pass4Test peut résoudre ces problèmes. Les documentations offertes par Pass4Test peuvent vous provider une préparation avant le test plus efficace. Le test de simulation de Pass4Test est presque le même que le test réel. Étudier avec le guide d'étude de Pass4Test, vous pouvez passer le test avec une haute note.

Code d'Examen: 312-50
Nom d'Examen: EC-COUNCIL (Ethical Hacker Certified)
Questions et réponses: 765 Q&As

Selon les feedbacks les professionnels bien réputés dans l'Industrie IT, Pass4Test est un bon catalyseur de leurs succès. L'outil de formation offert par Pass4Test leur aide d'économiser le temps et l'argent, le plus important est qu'ils aient passé le test EC-COUNCIL 312-50 avec succès. Pass4Test est un fournissur fiable. Vous allez réaliser votre rêve avec l'aide de Pass4Test.

Bien qu'il ne soit pas facile à réussir le test EC-COUNCIL 312-50, c'est très improtant à choisir un bon outil de se former. Pass4Test a bien préparé les documentatinos et les exercices pour vous aider à réussir 100% le test. Pass4Test peut non seulement d'être une assurance du succès de votre test EC-COUNCIL 312-50, mais encore à vous aider d'économiser votre temps.

312-50 Démo gratuit à télécharger: http://www.pass4test.fr/312-50.html

NO.1 To what does "message repudiation" refer to what concept in the realm of email
security?
A. Message repudiation means a user can validate which mail server or servers a message
was passed through.
B. Message repudiation means a user can claim damages for a mail message that
damaged their reputation.
C. Message repudiation means a recipient can be sure that a message was sent from a
particular person.
D. Message repudiation means a recipient can be sure that a message was sent from a
certain host.
E. Message repudiation means a sender can claim they did not actually send a particular
message.
Answer: E

EC-COUNCIL examen   312-50   312-50 examen   certification 312-50   certification 312-50

NO.2 How does Traceroute map the route that a packet travels from point A to point B?
A. It uses a TCP Timestamp packet that will elicit a time exceed in transit message.
B. It uses a protocol that will be rejected at the gateways on its way to its destination.
C. It manipulates the value of time to live (TTL) parameter packet to elicit a time
exceeded in transit message.
D. It manipulated flags within packets to force gateways into generating error messages.
Answer: C

EC-COUNCIL   certification 312-50   312-50   312-50   312-50 examen

NO.3 Which of the following activities will NOT be considered as passive footprinting?
A. Go through the rubbish to find out any information that might have been discarded.
B. Search on financial site such as Yahoo Financial to identify assets.
C. Scan the range of IP address found in the target DNS database.
D. Perform multiples queries using a search engine.
Answer: C

EC-COUNCIL   312-50   312-50   312-50   certification 312-50

NO.4 Where should a security tester be looking for information that could be used by an
attacker against an organization? (Select all that apply)
A. CHAT rooms
B. WHOIS database
C. News groups
D. Web sites
E. Search engines
F. Organization's own web site
Answer: A, B, C, D, E, F

EC-COUNCIL   312-50   312-50   certification 312-50

NO.5 What is the essential difference between an 'Ethical Hacker' and a 'Cracker'?
A. The ethical hacker does not use the same techniques or skills as a cracker.
B. The ethical hacker does it strictly for financial motives unlike a cracker.
C. The ethical hacker has authorization from the owner of the target.
D. The ethical hacker is just a cracker who is getting paid.
Answer: C

EC-COUNCIL examen   certification 312-50   312-50 examen   312-50   312-50

NO.6 User which Federal Statutes does FBI investigate for computer crimes involving
e-mail scams and mail fraud?
A. 18 U.S.C 1029 Possession of Access Devices
B. 18 U.S.C 1030 Fraud and related activity in connection with computers
C. 18 U.S.C 1343 Fraud by wire, radio or television
D. 18 U.S.C 1361 Injury to Government Property
E. 18 U.S.C 1362 Government communication systems
F. 18 U.S.C 1831 Economic Espionage Act
G. 18 U.S.C 1832 Trade Secrets Act
Answer: B

EC-COUNCIL   312-50 examen   312-50 examen   312-50

NO.7 Which of the following tools are used for footprinting?(Choose four.
A. Sam Spade
B. NSLookup
C. Traceroute
D. Neotrace
E. Cheops
Answer: A, B, C, D

EC-COUNCIL examen   312-50   certification 312-50   certification 312-50

NO.8 Who is an Ethical Hacker?
A. A person whohacksfor ethical reasons
B. A person whohacksfor an ethical cause
C. A person whohacksfor defensive purposes
D. A person whohacksfor offensive purposes
Answer: C

EC-COUNCIL   312-50   312-50   certification 312-50

NO.9 Which one of the following is defined as the process of distributing incorrect
Internet Protocol (IP) addresses/names with the intent of diverting traffic?
A. Network aliasing
B. Domain Name Server (DNS) poisoning
C. Reverse Address Resolution Protocol (ARP)
D. Port scanning
Answer: B

certification EC-COUNCIL   312-50 examen   certification 312-50   312-50   312-50 examen

NO.10 Your Certkiller trainee Sandra asks you which are the four existing Regional
Internet Registry (RIR's)?
A. APNIC, PICNIC, ARIN, LACNIC
B. RIPE NCC, LACNIC, ARIN, APNIC
C. RIPE NCC, NANIC, ARIN, APNIC
D. RIPE NCC, ARIN, APNIC, LATNIC
Answer: B

certification EC-COUNCIL   312-50 examen   312-50 examen   certification 312-50   312-50 examen   312-50 examen

NO.11 You are footprinting Acme.com to gather competitive intelligence. You visit the
acme.com websire for contact information and telephone number numbers but do
not find it listed there. You know that they had the entire staff directory listed on
their website 12 months ago but now it is not there. How would it be possible for you
to retrieve information from the website that is outdated?
A. Visit google search engine and view the cached copy.
B. Visit Archive.org site to retrieve the Internet archive of the acme website.
C. Crawl the entire website and store them into your computer.
D. Visit the company's partners and customers website for this information.
Answer: B

EC-COUNCIL examen   certification 312-50   312-50

NO.12 Snort has been used to capture packets on the network. On studying the packets, the
penetration tester finds it to be abnormal. If you were the penetration tester, why
would you find this abnormal?
(Note: The student is being tested on concept learnt during passive OS
fingerprinting, basic TCP/IP connection concepts and the ability to read packet
signatures from a sniff dumo.)
05/20-17:06:45.061034 192.160.13.4:31337 -> 172.16.1.101:1
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seq: 0XA1D95 Ack: 0x53 Win: 0x400
...
05/20-17:06:58.685879 192.160.13.4:31337 ->
172.16.1.101:1024
TCP TTL:44 TOS:0x10 ID:242
***FRP** Seg: 0XA1D95 Ack: 0x53 Win: 0x400
What is odd about this attack? (Choose the most appropriate statement)
A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.
B. This is back orifice activity as the scan comes from port 31337.
C. The attacker wants to avoid creating a sub-carrier connection that is not normally
valid.
D. There packets were created by a tool; they were not created by a standard IP stack.
Answer: B

