220-701
Exhibit

Study the log given in the exhibit,
Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall
rules, which among the following would be appropriate?

A. Disallow UDP 53 in from outside to DNS server
B. Allow UDP 53 in from DNS server to outside
C. Disallow TCP 53 in form secondaries or ISP server to DNS server
D. Block all UDP traffic

——————————————————————————–
QUESTION 2
You are attempting to map out the firewall policy for an organization. You discover your target system is
one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL of the target system
starting at port 1 and going up to port 1024. What is this process known as?

A. Footprinting
B. Firewalking
C. Enumeration
D. Idle scanning

——————————————————————————–
QUESTION 3
Once an intruder has gained access to a remote system with a valid username and password, the attacker
will attempt to increase his privileges by escalating the used account to one that has increased privileges.
such as that of an administrator. What would be the best countermeasure to protect against escalation of
priveges?

A. Give users tokens
B. Give user the least amount of privileges
C. Give users two passwords
D. Give users a strong policy document

——————————————————————————–
QUESTION 4
Which one of the following attacks will pass through a network layer intrusion detection system
undetected?

A. A teardrop attack
B. A SYN flood attack
C. A DNS spoofing attack
D. A test.cgi attack

——————————————————————————–
QUESTION 5
Why would an ethical hacker use the technique of firewalking?

A. It is a technique used to discover wireless network on foot.
B. It is a technique used to map routers on a network link.
C. It is a technique used to discover the nature of rules configured on a gateway.
D. It is a technique used to discover interfaces in promiscuous mode.

——————————————————————————–
QUESTION 6
What makes web application vulnerabilities so aggravating? (Choose two)

A. They can be launched through an authorized port.
B. A firewall will not stop them.
C. They exist only on the Linux platform.
D. They are detectable by most leading antivirus software.

——————————————————————————–
QUESTION 7
An employee wants to defeat detection by a network-based IDS application. He does not want to attack
the system containing the IDS application.
Which of the following strategies can be used to defeat detection by a network-based IDS application?
(Choose the best answer)

A. Create a network tunnel.
B. Create a multiple false positives.
C. Create a SYN flood.
D. Create a ping flood.

——————————————————————————–
QUESTION 8
Carl has successfully compromised a web server from behind a firewall by exploiting a vulnerability in
the web server program. He wants to proceed by installing a backdoor program. However, he is aware
that not all inbound ports on the firewall are in the open state.
From the list given below, identify the port that is most likely to be open and allowed to reach the server
that Carl has just compromised.

A. 53
B. 110
C. 25
D. 69

——————————————————————————–
QUESTION 9
Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained
to Neil that there are a few employees who are visiting offensive web sites during work hours, without
consideration for others. Neil knows that he has an updated content filtering system and that such access
should not be authorized.
What type of technique might be used by these offenders to access the Internet without restriction?

A. They are using UDP which is always authorized at the firewall.
B. They are using tunneling software which allows them to communicate with protocols in a way it was not
intended.
C. They have been able to compromise the firewall, modify the rules, and give themselves proper access.
D. They are using an older version of Internet Explorer that allows them to bypass the proxy server.

——————————————————————————–
QUESTION 10
The programmers on your team are analyzing the free, open source software being used to run FTP
services on a server in your organization. They notice that there is excessive number of functions in the
source code that might lead to buffer overflow. These C++ functions do not check bounds. Identify the
line the source code that might lead to buffer overflow.

A. Line number 31.
B. Line number 15
C. Line number 8
D. Line number 14
QUESTION 1
Doug is conducting a port scan of a target network. He knows that his client target network has a web
server and that there is a mail server also which is up and running. Doug has been sweeping the network
but has not been able to elicit any response from the remote target. Which of the following could be the
most likely cause behind this lack of response? Select 4.

A. UDP is filted by a gateway
B. The packet TTL value is too low and cannot reach the target
C. The host might be down
D. The destination network might be down
E. The TCP windows size does not match
F. ICMP is filtered by a gateway

——————————————————————————–
QUESTION 2
Exhibit

Joe Hacker runs the hping2 hacking tool to predict the target host’s sequence numbers in one of the
hacking session.
What does the first and second column mean? Select two.

A. The first column reports the sequence number
B. The second column reports the difference between the current and last sequence number
C. The second column reports the next sequence number
D. The first column reports the difference between current and last sequence number
——————————————————————————–
QUESTION 3
While performing a ping sweep of a subnet you receive an ICMP reply of Code 3/Type 13 for all the pings
sent out.
What is the most likely cause behind this response?

