EC0-350 無料問題集「EC-COUNCIL Ethical hacking and countermeasures」

（A）Hashing is faster compared to more traditional encryption algorithms.

（B）If a user forgets the password, it can be easily retrieved using the hash key stored by administrators.

（C）Passwords stored using hashes are non-reversible, making finding the password much more difficult.

（D）It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.

（A）MS-DOS and PC-DOS operating system utilize a weaknesses that can be compromised and permit them to launch an attack easily.

（B）A server stops accepting connections from certain networks one those network become flooded.

（C）Overloaded buffer systems can easily address error conditions and respond appropriately.

（D）All CLIENT systems have TCP/IP stack implementation weakness that can be compromised and permit them to lunch an attack easily.

（E）Host systems cannot respond to real traffic, if they have an overwhelming number of incomplete connections (SYN/RCVD State).

（A）It is a giveaway by the attacker that he is a script kiddy.

（B）The length of such a buffer overflow exploit makes it prohibitive for user to enter manually.
The second 'sh' automates this function.

（C）The command /bin/sh sh -i appearing in the exploit code is actually part of an inetd configuration file.

（D）It checks for the presence of a codeword (setting the environment variable) among the environment variables.

（A）Eve is trying to escalate privilege of the null user to that of Administrator

（B）Eve is trying to connect as an user with Administrator privileges

（C）Eve is trying to carry out a password crack for user Administrator

（D）Eve is trying to enumerate all users with Administrative privileges

（A）Creates an account with a user name of Anonymous and a password of noone@nowhere.com.

（B）Creates a share called "sasfile" on the target system.

（C）Create a FTP server with write permissions enabled.

（D）Opens up a telnet listener that requires no username or password.

（A）ACK flag scanning

（B）SYN flag scanning

（C）RST flag scanning

（D）FIN flag scanning

（A）SQL Injection

（B）Session Hijacking

（C）Cross Site Scripting

（D）Zone Transfer

（A）Administrative safeguards

（B）Physical security

（C）DMZ

（D）Logical interface

（A）C++

（B）Python

（C）Perl

（D）Java

（A）tcpdump -w ./log

（B）tcpdump -r log

（C）tcpdump -l /var/log/

（D）tcpdump -vde logtcpdump -vde ? log

（A）Use reverse shell using FTP protocol

（B）Use HTTPTunnel or Stunnel on port 80 and 443

（C）Use ClosedVPN

（D）Use Monkey shell

（A）The tester must use the tool inSSIDer to crack it using the ESSID of the network.

（B）The tester must capture the WPA2 authentication handshake and then crack it.

（C）The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

（D）The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

（A）Performing common services for the application process and replacing real applications with fake ones

（B）Replacing patch system calls with its own version that hides the rootkit (attacker's) actions

（C）Attaching itself to the master boot record in a hard drive and changing the machine's boot sequence/options

（D）Defeating the scanner from detecting any code change at the kernel

（A）Database Enumeration

（B）Database Fingerprinting

（C）SQL Fingerprinting

（D）SQL Enumeration

（A）Mandatory Access Control

（B）Authorized Access Control

（C）Role-based Access Control

（D）Discretionary Access Control