EC-COUNCIL   certification 312-50   312-50   312-50 examen   312-50 examen

NO.13 A very useful resource for passively gathering information about a target company
is:
A. Host scanning
B. Whois search
C. Traceroute
D. Ping sweep
Answer: B

EC-COUNCIL   312-50   312-50   312-50 examen   certification 312-50

NO.14 You are footprinting an organization to gather competitive intelligence. You visit
the company's website for contact information and telephone numbers but do not
find it listed there. You know that they had the entire staff directory listed on their
website 12 months ago but not it is not there.
How would it be possible for you to retrieve information from the website that is
outdated?
A. Visit google's search engine and view the cached copy.
B. Visit Archive.org web site to retrieve the Internet archive of the company's website.
C. Crawl the entire website and store them into your computer.
D. Visit the company's partners and customers website for this information.
Answer: B

EC-COUNCIL   312-50 examen   312-50   312-50 examen   312-50 examen

NO.15 What is "Hacktivism"?
A. Hacking for a cause
B. Hacking ruthlessly
C. An association which groups activists
D. None of the above
Answer: A

EC-COUNCIL   certification 312-50   312-50   312-50   312-50 examen

NO.16 What does the term "Ethical Hacking" mean?
A. Someone who is hacking for ethical reasons.
B. Someone who is using his/her skills for ethical reasons.
C. Someone who is using his/her skills for defensive purposes.
D. Someone who is using his/her skills for offensive purposes.
Answer: C

EC-COUNCIL examen   312-50 examen   certification 312-50

NO.17 What are the two basic types of attacks?(Choose two.
A. DoS
B. Passive
C. Sniffing
D. Active
E. Cracking
Answer: B, D

EC-COUNCIL   312-50 examen   312-50   312-50   312-50 examen

NO.18 A Certkiller security System Administrator is reviewing the network system log files.
He notes the following:
- Network log files are at 5 MB at 12:00 noon.
-At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?
A. He should contact the attacker's ISP as soon as possible and have the connection
disconnected.
B. He should log the event as suspicious activity, continue to investigate, and take further
steps according to site security policy.
C. He should log the file size, and archive the information, because the router crashed.
D. He should run a file system check, because the Syslog server has a self correcting file
system problem.
E. He should disconnect from the Internet discontinue any further unauthorized use,
because an attack has taken place.
Answer: B

EC-COUNCIL examen   312-50 examen   certification 312-50

NO.19 You receive an email with the following message:
Hello Steve,
We are having technical difficulty in restoring user database record after the recent
blackout. Your account data is corrupted. Please logon to the SuperEmailServices.com
and change your password.
http://www.supermailservices.com@0xde.0xad.0xbe.0xef/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently
disabled locking you out from our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that this message was sent by some hacker since you
have been using their e-mail services for the last 2 years and they have never sent
out an e-mail such as this. You also observe the URL in the message and confirm
your suspicion about 0xde.0xad.0xbde.0xef which looks like hexadecimal numbers.
You immediately enter the following at Windows 2000 command prompt:
Ping0xde.0xad.0xbe.0xef
You get a response with a valid IP address.
What is the obstructed IP address in the e-mail URL?
A. 222.173.190.239
B. 233.34.45.64
C. 54.23.56.55
D. 199.223.23.45
Answer: A

EC-COUNCIL   312-50 examen   312-50   312-50 examen

NO.20 According to the CEH methodology, what is the next step to be performed after
footprinting?
A. Enumeration
B. Scanning
C. System Hacking
D. Social Engineering
E. Expanding Influence
Answer: B

EC-COUNCIL examen   312-50 examen   312-50 examen   312-50   312-50   312-50 examen

Tant que vous avez besion de participer l'examen, nous pouvons toujours mettre à jour de matériaux à propos de test Certification EC-COUNCIL 312-50. Le guide d'étude de Pass4Test comprend les excercices de EC-COUNCIL 312-50 et la Q&A qui peut vous permetrre à réussir 100% le test EC-COUNCIL 312-50. Vous pouvez faire une meilleure préparation pour le test. D'ailleurs, la mise à jour pendant un an après vendre est gratuite pour vous.

Les meilleures EC-COUNCIL 312-50v7 examen pratique questions et réponses

Il faut une bonne préparation et aussi une série de connaissances professionnelles complètes pour réussir le test EC-COUNCIL 312-50v7. La ressourece providée par Pass4Test peut juste s'accorder votre demande.

Aujourd'hui, c'est une société pleine de gens talentueux, la meilleure façon de suivre et assurer la place dans votre carrière est de s'améliorer sans arrêt. Si vous n'augmentez pas dans votre carrière, vous êtes juste sous-développé parce que les autres sont meilleurs que vous. Pour éviter ce cas, vous devez vous former successivement.

Code d'Examen: 312-50v7
Nom d'Examen: EC-COUNCIL (Ethical Hacking and Countermeasures (CEHv7))
Questions et réponses: 514 Q&As

Le guide d'étude sorti de Pass4Test comprend les expériences résumées par nos experts, les matériaux et les Q&As à propos de test Certification EC-COUNCIL 312-50v7. Notre bonne réputation dans l'industrie IT sera une assurance 100% à réussir le test EC-COUNCIL 312-50v7. Afin de vous permettre de choisir Pass4Test, vous pouvez télécharger gratuitement le démo de Q&A tout d'abord.

Pass4Test est un bon site qui provide la façon efficace à se former à court terme pour réussir le test EC-COUNCIL 312-50v7, c'est un certificat qui peut améliorer le niveau de vie. Les gens avec le Certificat gagent beaucoup plus que les gens sans Certificat EC-COUNCIL 312-50v7. Vous aurez une space plus grande à se développer.

Pass4Test est un seul site de provider le guide d'étude EC-COUNCIL 312-50v7 de qualité. Peut-être que vous voyiez aussi les Q&A EC-COUNCIL 312-50v7 dans autres sites, mais vous allez découvrir laquelle est plus complète. En fait, Pass4Test est aussi une resource de Q&A pour les autres site web.

Vous pouvez trouver un meilleur boulot dans l'industrie IT à travers d'obtenir le test EC-COUNCIL 312-50v7, la voie à la réussite de votre professionnel sera ouverte pour vous.