A. The firewall is dropping the packets.
B. An in-line IDS is dropping the packets.
C. A router is blocking ICMP.
D. The host does not respond to ICMP packets.

——————————————————————————–
QUESTION 4
The following excerpt is taken from a honeyput log. The log captures activities across three days. There
are several intrusion attempts; however, a few are successful. Study the log given below and answer the
following question:
(Note: The objective of this questions is to test whether the student has learnt about passive OS
fingerprinting (which should tell them the OS from log captures): can they tell a SQL injection attack
signature; can they infer if a user ID has been created by an attacker and whether they can read plain
source – destination entries from log entries.)

What can you infer from the above log?

A. The system is a windows system which is being scanned unsuccessfully.
B. The system is a web application server compromised through SQL injection.
C. The system has been compromised and backdoored by the attacker.
D. The actual IP of the successful attacker is 24.9.255.53.
——————————————————————————–
QUESTION 5
Bob has been hired to perform a penetration test on Certkiller .com. He begins by looking at IP address
ranges owned by the company and details of domain name registration. He then goes to News Groups
and financial web sites to see if they are leaking any sensitive information of have any technical details
online.
Within the context of penetration testing methodology, what phase is Bob involved with?

A. Passive information gathering
B. Active information gathering
C. Attack phase
D. Vulnerability Mapping
——————————————————————————–
QUESTION 6
Which of the following would be the best reason for sending a single SMTP message to an address that
does not exist within the target company?

A. To create a denial of service attack.
B. To verify information about the mail administrator and his address.
C. To gather information about internal hosts used in email treatment.
D. To gather information about procedures that are in place to deal with such messages.

——————————————————————————–
QUESTION 7
You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems
and after scanning each of them you notice that they all show port 21 in closed state.
What should be the next logical step that should be performed?

A. Connect to open ports to discover applications.
B. Perform a ping sweep to identify any additional systems that might be up.
C. Perform a SYN scan on port 21 to identify any additional systems that might be up.
D. Rescan every computer to verify the results.

——————————————————————————–
QUESTION 8
Ann would like to perform a reliable scan against a remote target. She is not concerned about being
stealth at this point.
Which of the following type of scans would be the most accurate and reliable option?

A. A half-scan
B. A UDP scan
C. A TCP Connect scan
D. A FIN scan

——————————————————————————–
QUESTION 9
What type of port scan is shown below?

A. Idle Scan
B. Windows Scan
C. XMAS Scan
D. SYN Stealth Scan

——————————————————————————–
QUESTION 10
War dialing is a very old attack and depicted in movies that were made years ago.
Why would a modem security tester consider using such an old technique?

A. It is cool, and if it works in the movies it must work in real life.
B. It allows circumvention of protection mechanisms by being on the internal network.
C. It allows circumvention of the company PBX.
D. A good security tester would not use such a derelict technique.

——————————————————————————–
QUESTION 11
An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to
get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to
the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it
with both nmap and hping2. He is still unable to connect to the target system.
What is the most probable reason?

A. The firewall is blocking port 23 to that system.
B. He cannot spoof his IP and successfully use TCP.
C. He needs to use an automated tool to telnet in.
D. He is attacking an operating system that does not reply to telnet even when open.

——————————————————————————–
QUESTION 12
You are scanning into the target network for the first time. You find very few conventional ports open.
When you attempt to perform traditional service identification by connecting to the open ports, it yields
either unreliable or no results. You are unsure of which protocols are being used. You need to discover as
many different protocols as possible.
Which kind of scan would you use to achieve this? (Choose the best answer)

A. Nessus scan with TCP based pings.
B. Nmap scan with the -sP (Ping scan) switch.
C. Netcat scan with the -u -e switches.
D. Nmap with the -sO (Raw IP packets) switch.

QUESTION 1
Bubba has just accessed he preferred ecommerce web site and has spotted an item that he would like to
buy. Bubba considers the price a bit too steep. He looks at the source code of the webpage and decides to
save the page locally, so that he can modify the page variables. In the context of web application security,
what do you think Bubba has changes?

A. A hidden form field value.
B. A hidden price value.
C. An integer variable.
D. A page cannot be changed locally, as it is served by a web server.

——————————————————————————–
QUESTION 2
You want to carry out session hijacking on a remote server. The server and the client are communicating
via TCP after a successful TCP three way handshake. The server has just received packet #120 from the
client. The client has a receive window of 200 and the server has a receive window of 250.
Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by
the server?

