You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe. What caused this?GET /scripts/root.exe?/c+dirGET /MSADC/root.exe?/c+dirGET /c/winnt/system32/cmd.exe?/c+dirGET /d/winnt/system32/cmd.exe?/c+dirGET /scripts/..%5c../winnt/system32/cmd.exe?/c+dirGET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dirGET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe?/c+dirGET /msadc/..%5c../..%5c../..%5c/..xc1x1c../..xc1x1c../..xc1x1c../winnt/system32/cmd.exe?/c+dirGET /scripts/..xc1x1c../winnt/system32/cmd.exe?/c+dirGET /scripts/..xc0/../winnt/system32/cmd.exe?/c+dirGET /scripts/..xc0xaf../winnt/system32/cmd.exe?/c+dirGET /scripts/..xc1x9c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%35c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%35c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%5c../winnt/system32/cmd.exe?/c+dirGET /scripts/..%2f../winnt/system32/cmd.exe?/c+dir
Answer(s): D
The Nimda worm modifies all web content files it finds. As a result, any user browsing web content on the system, whether via the file system or via a web server, may download a copy of the worm. Some browsers may automatically execute the downloaded copy, thereby, infecting the browsing system. The high scanning rate of the Nimda worm may also cause bandwidth denial-of-service conditions on networks with infected machines and allow intruders the ability to execute arbitrary commands within the Local System security context on machines running the unpatched versions of IIS.
When a malicious hacker identifies a target and wants to eventually compromise this target, what would be among the first steps that he would perform? (Choose the best answer)
Answer(s): C
A hacker always starts with a preparatory phase (Reconnaissance) where he seeks to gather as much information as possible about the target of evaluation prior to launching an attack. The reconnaissance can be either passive or active (or both).
Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?
The lack of centralized key management in itself is not a reason that the WEP encryption is vulnerable, it is the people setting the user shared key that makes it unsecure.
An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application.Which of the following strategies can be used to defeat detection by a network-based IDS application? (Choose the best answer)
Answer(s): A
Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.
Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply.
Answer(s): A,C,D
Linux passwords are enrcypted using MD5, DES, and the NEW addition Blowfish. The default on most linux systems is dependant on the distribution, RedHat uses MD5, while slackware uses DES. The blowfish option is there for those who wish to use it. The encryption algorithm in use can be determined by authconfig on RedHat-based systems, or by reviewing one of two locations, on PAM-based systems (Pluggable Authentication Module) it can be found in /etc/pam.d/, the system-auth file or authconfig files. In other systems it can be found in /etc/security/ directory.
Share your comments for EC-Council EC0-350 exam with other users:
52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
great help!!!
very useful tools
looks a good platform to prepare az-104
want to pass the exam
good resource
question 11 : d
only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
good questions. thanks.
good for practice.
great case study
the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
thanks, very relevant
wrong answer. it is true not false.
please i need the mo-100 questions
very good use full
very valid questions
will these question help me to clear pl-300 exam?
please provide me with these dumps questions. thanks
in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
these questions are not valid , they dont come for the exam now
question looks valid
good for practice
need more q&a to go ahead
question 59 - a newly-created role is not assigned to any user, nor granted to any other role. answer is b https://docs.snowflake.com/en/user-guide/security-access-control-overview
just passed my exam today. i saw all of these questions in my text today. so i can confirm this is a valid dump.
needed dumps
very helpful
will post once the exam is finished
relevant questions
just clear exam on 10/06/2202 dumps is valid all questions are came same in dumps only 2 new questions total 46 questions 1 case study with 5 question no lab/simulation in my exam please check the answers best of luck
q.112 - correct answer is c - the event registry is a module that provides event definitions. answer a - not correct as it is the definition of event log