312-50v7 Démo gratuit à télécharger: http://www.pass4test.fr/312-50v7.html

NO.1 How do you defend against ARP Spoofing? Select three.
A. Use ARPWALL system and block ARP spoofing attacks
B. Tune IDS Sensors to look for large amount of ARP traffic on local subnets
C. Use private VLANS
D. Place static ARP entries on servers, workstation and routers
Answer: A,C,D

EC-COUNCIL examen   certification 312-50v7   certification 312-50v7   certification 312-50v7   certification 312-50v7

NO.2 Which of the following countermeasure can specifically protect against both the MAC Flood and MAC
Spoofing attacks?
A. Configure Port Security on the switch
B. Configure Port Recon on the switch
C. Configure Switch Mapping
D. Configure Multiple Recognition on the switch
Answer: A

EC-COUNCIL examen   312-50v7   312-50v7 examen   312-50v7   312-50v7

NO.3 The following script shows a simple SQL injection. The script builds an SQL query by concatenating
hard-coded strings together with a string entered by the user: The user is prompted to enter the name of a
city on a Web form. If she enters Chicago, the query assembled by the script looks similar to the following:
SELECT * FROM OrdersTable WHERE ShipCity = 'Chicago'
How will you delete the OrdersTable from the database using SQL Injection?
A. Chicago'; drop table OrdersTable -
B. Delete table'blah'; OrdersTable -
C. EXEC; SELECT * OrdersTable > DROP -
D. cmdshell'; 'del c:\sql\mydb\OrdersTable' //
Answer: A

EC-COUNCIL   312-50v7 examen   312-50v7   312-50v7   312-50v7

NO.4 This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the
IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it
reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments
itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique
called?
A. IP Routing or Packet Dropping
B. IDS Spoofing or Session Assembly
C. IP Fragmentation or Session Splicing
D. IP Splicing or Packet Reassembly
Answer: C

EC-COUNCIL   312-50v7   312-50v7   312-50v7 examen

NO.5 Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie
recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administrator from Brown Co.
Jack tells Jane that there has been a problem with some accounts and asks her to verify her password
with him ''just to double check our records.'' Jane does not suspect anything amiss, and parts with her
password. Jack can now access Brown Co.'s computers with a valid user name and password, to steal
the cookie recipe. What kind of attack is being illustrated here?
A. Reverse Psychology
B. Reverse Engineering
C. Social Engineering
D. Spoofing Identity
E. Faking Identity
Answer: C

EC-COUNCIL examen   312-50v7   certification 312-50v7   312-50v7   312-50v7 examen

NO.6 How do you defend against Privilege Escalation?
A. Use encryption to protect sensitive data
B. Restrict the interactive logon privileges
C. Run services as unprivileged accounts
D. Allow security settings of IE to zero or Low
E. Run users and applications on the least privileges
Answer: A,B,C,E

certification EC-COUNCIL   312-50v7   312-50v7

NO.7 What does ICMP (type 11, code 0) denote?
A. Source Quench
B. Destination Unreachable
C. Time Exceeded
D. Unknown Type
Answer: C

EC-COUNCIL examen   certification 312-50v7   312-50v7   312-50v7 examen   312-50v7 examen

NO.8 SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and
opens a large number of half-open TCP connections. The signature of attack for SYN Flood contains:
A. The source and destination address having the same value
B. A large number of SYN packets appearing on a network without the corresponding reply packets
C. The source and destination port numbers having the same value
D. A large number of SYN packets appearing on a network with the corresponding reply packets
Answer: B

EC-COUNCIL examen   certification 312-50v7   certification 312-50v7

NO.9 Which of the following type of scanning utilizes automated process of proactively identifying
vulnerabilities of the computing systems present on a network?
A. Port Scanning
B. Single Scanning
C. External Scanning
D. Vulnerability Scanning
Answer: D

EC-COUNCIL   312-50v7   312-50v7   312-50v7 examen

NO.10 This type of Port Scanning technique splits TCP header into several packets so that the packet filters
are not able to detect what the packets intends to do.
A. UDP Scanning
B. IP Fragment Scanning
C. Inverse TCP flag scanning
D. ACK flag scanning
Answer: B

EC-COUNCIL   312-50v7   certification 312-50v7   312-50v7 examen

NO.11 Anonymizer sites access the Internet on your behalf, protecting your personal information from
disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you,
enabling you to remain at least one step removed from the sites you visit.
You can visit Web sites without allowing anyone to gather information on sites visited by you. Services
that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address.
These services typically use a proxy server to process each HTTP request. When the user requests a
Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the
information using its own server. The remote server (where the requested Web page resides) receives
information on the anonymous Web surfing service in place of your information.
In which situations would you want to use anonymizer? (Select 3 answers)
A. Increase your Web browsing bandwidth speed by using Anonymizer
B. To protect your privacy and Identity on the Internet
C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want
to visit.
D. Post negative entries in blogs without revealing your IP identity
Answer: B,C,D

certification EC-COUNCIL   312-50v7   312-50v7   312-50v7 examen   312-50v7 examen

NO.12 If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of
business, they just have to find a job opening, prepare someone to pass the interview, have that person
hired, and they will be in the organization.
How would you prevent such type of attacks?
A. It is impossible to block these attacks
B. Hire the people through third-party job agencies who will vet them for you
C. Conduct thorough background checks before you engage them
D. Investigate their social networking profiles
Answer: C

certification EC-COUNCIL   312-50v7   312-50v7   312-50v7   certification 312-50v7

NO.13 Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT
security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently
underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company
came out with an exact duplicate product right before Kiley Innovators was about to release it. The
executive team believes that an employee is leaking information to the rival company. Lori questions all
employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given
permission to search through the corporate email system. She searches by email being sent to and sent
from the rival marketing company.
She finds one employee that appears to be sending very large email to this other marketing company,
even though they should have no reason to be communicating with them. Lori tracks down the actual
emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly
harmless, usually containing some kind of joke. Lori decides to use some special software to further
examine the pictures and finds that each one had hidden text that was stored in each picture.
What technique was used by the Kiley Innovators employee to send information to the rival marketing
company?
A. The Kiley Innovators employee used cryptography to hide the information in the emails sent
B. The method used by the employee to hide the information was logical watermarking
C. The employee used steganography to hide information in the picture attachments
D. By using the pictures to hide information, the employee utilized picture fuzzing
Answer: C

EC-COUNCIL   certification 312-50v7   312-50v7   312-50v7

NO.14 TCP SYN Flood attack uses the three-way handshake mechanism.
An attacker at system A sends a SYN packet to victim at system B.
System B sends a SYN/ACK packet to victim A.
As a normal three-way handshake mechanism system A should send an ACK packet to system B,
however, system A does not send an ACK packet to system B. In this case client B is waiting for an ACK
packet from client A.
This status of client B is called _________________
A. "half-closed"
B. "half open"
C. "full-open"
D. "xmas-open"
Answer: B