A. 200-250
B. 121-371
C. 120-321
D. 121-231
E. 120-370

——————————————————————————–
QUESTION 3
You have been called to investigate a sudden increase in network traffic at Certkiller . It seems that the
traffic generated was too heavy that normal business functions could no longer be rendered to external
employees and clients. After a quick investigation, you find that the computer has services running
attached to TFN2k and Trinoo software. What do you think was the most likely cause behind this sudden
increase in traffic?

A. A distributed denial of service attack.
B. A network card that was jabbering.
C. A bad route on the firewall.
D. Invalid rules entry at the gateway.

——————————————————————————–
QUESTION 4
SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens
a large number of half-open TCP connections.
The signature for SYN Flood attack is:

A. The source and destination address having the same value.
B. The source and destination port numbers having the same value.
C. A large number of SYN packets appearing on a network without the corresponding reply packets.
D. A large number of SYN packets appearing on a network with the corresponding reply packets.

——————————————————————————–
QUESTION 5
Which definition among those given below best describes a covert channel?

A. A server program using a port that is not well known.
B. Making use of a protocol in a way it is not intended to be used.
C. It is the multiplexing taking place on a communication link.
D. It is one of the weak channels used by WEP which makes it insecure.

——————————————————————————–
QUESTION 6
While probing an organization you discover that they have a wireless network. From your attempts to
connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access
points. What would be the easiest way to circumvent and communicate on the WLAN?

A. Attempt to crack the WEP key using Airsnort.
B. Attempt to brute force the access point and update or delete the MAC ACL.
C. Steel a client computer and use it to access the wireless network.
D. Sniff traffic if the WLAN and spoof your MAC address to one that you captured.

——————————————————————————–
QUESTION 7
Take a look at the following attack on a Web Server using obstructed URL:
http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%6
3%2f%70%61%73%73%77%64
The request is made up of:
%2e%2e%2f%2e%2e%2f%2e%2f% = ../../../
%65%74%63 = etc
%2f = /
%70%61%73%73%77%64 = passwd
How would you protect information systems from these attacks?

A. Configure Web Server to deny requests involving Unicode characters.
B. Create rules in IDS to alert on strange Unicode requests.
C. Use SSL authentication on Web Servers.
D. Enable Active Scripts Detection at the firewall and routers.

——————————————————————————–
QUESTION 8
Which of the following is NOT a valid NetWare access level?

A. Not Logged in
B. Logged in
C. Console Access
D. Administrator

——————————————————————————–
QUESTION 9
While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25.
You would like to block this, though you do not see any evidence of an attack or other wring doing.
However, you are concerned about affecting the normal functionality of the email server. From the
following options choose how best you can achieve this objective?

A. Block port 25 at the firewall.
B. Shut off the SMTP service on the server.
C. Force all connections to use a username and password.
D. Switch from Windows Exchange to UNIX Sendmail.
E. None of the above.

——————————————————————————–
QUESTION 10
Access control is often implemented through the use of MAC address filtering on wireless Access Points.
Why is this considered to be a very limited security measure?

A. Vendors MAC address assignment is published on the Internet.
B. The MAC address is not a real random number.
C. The MAC address is broadcasted and can be captured by a sniffer.
D. The MAC address is used properly only on Macintosh computers.

——————————————————————————–
QUESTION 11
While reviewing the result of scanning run against a target network you come across the following:

Which among the following can be used to get this output?

A. A Bo2k system query.
B. nmap protocol scan
C. A sniffer
D. An SNMP walk

——————————————————————————–
QUESTION 12
In order to attack a wireless network, you put up can access point and override the signal of the real
access point. As users send authentication data, you are able to capture it. What kind of attack is this?

A. Rouge access point attack
B. Unauthorized access point attack
C. War Chalking
D. WEP attack

——————————————————————————–
QUESTION 13
Windows LAN Manager (LM) hashes are known to be weak. Which of the following are known
weaknesses of LM? (Choose three)

A. Converts passwords to uppercase.
B. Hashes are sent in clear text over the network.
C. Makes use of only 32 bit encryption.
D. Effective length is 7 characters.

——————————————————————————–
QUESTION 14
You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost
every query increments the IPID regardless of the port being queried. One or two of the queries cause the
IPID to increment by more than one value. Why do you think this occurs?

