EC-Council Ethical Hacking and Countermeasures EC0-350 Dumps in PDF

Free EC-Council EC0-350 Real Questions (page: 3)

Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test. While conducting a port scan she notices open ports in the range of 135 to 139. What protocol is most likely to be listening on those ports?

  1. Finger
  2. FTP
  3. Samba
  4. SMB

Answer(s): D

Explanation:

The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT / 2000. In Windows NT it ran on top of NBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NBT. For this they use TCP port 445.



If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

  1. Birthday
  2. Brute force
  3. Man-in-the-middle
  4. Smurf

Answer(s): B

Explanation:

Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.



Doug is conducting a port scan of a target network. He knows that his client target network has a web server and that there is a mail server also which is up and running. Doug has been sweeping the network but has not been able to elicit any response from the remote target. Which of the following could be the most likely cause behind this lack of response? Select 4.

  1. UDP is filtered by a gateway
  2. The packet TTL value is too low and cannot reach the target
  3. The host might be down
  4. The destination network might be down
  5. The TCP windows size does not match
  6. ICMP is filtered by a gateway

Answer(s): A,B,C,F

Explanation:

If the destination host or the destination network is down there is no way to get an answer and if TTL (Time To Live) is set too low the UDP packets will “die” before reaching the host because of too many hops between the scanning computer and the target. The TCP receive window size is the amount of received data (in bytes) that can be buffered during a connection. The sending host can send only that amount of data before it must wait for an acknowledgment and window update from the receiving host and ICMP is mainly used for echo requests and not in port scans.



You are footprinting Acme.com to gather competitive intelligence. You visit the acme.com websire for contact information and telephone number numbers but do not find it listed there. You know that they had the entire staff directory listed on their website 12 months ago but now it is not there. How would it be possible for you to retrieve information from the website that is outdated?

  1. Visit google search engine and view the cached copy.
  2. Visit Archive.org site to retrieve the Internet archive of the acme website.
  3. Crawl the entire website and store them into your computer.
  4. Visit the company’s partners and customers website for this information.

Answer(s): B

Explanation:

The Internet Archive (IA) is a non-profit organization dedicated to maintaining an archive of Web and multimedia resources. Located at the Presidio in San Francisco, California, this archive includes "snapshots of the World Wide Web" (archived copies of pages, taken at various points in time), software, movies, books, and audio recordings (including recordings of live concerts from bands that allow it). This site is found at www.archive.org.



Bob is going to perform an active session hijack against company. He has acquired the target that allows session oriented connections (Telnet) and performs sequence prediction on the target operating system. He manages to find an active session due to the high level of traffic on the network.
So, what is Bob most likely to do next?

  1. Take over the session.
  2. Reverse sequence prediction.
  3. Guess the sequence numbers.
  4. Take one of the parties’ offline.

Answer(s): C



Share your comments for EC-Council EC0-350 exam with other users:

C
CiscoStudent
11/15/2023 5:29:00 AM

in question 272 the right answer states that an autonomous acces point is "configured and managed by the wlc" but this is not what i have learned in my ccna course. is this a mistake? i understand that lightweight aps are managed by wlc while autonomous work as standalones on the wlan.

P
pankaj
9/28/2023 4:36:00 AM

it was helpful

U
User123
10/8/2023 9:59:00 AM

good question

V
vinay
9/4/2023 10:23:00 AM

really nice

U
Usman
8/28/2023 10:07:00 AM

please i need dumps for isc2 cybersecuity

Q
Q44
7/30/2023 11:50:00 AM

ans is coldline i think

A
Anuj
12/21/2023 1:30:00 PM

very helpful

G
Giri
9/13/2023 10:31:00 PM

can you please provide dumps so that it helps me more

A
Aaron
2/8/2023 12:10:00 AM

thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.

S
Sarwar
12/21/2023 4:54:00 PM

how i can see exam questions?

C
Chengchaone
9/11/2023 10:22:00 AM

can you please upload please?

M
Mouli
9/2/2023 7:02:00 AM

question 75: option c is correct answer

J
JugHead
9/27/2023 2:40:00 PM

please add this exam

S
sushant
6/28/2023 4:38:00 AM

please upoad

J
John
8/7/2023 12:09:00 AM

has anyone recently attended safe 6.0 certification? is it the samq question from here.

B
Blessious Phiri
8/14/2023 3:49:00 PM

expository experience

C
concerned citizen
12/29/2023 11:31:00 AM

52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.

D
deedee
12/23/2023 5:10:00 PM

great help!!!

S
Samir
8/1/2023 3:07:00 PM

very useful tools

S
Saeed
11/7/2023 3:14:00 AM

looks a good platform to prepare az-104

M
Matiullah
6/24/2023 7:37:00 AM

want to pass the exam

S
SN
9/5/2023 2:25:00 PM

good resource

Z
Zoubeyr
9/8/2023 5:56:00 AM

question 11 : d

U
User
8/29/2023 3:24:00 AM

only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.

C
CW
7/6/2023 7:37:00 PM

good questions. thanks.

F
Farooqi
11/21/2023 1:37:00 AM

good for practice.

I
Isaac
10/28/2023 2:30:00 PM

great case study

M
Malviya
2/3/2023 9:10:00 AM

the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.

R
rsmyth
5/18/2023 12:44:00 PM

q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk

K
Keny
6/23/2023 9:00:00 PM

thanks, very relevant

M
Muhammad Rawish Siddiqui
11/29/2023 12:14:00 PM

wrong answer. it is true not false.

J
Josh
7/10/2023 1:54:00 PM

please i need the mo-100 questions

V
VINNY
6/2/2023 11:59:00 AM

very good use full

A
Andy
12/6/2023 5:56:00 AM

very valid questions

AI Tutor 👋 I’m here to help!