EC-COUNCIL   312-50v7   312-50v7   certification 312-50v7

NO.15 What type of attack is shown in the following diagram?
A. Man-in-the-Middle (MiTM) Attack
B. Session Hijacking Attack
C. SSL Spoofing Attack
D. Identity Stealing Attack
Answer: A

EC-COUNCIL   certification 312-50v7   certification 312-50v7

NO.16 More sophisticated IDSs look for common shellcode signatures. But even these systems can be
bypassed, by using polymorphic shellcode. This is a technique common among virus writers ?it basically
hides the true nature of the shellcode in different disguises.
How does a polymorphic shellcode work?
A. They encrypt the shellcode by XORing values over the shellcode, using loader code to decrypt the
shellcode, and then executing the decrypted shellcode
B. They convert the shellcode into Unicode, using loader to convert back to machine code then executing
them
C. They reverse the working instructions into opposite order by masking the IDS signatures
D. They compress shellcode into normal instructions, uncompress the shellcode using loader code and
then executing the shellcode
Answer: A

certification EC-COUNCIL   certification 312-50v7   certification 312-50v7   312-50v7 examen   312-50v7

NO.17 You are the security administrator of Jaco Banking Systems located in Boston. You are setting up
e-banking website (http://www.ejacobank.com) authentication system. Instead of issuing banking
customer with a single password, you give them a printed list of 100 unique passwords. Each time the
customer needs to log into the e-banking system website, the customer enters the next password on the
list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no
damage is done because the password will not be accepted a second time. Once the list of 100
passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail
to the customer.
You are confident that this security implementation will protect the customer from password abuse.
Two months later, a group of hackers called "HackJihad" found a way to access the one-time password
list issued to customers of Jaco Banking Systems. The hackers set up a fake website
(http://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake
website asked users for their e-banking username and password, and the next unused entry from their
one-time password sheet. The hackers collected 200 customer's username/passwords this way. They
transferred money from the customer's bank account to various offshore accounts.
Your decision of password policy implementation has cost the bank with USD 925,000 to hackers. You
immediately shut down the e-banking website while figuring out the next best security solution
What effective security solution will you recommend in this case?
A. Implement Biometrics based password authentication system. Record the customers face image to the
authentication database
B. Configure your firewall to block logon attempts of more than three wrong tries
C. Enable a complex password policy of 20 characters and ask the user to change the password
immediately after they logon and do not store password histories
D. Implement RSA SecureID based authentication system
Answer: D

EC-COUNCIL   certification 312-50v7   312-50v7   certification 312-50v7   312-50v7

NO.18 You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services
running on ports 21, 110 and 123.
Here is the output of your scan results:
Which of the following nmap command did you run?
A. nmap -A -sV -p21,110,123 10.0.0.5
B. nmap -F -sV -p21,110,123 10.0.0.5
C. nmap -O -sV -p21,110,123 10.0.0.5
D. nmap -T -sV -p21,110,123 10.0.0.5
Answer: C

EC-COUNCIL examen   312-50v7 examen   certification 312-50v7

NO.19 Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to
create or alter SQL commands to gain access to private data or execute commands in the database.
What technique does Jimmy use to compromise a database.?
A. Jimmy can submit user input that executes an operating system command to compromise a target
system
B. Jimmy can gain control of system to flood the target system with requests, preventing legitimate users
from gaining access
C. Jimmy can utilize an incorrect configuration that leads to access with higher-than expected privilege of
the database
D. Jimmy can utilize this particular database threat that is an SQL injection technique to penetrate a target
system
Answer: D

certification EC-COUNCIL   312-50v7   312-50v7   312-50v7 examen

NO.20 Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order
to find some information about the target they are attempting to penetrate. How would you call this type of
activity?
A. Dumpster Diving
B. Scanning
C. CI Gathering
D. Garbage Scooping
Answer: A

EC-COUNCIL   312-50v7   certification 312-50v7   312-50v7

Selon les feedbacks les professionnels bien réputés dans l'Industrie IT, Pass4Test est un bon catalyseur de leurs succès. L'outil de formation offert par Pass4Test leur aide d'économiser le temps et l'argent, le plus important est qu'ils aient passé le test EC-COUNCIL 312-50v7 avec succès. Pass4Test est un fournissur fiable. Vous allez réaliser votre rêve avec l'aide de Pass4Test.

Meilleur EC-COUNCIL EC0-350 test formation guide

Certification EC-COUNCIL EC0-350 est un des tests plus importants dans le système de Certification EC-COUNCIL. Les experts de Pass4Test profitent leurs expériences et connaissances professionnelles à rechercher les guides d'étude à aider les candidats du test EC-COUNCIL EC0-350 à réussir le test. Les Q&As offertes par Pass4Test vous assurent 100% à passer le test. D'ailleurs, la mise à jour pendant un an est gratuite.

Le test simulation EC-COUNCIL EC0-350 sorti par les experts de Pass4Test est bien proche du test réel. Nous sommes confiant sur notre produit qui vous permet à réussir le test EC-COUNCIL EC0-350 à la première fois. Si vous ne passe pas le test, votre argent sera tout rendu.

Code d'Examen: EC0-350
Nom d'Examen: EC-COUNCIL (Ethical hacking and countermeasures)
Questions et réponses: 878 Q&As

Il y a nombreux façons à vous aider à réussir le test EC-COUNCIL EC0-350. Le bon choix est l'assurance du succès. Pass4Test peut vous offrir le bon outil de formation, lequel est une documentation de qualité. La Q&A de test EC-COUNCIL EC0-350 est recherchée par les experts selon le résumé du test réel. Donc l'outil de formation est de qualité et aussi autorisé, votre succès du test EC-COUNCIL EC0-350 peut bien assuré. Nous allons mettre le jour successivement juste pour répondre les demandes de tous candidats.

Le test de Certification EC-COUNCIL EC0-350 devient de plus en plus chaud dans l'Industrie IT. En fait, ce test demande beaucoup de travaux pour passer. Généralement, les gens doivent travailler très dur pour réussir.

L'équipe de Pass4Test autorisée offre sans arrêt les bonnes resources aux candidats de test Certification EC-COUNCIL EC0-350. Les documentations particulièrement visée au test EC-COUNCIL EC0-350 aide beaucoup de candidats. La Q&A de la version plus nouvelle est lancée maintenant. Vous pouvez télécharger le démo gratuit en Internet. Généralement, vous pouvez réussir le test 100% avec l'aide de Pass4Test, c'est un fait preuvé par les professionnels réputés IT. Ajoutez le produit au panier, vous êtes l'ensuite à réussir le test EC-COUNCIL EC0-350.