A. The zombie you are using is not truly idle.
B. A stateful inspection firewall is resetting your queries.
C. Hping2 cannot be used for idle scanning.
D. These ports are actually open on the target system.

Question: 1
What is the name of the software tool used to crack a single account on Netware Servers using a dictionary attack?

A. NPWCrack
B. NWPCrack
C. NovCrack
D. CrackNov
E. GetCrack

Answer: B

Explanation:
NWPCrack is the software tool used to crack single accounts on Netware servers.

Question: 2
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A. There is no way to tell because a hash cannot be reversed
B. The right most portion of the hash is always the same
C. The hash always starts with AB923D
D. The left most portion of the hash is always the same
E. A portion of the hash will be all 0’s

Answer: B

Explanation:
When loosheets at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long.

Question: 3
Several of your co-workers are having a discussion over the etc/passwd file. They are at odds over what types of encryption are used to secure Linux passwords.(Choose all that apply).

A. Linux passwords can be encrypted with MD5
B. Linux passwords can be encrypted with SHA
C. Linux passwords can be encrypted with DES
D. Linux passwords can be encrypted with Blowfish
E. Linux passwords are encrypted with asymmetric algrothims

Answer: A, C D

Explanation:
Linux passwords can be encrypted with several types of hashing algorithms. These include SHQ, MD5, and Blowfish.

Question: 4
What are the two basic types of attacks?(Choose two.

A. DoS
B. Passive
C. Sniffing
D. Active
E. Cracsheets

Answer: B, D

Explanation:
Passive and active attacks are the two basic types of attacks.

Question: 5
Sniffing is considered an active attack.

A. True
B. False

Answer: B

Explanation:
Sniffing is considered a passive attack.

Question: 6
When discussing passwords, what is considered a brute force attack?

A. You attempt every single possibility until you exhaust all possible combinations or discover the
password
B. You threaten to use the rubber hose on someone unless they reveal their password
C. You load a dictionary of words into your cracsheets program
D. You create hashes of a large number of words and compare it with the encrypted passwords
E. You wait until the password expires

Answer: A

Explanation:
Brute force cracsheets is a time consuming process where you try every possible combination of letters, numbers, and characters until you discover a match.

the PDF:
http://www.4shared.com/file/41869181/d3c06fd5/ceh.html

the VCE:
http://rapidshare.com/files/137060753/ECCouncil.CEHv5.EC0-350-_-312-50.288q.13-08-2008.by.commander.vce

A. Visit google search engine and view the cached copy
B. Crawl the entire website and store them into your computer
C. Visit the company partners and customers website for this information
D. Visit Archive.org web site to retrieve the Internet archive of the company website

Answer: D
You have retrieved the raw hash values from a Windows 2000 Domain Controller. Using social
engineering, you know that they are enforcing strong passwords. You understand that all users
are required to use passwords that are at least 8 characters in length. All passwords must also
use 3 of the 4 following categories: lower case letters, capital letters, numbers and special
characters. With your given knowledge of users, likely user account names and the possibility
that they will choose the easiest passwords possible, what would be the fastest type of password
cracking attack you can run against these hash values to get results?

A. Hybrid Attack
B. Dictionary Attack
C. Encryption Attack
D. Brute Force Attack

Answer: A
You receive an e-mail with the below message:
Hello Steve,
We are having technical difficulty in restoring user database records after the recent blackout.
Your account data is corrupted. Please logon on to SuperEmailServices.com and change your
password.
http://www.superemailservices.com%40c3405906949/support/logon.htm
If you do not reset your password within 7 days, your account will be permanently disabled
locking you out from using our e-mail services.
Sincerely,
Technical Support
SuperEmailServices
From this e-mail you suspect that some hacker sent this message since you have been using
their e-mail services for the last 2 years and they never have sent out an e-mail such as this. You
also observe the URL in the message and want to confirm your suspicion about 3405906949,
which looks like a base10 number.
You enter the following at the Windows 2003 command prompt:
ping 3405906949
You get a response with a valid IP address. What is the obstructed IP address in the e-mail URL?

A. 10.0.3.4
B. 192.34.5.9
C. 199.23.43.4
D. 203.2.4.5

Answer: D

Bob is acknowledged as a hacker of repute and is popular among visitors of ‘underground’ sites.
Bob is willing to share his knowledge to those who are willing to learn, and many have expressed
their interest in learning from him. However, this knowledge has risks associated with it, as the
same knowledge can be used for malevolent attacks as well. In this context, what would be the
most effective method to bridge the knowledge gap between the “black” hats or crackers and the
“white” hats or computer security professionals?