La grande couverture, la bonne qualité et la haute précision permettent le Pass4Test à avancer les autre sites web. Donc le Pass4Test est le meilleur choix et aussi l'assurance pour le succès de test EC-COUNCIL EC0-350.

EC0-350 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-350.html

NO.1 What file system vulnerability does the following command take advantage of? type
c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
A.HFS
B.ADS
C.NTFS
D.Backdoor access
Correct:B

EC-COUNCIL   EC0-350 examen   EC0-350

NO.2 Why is Social Engineering considered attractive by hackers and commonly done by experts in
the field?
A.It is not considered illegal
B.It is done by well-known hackers
C.It is easy and extremely effective to gain information
D.It does not require a computer in order to commit a crime
Correct:C

EC-COUNCIL   EC0-350 examen   EC0-350

NO.3 Maurine is working as a security consultant for Hinklemeir Associates.She has asked the
Systems Administrator to create a group policy that would not allow null sessions on the network.
The Systems Administrator is fresh out of college and has never heard of null sessions and does
not know what they are used for. Maurine is trying to explain to the Systems Administrator that
hackers will try to create a null session when footprinting the network. Why would an attacker try
to create a null session with a computer on a network?
A.Enumerate users and shares
B.Install a backdoor for later attacks
C.Escalate his/her privileges on the target server
D.To create a user with administrative privileges for later use
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.4 A program that defends against a port scanner will attempt to:
A.Sends back bogus data to the port scanner
B.Log a violation and recommend use of security-auditing tools
C.Limit access by the scanning system to publicly available ports only
D.Update a firewall rule in real time to prevent the port scan from being completed
Correct:D

EC-COUNCIL   EC0-350 examen   EC0-350

NO.5 Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to
allow a host outside of a firewall to connect transparently and securely through the firewall. He
wonders if his firewall has been breached. What would be your inference?
A.Eric's network has been penetrated by a firewall breach
B.The attacker is using the ICMP protocol to have a covert channel
C.Eric has a Wingate package providing FTP redirection on his network
D.Somebody is using SOCKS on the network to communicate through the firewall
Correct:D

EC-COUNCIL   EC0-350 examen   EC0-350

NO.6 Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been
able to spawn an interactive shell and plans to deface the main web page. He first attempts to use
the "Echo" command to simply overwrite index.html and remains unsuccessful. He then attempts
to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in
which also he remains unsuccessful. What is the probable cause of Bill's problem?
A.The system is a honeypot
B.The HTML file has permissions of read only
C.You cannot use a buffer overflow to deface a web page
D.There is a problem with the shell and he needs to run the attack again
Correct:B

EC-COUNCIL   EC0-350 examen   EC0-350

NO.7 Lori has just been tasked by her supervisor toonduct vulnerability scan on the corporate
network.She has been instructed to perform a very thorough test of the network to ensure that
there are no security holes on any of the machines.Lori's company does not own any commercial
scanning products, so she decides to download a free one off the Internet.Lori has never done a
vulnerability scan before, so she is unsure of some of the settings available in the software she
downloaded.One of the options is to choose which ports that can be scanned.Lori wants to do
exactly what her boss has told her, but she does not know what ports should be scanned. If Lori is
supposed to scan all known TCP ports, how many ports should she select in the software?
A.65536
B.1024
C.1025
D.Lori should not scan TCP ports, only UDP ports
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.8 Travis works primarily from home as a medical transcriptionist. He just bought a brand new
Dual Core Pentium computer with over 3 GB of RAM. He uses voice recognition software to help
him transfer what he dictates to electronic documents. The voice recognition software is
processor intensive, which is why he bought the new computer. Travis frequently has to get on
the Internet to do research on what he is working on. After about two months of working on his
new computer, he notices that it is not running nearly as fast as it used to. Travis uses antivirus
software, anti-spyware software, and always keeps the computer up-to-date with Microsoft
patches. After another month of working on the computer, Travis' computer is even more
noticeably slow. Every once in awhile, Travis also notices a window or two pop-up on his screen,
but they quickly disappear.He has seen these windows show up, even when he has not been on
the Internet. Travis is really worried about his computer because he spent a lot of money on it, and
he depends on it to work. Travis scans his computer with all kinds of software, and cannot find
anything out of the ordinary. Travis decides to go through Windows Explorer and check out the
file system, folder by folder, to see if there is anything he can find. He spends over four hours
pouring over the files and folders and cannot find anything.But, before he gives up, he notices
that his computer only has about 10 GB of free space available.Since his hard drive is a 200 GB
hard drive, Travis thinks this is very odd. Travis downloads Space Monger and adds up the sizes
for all the folders and files on his computer. According to his calculations, he should have around
150 GB of free space. What is mostly likely the cause of Travis' problems?
A.Travis's computer is infected with stealth kernel level rootkit
B.Travis's computer is infected with Stealth Trojan Virus
C.Travis's computer is infected with Self-Replication Worm that fills the hard disk space
D.Logic Bomb is triggered at random times creating hidden data consuming junk files
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.9 Which of the following built-in C/C++ functions you should avoid to prevent your program from
buffer overflow attacks?
A.strcpy()
B.strcat()
C.streadd()
D.strsock()
Correct:A B C

EC-COUNCIL   EC0-350 examen   EC0-350

NO.10 After a client sends a connection request (SYN) packet to the server, the server will respond
(SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by
the client. This sequence number is predictable; the attack connects to a service first with its own
IP address, records the sequence number chosen, and then opens a second connection from a
forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but
can guess the correct responses. If the source IP address is used for authentication, then the
attacker can use the one-sided communication to break into the server. What attacks can you
successfully launch against a server using the above technique?
A.Session Hijacking attacks
B.Denial of Service attacks
C.Web page defacement attacks
D.IP spoofing attacks
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.11 A client has approached you with a penetration test requirement. They are concerned with the
possibility of external threat, and have invested considerable resources in protecting their
Internet exposure. However, their main concern is the possibility of an employee elevating his/her
privileges and gaining access to information outside of their department. What kind of penetration
test would you recommend that would best address the client's concern?
A.A Grey Hat test
B.A Grey Box test
C.A Black Hat test
D.A White Hat test
E.A Black Box test
F.A White Box test
Correct:B

EC-COUNCIL   EC0-350 examen   EC0-350

NO.12 Which programming language is NOT vulnerable to buffer overflow attacks?
A.Java
B.ActiveX
C.C++
D.Assembly Language
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.13 Bob is acknowledged as a hacker of repute and is popular among visitors of 'underground' sites.
Bob is willing to share his knowledge to those who are willing to learn, and many have expressed
their interest in learning from him. However, this knowledge has risks associated with it, as the
same knowledge can be used for malevolent attacks as well. In this context, what would be the
most effective method to bridge the knowledge gap between the "black" hats or crackers and the
"white" hats or computer security professionals?
A.Hire more computer security monitoring personnel to monitor computer systems and networks
B.Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards
C.Train more national guard and reservist in the art of computer security to help out in times of emergency
or crises
D.Make obtaining either a computer security certification or accreditation easier to achieve so more
individuals feel that they are a part of something larger than life
Correct:B

EC-COUNCIL   EC0-350 examen   EC0-350

NO.14 Clive is conducting a pen-test and has just port scanned a system on the network. He has
identified the operating system as Linux and been able to elicit responses from ports 23, 25 and
53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as
running DNS service. The client confirms these findings and attests to the current availability of
the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On
typing other commands, he sees only blank spaces or underscores symbols on the screen. What
are you most likely to infer from this?
A.The services are protected by TCP wrappers
B.There is a honeypot running on the scanned machine
C.An attacker has replaced the services with trojaned ones
D.This indicates that the telnet and SMTP server have crashed
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.15 What type of port scan is shown below? Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23 192.5.2.92:4079 <----NO
RESPONSE------192.5.2.110:23 Scan directed at closed port: ClientServer 192.5.2.92:4079
---------FIN--------->192.5.2.110:23 192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
A.Idle Scan
B.FIN Scan
C.XMAS Scan
D.Windows Scan
Correct:B

EC-COUNCIL   EC0-350 examen   EC0-350

NO.16 Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his
firewall to block password brute force attempts on his network. He enables blocking the intruder's
IP address for a period of 24 hours time after more than three unsuccessful attempts. He is
confident that this rule will secure his network from hackers on the Internet. But he still receives
hundreds of thousands brute-force attempts generated from various IP addresses around the
world. After some investigation he realizes that the intruders are using a proxy somewhere else
on the Internet which has been scripted to enable the random usage of various proxies on each
request so as not to get caught by the firewall rule. Later he adds another rule to his firewall and
enables small sleep on the password attempt so that if the password is incorrect, it would take 45
seconds to return to the user to begin another attempt. Since an intruder may use multiple
machines to brute force the password, he also throttles the number of connections that will be
prepared to accept from a particular IP address. This action will slow the intruder's attempts.
Samuel wants to completely block hackers brute force attempts on his network. What are the
alternatives to defending against possible brute-force password attacks on his site?
A.Enforce a password policy and use account lockouts after three wrong logon attempts even though this
might lock out legit users
B.Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the
intruder so that you can block them at the Firewall manually
C.Enforce complex password policy on your network so that passwords are more difficult to brute force
D.You cannot completely block the intruders attempt if they constantly switch proxies
Correct:D

EC-COUNCIL   EC0-350 examen   EC0-350

NO.17 Samantha has been actively scanning the client network for which she is doing a vulnerability
assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What
protocol is most likely to be listening on those ports?
A.FTP
B.SMB
C.Finger
D.Samba
Correct:B

EC-COUNCIL   EC0-350 examen   EC0-350

NO.18 Bill has started to notice some slowness on his network when trying to update his company's
website and while trying to access the website from the Internet. Bill asks the help desk manager
if he has received any calls about slowness from the end users, but the help desk manager says
that he has not. Bill receives a number of calls from customers that cannot access the company
website and cannot purchase anything online. Bill logs on to a couple of his routers and notices
that the logs show network traffic is at an all time high.?He also notices that almost all the traffic
is originating from a specific address. Bill decides to use Geotrace to find out where the suspect
IP is originates from. The Geotrace utility runs a traceroute and finds that the IP is coming from
Panama.?Bill knows that none of his customers are in Panama so he immediately thinks that his
company is under a Denial of Service attack. Now Bill needs to find out more about the originating
IP address. What Internet registry should Bill look in to find the IP address?
A.LACNIC
B.ARIN
C.RIPE LACNIC
D.APNIC
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.19 Mark works as a contractor for the Department of Defense and is in charge of network security.
He has spent the last month securing access to his network from all possible entry points. He has
segmented his network into several subnets and has installed firewalls all over the network. He
has placed very stringent rules on all the firewalls, blocking everything in and out except ports
that must be used. He does need to have port 80 open since his company hosts a website that
must be accessed from the Internet. Mark is fairly confident of his perimeter defenses, but is still
worried about programs like Hping2 that can get into a network through covert channels. How
should mark protect his network from an attacker using Hping2 to scan his internal network?
A.Block ICMP type 13 messages
B.Block all incoming traffic on port 53
C.Block all outgoing traffic on port 53
D.Use stateful inspection on the firewalls
Correct:A

EC-COUNCIL   EC0-350 examen   EC0-350

NO.20 What is the purpose of firewalking?
A.It's a technique used to map routers on a network link
B.It's a technique used to discover Wireless network on foot
C.It's a technique used to discover interface in promiscuous mode
D.It's a technique used to discover what rules are configured on a gateway
Correct:D

EC-COUNCIL   EC0-350 examen   EC0-350

Les produits de Pass4Test a une bonne qualité, et la fréquence de la mise à jour est bien impressionnée. Si vous avez déjà choisi la Q&A de Pass4Test, vous n'aurez pas le problème à réussir le test EC-COUNCIL EC0-350.

Certification EC-COUNCIL de téléchargement gratuit pratique d'examen EC0-350, questions et réponses

Pas besoin de beaucoup d'argent et de temps, vous pouvez passer le test EC-COUNCIL EC0-350 juste avec la Q&A de EC-COUNCIL EC0-350 offerte par Pass4Test qui vous offre le test simulation bien proche de test réel.

Le Pass4Past possède une équipe d'élite qui peut vous offrir à temps les matériaux de test Certification EC-COUNCIL EC0-350. En même temps, nos experts font l'accent à mettre rapidement à jour les Questions de test Certification IT. L'important est que Pass4Test a une très bonne réputation dans l'industrie IT. Bien que l'on n'ait pas beaucoup de chances à réussir le test de EC0-350, Pass4Test vous assure à passer ce test par une fois grâce à nos documentations avec une bonne précision et une grande couverture.

Choisir le Pass4Test vous permet non seulement à réussir le test EC-COUNCIL EC0-350, mais encore à enjouir le service en ligne 24h et la mise à jour gratuite pendant un an. Nous allons lancer au premier temps la Q&A EC-COUNCIL EC0-350 plus nouvelle. Si vous ne passez pas le test, votre argent sera tout rendu.