A. Hire more computer security monitoring personnel to monitor computer systems and networks
B. Educate everyone with books, articles and training on risk analysis, vulnerabilities and
safeguards
C. Train more national guard and reservist in the art of computer security to help out in times of
emergency or crises
D. Make obtaining either a computer security certification or accreditation easier to achieve so
more individuals feel that they are a part of something larger than life

Answer: B

Clive is conducting a pen-test and has just port scanned a system on the network. He has
identified the operating system as Linux and been able to elicit responses from ports 23, 25 and
53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as
running DNS service. The client confirms these findings and attests to the current availability of
the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On
typing other commands, he sees only blank spaces or underscores symbols on the screen. What
are you most likely to infer from this?

A. The services are protected by TCP wrappers
B. There is a honeypot running on the scanned machine
C. An attacker has replaced the services with trojaned ones
D. This indicates that the telnet and SMTP server have crashed

Answer: A
SSL has been seen as the solution to a lot of common security problems. Administrator will often
time make use of SSL to encrypt communications from points A to point B. Why do you think this
could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic
between point A and B?

A. SSL is redundant if you already have IDS in place
B. SSL will trigger rules at regular interval and force the administrator to turn them off
C. SSL will mask the content of the packet and Intrusion Detection System are blinded
D. SSL will slow down the IDS while it is breaking the encryption to see the packet content

Answer: C

Clive has been hired to perform a Black-Box test by one of his clients. How much information will
Clive be able to get from the client before commencing his test?

A. Only the IP address range
B. Nothing but corporate name
C. All that is available from the client
D. IP Range, OS, and patches installed

Answer: B

Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234

He is worried about information being sniffed on the network. How would the attacker use netcat
to encrypt the information before transmitting onto the wire?

A. Machine A: netcat -l -p -s password 1234 < testfile
Machine B: netcat 1234
B. Machine A: netcat -l -e magickey -p 1234 < testfile
Machine B: netcat 1234
C. Machine A: netcat -l -p 1234 < testfile -pw password
Machine B: netcat 1234 -pw password
D. Use cryptcat instead of netcat

Answer: D
Jess the hacker runs L0phtCrack’s built-in sniffer utility that grabs SMB password hashes and
stores them for offline cracking. Once cracked, these passwords can provide easy access to
whatever network resources the user account has access to. But Jess is not picking up hashes
from the network. Why?

A. The physical network wire is on fibre optic cable
B. The network protocol is configured to use IPSEC
C. The network protocol is configured to use SMB Signing
D. L0phtCrack SMB sniffing only works through Switches and not Hubs

Answer: C

Jack is conducting a port scan of a target network. He knows that his target network has a web
server and that a mail server is up and running. Jack has been sweeping the network but has not
been able to get any responses from the remote target. Check all of the following that could be a
likely cause of the lack of response?

A. The host might be down
B. UDP is filtered by a gateway
C. ICMP is filtered by a gateway
D. The TCP window size does not match
E. The destination network might be down
F. The packet TTL value is too low and cannot reach the target

Answer: A, C, E, F

You are attempting to map out the firewall policy for an organization. You discover your target
system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL
of the target system starting at port 1 and going up to port 1024. What is this process known as?

A. Firewalking
B. Footprinting
C. Enumeration
D. Idle scanning

Answer: A
Question: 11
How would you prevent session hijacking attacks?

A. Using biometrics access tokens secures sessions against hijacking
B. Using non-Internet protocols like http secures sessions against hijacking
C. Using hardware-based authentication secures sessions against hijacking
D. Using unpredictable sequence numbers secures sessions against hijacking

Answer: D

What does the term ‘Hacktivism’ means?

A. Someone who is hacking for a cause
B. Someone that has an urge to constantly hack
C. Someone who subscribe to hacker’s magazine
D. Someone who has at least 12 years of hacking experience

Answer: A
During the intelligence-gathering phase of a penetration test, you discover a press release by a
security products vendor stating that they have signed a multi-million dollar agreement with the
company you are targeting. The contract was for vulnerability assessment tools and network
based IDS systems.
While researching on that particular brand of IDS you notice that its default installation allows it to
perform sniffing and attack analysis on one NIC and is managed and sends reports via another
NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the
defaults were used, how can you detect these sniffing interfaces?