Pass4Test est un site particulier à offrir les guides de formation à propos de test certificat IT. La version plus nouvelle de Q&A EC-COUNCIL EC0-350 peut répondre sûrement une grande demande des candidats. Comme tout le monde le connait, le certificat EC-COUNCIL EC0-350 est un point important pendant l'interview dans les grandes entreprises IT. Ça peut expliquer un pourquoi ce test est si populaire. En même temps, Pass4Test est connu par tout le monde. Choisir le Pass4Test, choisir le succès. Votre argent sera tout rendu si malheureusement vous ne passe pas le test EC-COUNCIL EC0-350.

Code d'Examen: EC0-350

Nom d'Examen: EC-COUNCIL (Ethical hacking and countermeasures)

Questions et réponses: 878 Q&As

Les spécialistes d'expérience de Pass4Test ont fait une formation ciblée au test EC-COUNCIL EC0-350. Cet outil de formation est convenable pour les candidats de test EC-COUNCIL EC0-350. Pass4Test n'offre que les produits de qualité. Vous aurez une meilleure préparation à passer le test avec l'aide de Pass4Test.

On doit faire un bon choix pour passer le test EC-COUNCIL EC0-350. C'est une bonne affaire à choisir la Q&A de Pass4Test comme le guide d'étude, parce que vous allez obtenir la Certification EC-COUNCIL EC0-350 en dépensant d'un petit invertissement. D'ailleur, la mise à jour gratuite pendant un an est aussi gratuite pour vous. C'est vraiment un bon choix.

Les experts de Pass4Test ont fait sortir un nouveau guide d'étude de Certification EC-COUNCIL EC0-350, avec ce guide d'étude, réussir ce test a devenu une chose pas difficile. Pass4Test vous permet à réussir 100% le test EC-COUNCIL EC0-350 à la première fois. Les questions et réponses vont apparaître dans le test réel. Pass4Test peut vous donner une Q&A plus complète une fois que vous choisissez nous. D'ailleurs, la mise à jour gratuite pendant un an est aussi disponible pour vous.

EC0-350 Démo gratuit à télécharger: http://www.pass4test.fr/EC0-350.html

NO.1 Lori has just been tasked by her supervisor toonduct vulnerability scan on the corporate
network.She has been instructed to perform a very thorough test of the network to ensure that
there are no security holes on any of the machines.Lori's company does not own any commercial
scanning products, so she decides to download a free one off the Internet.Lori has never done a
vulnerability scan before, so she is unsure of some of the settings available in the software she
downloaded.One of the options is to choose which ports that can be scanned.Lori wants to do
exactly what her boss has told her, but she does not know what ports should be scanned. If Lori is
supposed to scan all known TCP ports, how many ports should she select in the software?
A.65536
B.1024
C.1025
D.Lori should not scan TCP ports, only UDP ports
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.2 Samantha has been actively scanning the client network for which she is doing a vulnerability
assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What
protocol is most likely to be listening on those ports?
A.FTP
B.SMB
C.Finger
D.Samba
Correct:B

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.3 Bill has started to notice some slowness on his network when trying to update his company's
website and while trying to access the website from the Internet. Bill asks the help desk manager
if he has received any calls about slowness from the end users, but the help desk manager says
that he has not. Bill receives a number of calls from customers that cannot access the company
website and cannot purchase anything online. Bill logs on to a couple of his routers and notices
that the logs show network traffic is at an all time high.?He also notices that almost all the traffic
is originating from a specific address. Bill decides to use Geotrace to find out where the suspect
IP is originates from. The Geotrace utility runs a traceroute and finds that the IP is coming from
Panama.?Bill knows that none of his customers are in Panama so he immediately thinks that his
company is under a Denial of Service attack. Now Bill needs to find out more about the originating
IP address. What Internet registry should Bill look in to find the IP address?
A.LACNIC
B.ARIN
C.RIPE LACNIC
D.APNIC
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.4 What type of port scan is shown below? Scan directed at open port: ClientServer
192.5.2.92:4079 ---------FIN--------->192.5.2.110:23 192.5.2.92:4079 <----NO
RESPONSE------192.5.2.110:23 Scan directed at closed port: ClientServer 192.5.2.92:4079
---------FIN--------->192.5.2.110:23 192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23
A.Idle Scan
B.FIN Scan
C.XMAS Scan
D.Windows Scan
Correct:B

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.5 Which of the following built-in C/C++ functions you should avoid to prevent your program from
buffer overflow attacks?
A.strcpy()
B.strcat()
C.streadd()
D.strsock()
Correct:A B C

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.6 What is the purpose of firewalking?
A.It's a technique used to map routers on a network link
B.It's a technique used to discover Wireless network on foot
C.It's a technique used to discover interface in promiscuous mode
D.It's a technique used to discover what rules are configured on a gateway
Correct:D

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.7 Clive is conducting a pen-test and has just port scanned a system on the network. He has
identified the operating system as Linux and been able to elicit responses from ports 23, 25 and
53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as
running DNS service. The client confirms these findings and attests to the current availability of
the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On
typing other commands, he sees only blank spaces or underscores symbols on the screen. What
are you most likely to infer from this?
A.The services are protected by TCP wrappers
B.There is a honeypot running on the scanned machine
C.An attacker has replaced the services with trojaned ones
D.This indicates that the telnet and SMTP server have crashed
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.8 Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been
able to spawn an interactive shell and plans to deface the main web page. He first attempts to use
the "Echo" command to simply overwrite index.html and remains unsuccessful. He then attempts
to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in
which also he remains unsuccessful. What is the probable cause of Bill's problem?
A.The system is a honeypot
B.The HTML file has permissions of read only
C.You cannot use a buffer overflow to deface a web page
D.There is a problem with the shell and he needs to run the attack again
Correct:B

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.9 Samuel is the network administrator of DataX Communications, Inc. He is trying to configure his
firewall to block password brute force attempts on his network. He enables blocking the intruder's
IP address for a period of 24 hours time after more than three unsuccessful attempts. He is
confident that this rule will secure his network from hackers on the Internet. But he still receives
hundreds of thousands brute-force attempts generated from various IP addresses around the
world. After some investigation he realizes that the intruders are using a proxy somewhere else
on the Internet which has been scripted to enable the random usage of various proxies on each
request so as not to get caught by the firewall rule. Later he adds another rule to his firewall and
enables small sleep on the password attempt so that if the password is incorrect, it would take 45
seconds to return to the user to begin another attempt. Since an intruder may use multiple
machines to brute force the password, he also throttles the number of connections that will be
prepared to accept from a particular IP address. This action will slow the intruder's attempts.
Samuel wants to completely block hackers brute force attempts on his network. What are the
alternatives to defending against possible brute-force password attacks on his site?
A.Enforce a password policy and use account lockouts after three wrong logon attempts even though this
might lock out legit users
B.Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the
intruder so that you can block them at the Firewall manually
C.Enforce complex password policy on your network so that passwords are more difficult to brute force
D.You cannot completely block the intruders attempt if they constantly switch proxies
Correct:D