A. The sniffing interface cannot be detected
B. Send attack traffic and look for it to be dropped by the IDS
C. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses
D. Set your IP to that of the IDS and look for it to begin trying to knock your computer off the
network

Answer: A
Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of
times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP
request packet. The wireless host responds with a stream of responses, all individually encrypted
with different IVs. What is this attack most appropriately called?

A. Spoof attack
B. Replay attack
C. Injection attack
D. Rebound attack

Answer: B
John is discussing security with Jane; she mentioned a few times to John that she suspects an
LKM was installed on her server and this is why it has been acting so erratically lately. LKM
stands for Loadable Kernel Module, what does it mean in the context of Linux Security?

A. Loadable Kernel Modules are a mechanism for adding functionality to a filesystem without
requiring a kernel recompilation
B. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel
without requiring a kernel recompilation
C. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system
kernel without requiring a kernel recompilation
D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system
kernel after it has been recompiled and the system rebooted

Answer: C
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private
investigative agency to go through garbage, recycled paper, and other rubbish at Scamster’s
office site in order to find relevant information. What would you call this kind of activity?

A. Scanning
B. CI Gathering
C. Dumpster Diving
D. Garbage Scooping

Answer: C

Jonathan being a keen administrator has followed all of the best practices he could find on
securing his Windows Server. He renamed the Administrator account to a new name that cannot
be easily guessed but there remain people who attempt to compromise his newly renamed
administrator account. How can a remote attacker decipher the name of the administrator
account if it has been renamed?

A. The attacker guessed the new name
B. The attacker used the user2sid program
C. The attacker used the sid2user program
D. The attacker used NMAP with the V switch

Answer: C

hxxp://rapidshare.com/files/90499411/ec0-3502.73.rar
Also some of guys they like TK… So also i am going to provide you link for latest TK

hxxp://rapidshare.com/files/90501234/EC0-350.zip

It does have 4 part .Each part contains 150 question. Preparing for this exam.. But its too difficult.. But i will clear it soon..Need to spend alot time.

Anyway was looking for this version from last 2 months but finally today got it.

Tell me if you guys like my post

Don’t forget to use [req] or [offer] in the topic title

Hey.. thanks for the post but i think theres a newer version with 900 questions.. the 2.73 only has 600 questions.. if you go to pass4sure website you’ll see it clearly says 900 questions..updated august 2007 ….im also in search for the newer one .. let me know if u get any luck in finding it ! n good luck on your exam

thanks for the share

(chaltikanaamgaadi @ Feb 10 2008, 02:53 AM)
Hi Guys

Finally i got it.. yeah

download it from my directory..

hxxp://rapidshare.com/files/90499411/ec0-3502.73.rar
Also some of guys they like TK… So also i am going to provide you link for latest TK

hxxp://rapidshare.com/files/90501234/EC0-350.zip

It does have 4 part .Each part contains 150 question. Preparing for this exam.. But its too difficult.. But i will clear it soon..Need to spend alot time.

Anyway was looking for this version from last 2 months but finally today got it.

Tell me if you guys like my post

Thanks very much man i was having version 2.29… but with ur gr8 help i found this new version but can u pls help in finding the latest version which is 2.93 which contains 900 Q & A

thankc once again!!!!!!!!god blesh you

Hello Guys, Newest TestInside EC0-350 v3.29.vce for you, 220 Q&A.

Grab it here:

Download:
http://rapidshare.com/files/119539066/TestInside_EC0-350_v3.29.vce.html

http://www.testinside.com/EC0-350.htm

Have fun!

CONAN

(conan69 @ Jun 2 2008, 06:22 PM)
Hello Guys, Newest TestInside EC0-350 v3.29.vce for you, 220 Q&A.

Grab it here:

Download:
http://rapidshare.com/files/119539066/TestInside_EC0-350_v3.29.vce.html

http://www.testinside.com/EC0-350.htm

Have fun!

CONAN

Does you have lastest Pass4sure CEH version 2.93 with 900 Questions?

Thanks

(conifer @ Jun 2 2008, 04:47 PM)
(conan69 @ Jun 2 2008, 06:22 PM)
Hello Guys, Newest TestInside EC0-350 v3.29.vce for you, 220 Q&A.

Grab it here:

Download:
http://rapidshare.com/files/119539066/TestInside_EC0-350_v3.29.vce.html

“ethical hacking and countermeasures”, also known as ec0-350 exam, is a ec-council certification.
Preparing for the ec0-350 exam? Searching ec0-350 Test Questions, ec0-350 Practice Exam, ec0-350 dumps<

Free pass4sure ec0-350 Braindumps Demo Download

The ec0-350 certificates give you possibility to work in any country of the world because they are acknowledged in all countries equally. This pass4sure ec0-350 torrent certificate helps not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of pass4sure ec0-350 training materials market products under different conditions. The majority of companies in the sphere of information technologies require the presence of ec0-350 exam for the work in the company, and that makes obtaining this ec0-350 certificate necessary. Many IT specialists were not able to obtain the ec0-350 certificate from the first attempt, which was the result of poor preparation for the examination, using preparatory ec0-350 study guide of poor quality.

pass4sure ec0-350 Downloadable, Printable Exams (in pass4sure ePad pdf vce format):
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam ec0-350 Preparation Material provides you everything you will need to take a certification examination. Details are researched and produced by Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key.

pass4suredumps.org ec0-350 Preparation from pass4sure include:

ec-council ec0-350 Q & A with Explanations
ec-council ec0-350 Audio Exam
ec-council ec0-350 Preparation Lab
ec-council ec0-350 rapidshare 4shared books

pass4sure ec-council ec0-350 Tutorial, ec0-350 Exam Questions with Answers, ec0-350 Trainings, ec0-350 Online Course and free PDF

Our ec0-350 practice exams and study questions are composed by current and active Information Technology experts, who use their experience in preparing you for your future in IT.

100% Guarantee to Pass Your ec0-350 ExamIf you do not pass the ec0-350 exam (ethical hacking and countermeasures) on your first attempt using our pass4sure testing engine, we will give you a FULL REFUND of your purchasing fee.

Your success in your coming ec0-350 ethical hacking and countermeasures Certification Exams is guaranteed using our ec-council ec0-350 Preparation Lab because our Preparation Labs are always updated in line with the changing ec-council ec0-350 Certification Exam Objectives. You can download our ec-council ec0-350 Preparation Labs anywhere anytime for a fast paced preparation of ec-council ec0-350 Certification Exam. You never have to attend any ec-council ec0-350 Training Class or ec-council ec0-350 Boot camp to pass in ec-council ec0-350 Certification Exam. We offer the latest and most accurate ec-council ec0-350 ethical hacking and countermeasures Preparation Lab with complete coverage of ec-council ec0-350 Exam Objectives and loads of professional experience.

pass4sure ec0-350

Questions and Answers : 900 Q&AsUpdated: February 11th , 2009
http://rapidshare.com/files/215704122/www.pass4sure.cc_p4s_ec0-350_2.73_2.93.zip.html
http://uploading.com/files/AVJ8FDFN/www.pass4sure.cc_p4s_ec0-350_2.73_2.93.zip.html
http://rapidshare.de/files/46448698/www.pass4sure.cc_p4s_ec0-350_2.73_2.93.zip.html
more info:testking ec0-350
more info:pass4sure ec0-350

Practice exams in VCE format:
File Size Date
ECCouncil ActualTests EC0-350 v2008-03-31 458q.vce 816.49 KB 18-Feb-2009
ECCouncil ActualTests EC0-350 v2008-03-31 by CONAN 458q.vce 3.99 MB 04-Jun-2008
ECCouncil TestInside EC0-350 v2008-04-21 by CONAN 220q.vce 10.92 MB 03-Jun-2008
ECCouncil ActualTest EC0-350 v 04 24 06 by SSB.vce 1.28 MB 21-Sep-2006
ECcouncil Actualtests EC0-350 v12.16.05 314q.zip 1.1 MB 26-Jul-2006
http://rapidshare.com/files/215696448/ec-council_ec0-350_vce_version.rar.html
http://rapidshare.de/files/46448289/ec-council_ec0-350_vce_version.rar.html
http://uploading.com/files/Y9O66H9U/ec-council_ec0-350_vce_version.rar.html

What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

A. The ethical hacker does not use the same techniques or skills as a cracker.
B. The ethical hacker does it strictly for financial motives unlike a cracker.
C. The ethical hacker has authorization from the owner of the target.
D. The ethical hacker is just a cracker who is getting paid.

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker
and the motive is to find the security breaches before a cracker does. There is
nothing that says that a cracker does not get paid for the work he does, a ethical
hacker has the owners authorization and will get paid even if he does not succeed to
penetrate the target.
QUESTION 2:

What does the term “Ethical Hacking” mean?