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.10 Eric notices repeated probes to port 1080. He learns that the protocol being used is designed to
allow a host outside of a firewall to connect transparently and securely through the firewall. He
wonders if his firewall has been breached. What would be your inference?
A.Eric's network has been penetrated by a firewall breach
B.The attacker is using the ICMP protocol to have a covert channel
C.Eric has a Wingate package providing FTP redirection on his network
D.Somebody is using SOCKS on the network to communicate through the firewall
Correct:D

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.11 A client has approached you with a penetration test requirement. They are concerned with the
possibility of external threat, and have invested considerable resources in protecting their
Internet exposure. However, their main concern is the possibility of an employee elevating his/her
privileges and gaining access to information outside of their department. What kind of penetration
test would you recommend that would best address the client's concern?
A.A Grey Hat test
B.A Grey Box test
C.A Black Hat test
D.A White Hat test
E.A Black Box test
F.A White Box test
Correct:B

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.12 Maurine is working as a security consultant for Hinklemeir Associates.She has asked the
Systems Administrator to create a group policy that would not allow null sessions on the network.
The Systems Administrator is fresh out of college and has never heard of null sessions and does
not know what they are used for. Maurine is trying to explain to the Systems Administrator that
hackers will try to create a null session when footprinting the network. Why would an attacker try
to create a null session with a computer on a network?
A.Enumerate users and shares
B.Install a backdoor for later attacks
C.Escalate his/her privileges on the target server
D.To create a user with administrative privileges for later use
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.13 Why is Social Engineering considered attractive by hackers and commonly done by experts in
the field?
A.It is not considered illegal
B.It is done by well-known hackers
C.It is easy and extremely effective to gain information
D.It does not require a computer in order to commit a crime
Correct:C

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.14 Travis works primarily from home as a medical transcriptionist. He just bought a brand new
Dual Core Pentium computer with over 3 GB of RAM. He uses voice recognition software to help
him transfer what he dictates to electronic documents. The voice recognition software is
processor intensive, which is why he bought the new computer. Travis frequently has to get on
the Internet to do research on what he is working on. After about two months of working on his
new computer, he notices that it is not running nearly as fast as it used to. Travis uses antivirus
software, anti-spyware software, and always keeps the computer up-to-date with Microsoft
patches. After another month of working on the computer, Travis' computer is even more
noticeably slow. Every once in awhile, Travis also notices a window or two pop-up on his screen,
but they quickly disappear.He has seen these windows show up, even when he has not been on
the Internet. Travis is really worried about his computer because he spent a lot of money on it, and
he depends on it to work. Travis scans his computer with all kinds of software, and cannot find
anything out of the ordinary. Travis decides to go through Windows Explorer and check out the
file system, folder by folder, to see if there is anything he can find. He spends over four hours
pouring over the files and folders and cannot find anything.But, before he gives up, he notices
that his computer only has about 10 GB of free space available.Since his hard drive is a 200 GB
hard drive, Travis thinks this is very odd. Travis downloads Space Monger and adds up the sizes
for all the folders and files on his computer. According to his calculations, he should have around
150 GB of free space. What is mostly likely the cause of Travis' problems?
A.Travis's computer is infected with stealth kernel level rootkit
B.Travis's computer is infected with Stealth Trojan Virus
C.Travis's computer is infected with Self-Replication Worm that fills the hard disk space
D.Logic Bomb is triggered at random times creating hidden data consuming junk files
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.15 A program that defends against a port scanner will attempt to:
A.Sends back bogus data to the port scanner
B.Log a violation and recommend use of security-auditing tools
C.Limit access by the scanning system to publicly available ports only
D.Update a firewall rule in real time to prevent the port scan from being completed
Correct:D

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.16 Mark works as a contractor for the Department of Defense and is in charge of network security.
He has spent the last month securing access to his network from all possible entry points. He has
segmented his network into several subnets and has installed firewalls all over the network. He
has placed very stringent rules on all the firewalls, blocking everything in and out except ports
that must be used. He does need to have port 80 open since his company hosts a website that
must be accessed from the Internet. Mark is fairly confident of his perimeter defenses, but is still
worried about programs like Hping2 that can get into a network through covert channels. How
should mark protect his network from an attacker using Hping2 to scan his internal network?
A.Block ICMP type 13 messages
B.Block all incoming traffic on port 53
C.Block all outgoing traffic on port 53
D.Use stateful inspection on the firewalls
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.17 Which programming language is NOT vulnerable to buffer overflow attacks?
A.Java
B.ActiveX
C.C++
D.Assembly Language
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.18 What file system vulnerability does the following command take advantage of? type
c:\anyfile.exe > c:\winnt\system32\calc.exe:anyfile.exe
A.HFS
B.ADS
C.NTFS
D.Backdoor access
Correct:B

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.19 Bob is acknowledged as a hacker of repute and is popular among visitors of 'underground' sites.
Bob is willing to share his knowledge to those who are willing to learn, and many have expressed
their interest in learning from him. However, this knowledge has risks associated with it, as the
same knowledge can be used for malevolent attacks as well. In this context, what would be the
most effective method to bridge the knowledge gap between the "black" hats or crackers and the
"white" hats or computer security professionals?
A.Hire more computer security monitoring personnel to monitor computer systems and networks
B.Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards
C.Train more national guard and reservist in the art of computer security to help out in times of emergency
or crises
D.Make obtaining either a computer security certification or accreditation easier to achieve so more
individuals feel that they are a part of something larger than life
Correct:B

EC-COUNCIL examen   EC0-350   certification EC0-350

NO.20 After a client sends a connection request (SYN) packet to the server, the server will respond
(SYN-ACK) with a sequence number of its choosing, which then must be acknowledged (ACK) by
the client. This sequence number is predictable; the attack connects to a service first with its own
IP address, records the sequence number chosen, and then opens a second connection from a
forged IP address. The attack doesn't see the SYN-ACK (or any other packet) from the server, but
can guess the correct responses. If the source IP address is used for authentication, then the
attacker can use the one-sided communication to break into the server. What attacks can you
successfully launch against a server using the above technique?
A.Session Hijacking attacks
B.Denial of Service attacks
C.Web page defacement attacks
D.IP spoofing attacks
Correct:A

EC-COUNCIL examen   EC0-350   certification EC0-350

Le test EC-COUNCIL EC0-350 est bien populaire dans l'Industrie IT. Mais ça coûte beaucoup de temps pour bien préparer le test. Le temps est certainemetn la fortune dans cette société. L'outil de formation offert par Pass4Test ne vous demande que 20 heures pour renforcer les connaissances essentales pour le test EC-COUNCIL EC0-350. Vous aurez une meilleure préparation bien que ce soit la première fois à participer le test.