A. Someone who is hacking for ethical reasons.
B. Someone who is using his/her skills for ethical reasons.
C. Someone who is using his/her skills for defensive purposes.
D. Someone who is using his/her skills for offensive purposes.

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer
against malicious persons by using the same techniques and skills.
QUESTION 3:

Who is an Ethical Hacker?

A. A person whohacksfor ethical reasons
B. A person whohacksfor an ethical cause
C. A person whohacksfor defensive purposes
D. A person whohacksfor offensive purposes

Answer: C

Explanation: The Ethical hacker is a security professional who applies his hacking
skills for defensive purposes.

QUESTION 4:

What is “Hacktivism”?

A. Hacking for a cause
B. Hacking ruthlessly
C. An association which groups activists
D. None of the above

Answer: A

Explanation: The term was coined by author/critic Jason Logan Bill Sack in an
article about media artist Shu Lea Cheang. Acts of hacktivism are carried out in the
belief that proper use of code will have leveraged effects similar to regular activism
or civil disobedience.

QUESTION 5:

Where should a security tester be looking for information that could be used by an
attacker against an organization? (Select all that apply)

A. CHAT rooms
B. WHOIS database
C. News groups
D. Web sites
E. Search engines
F. Organization’s own web site

Answer: A, B, C, D, E, F

Explanation: A Security tester should search for information everywhere that
he/she can access. You never know where you find that small piece of information
that could penetrate a strong defense.

QUESTION 7:

You are footprinting Acme.com to gather competitive intelligence. You visit the
acme.com websire for contact information and telephone number numbers but do
not find it listed there. You know that they had the entire staff directory listed on
their website 12 months ago but now it is not there. How would it be possible for you
to retrieve information from the website that is outdated?

A. Visit google search engine and view the cached copy.
B. Visit Archive.org site to retrieve the Internet archive of the acme website.
C. Crawl the entire website and store them into your computer.
D. Visit the company’s partners and customers website for this information.

Answer: B

Explanation: The Internet Archive (
IA) is a non-profit organization dedicated to maintaining an archive of Web and
multimedia resources. Located at the Presidio in San Francisco, California, this
archive includes “snapshots of the World Wide Web” (archived copies of pages,
taken at various points in time), software, movies, books, and audio recordings
(including recordings of live concerts from bands that allow it). This site is found at
www.archive.org.

The actualtest ec-council ec0-350 certificates give you possibility to work in any country of the world because they are acknowledged in all countries equally. This actualtest ec-council ec0-350 torrent certificate helps
not only to improve your knowledge and skills, but it also helps your career, gives a possibility for qualified usage of actualtest ec-council ec0-350 exam products under different conditions. The
majority of companies in the sphere of information technologies require the presence of actualtest ec-council ec0-350 exams for the work in the company, and that makes obtaining this actualtest ec-council ec0-350
certificate necessary. Many IT specialists were not able to obtain the real actualtest ec-council ec0-350 certificate from the first attempt, which was the result of poor preparation for the
examination, using preparatory actualtest ec-council ec0-350 study guide of poor quality.

The leader among the providers of actualtest ec-council ec0-350 preparatory materials is products such as actualtest ec-council ec0-350 vce pdf Braindumps, actualtest ec-council ec0-350 Tutorial, actualtest ec-council ec0-350 Exam Questions with Answers, actualtest ec-council ec0-350
Trainings, actualtest ec-council ec0-350 Test Online Simulations Course and free PDF. It obtained its leadership and trust of the users from the very beginning of its work on the actualtest ec-council ec0-350 training
materials market. All the actualtest ec-council ec0-350 value pack aids have been created by people who are personally familiar with actualtests actualtest ec-council ec0-350 Preparation Labs and who know all the
difficulties and popular mistakes made by those who take a actualtest ec-council ec0-350 . The entire material is logically composed in such a way that everything becomes easy to understand for
anyone. full download Many actualtest ec-council ec0-350 guides include audio and video material. It is really easy to acquire actualtest ec-council ec0-350 exams because of great variety of methods of payment.

pass4sure testking actualtest ec-council ec0-350 rapidshare 4shared links

http://rapidshare.de/files/46447891/www.ec0-350.com_new_actualtest_ceh.rar.html

http://rapidshare.com/files/215688520/www.ec0-350.com_new_actualtest_ceh.rar.html
http://uploading.com/files/NBHQ3LRR/www.ec0-350.com_new_actualtest_ceh.rar.html