Free EC-COUNCIL EC0-350 Exam Dumps Questions & Answers

In the software security development life cyle process, threat modeling occurs in which phase?

• A.  Verification
• B.  Implementation
• C.  Requirements
• D.  Design

The following exploit code is extracted from what kind of attack?

• A.  Cross Site Scripting
• B.  Remote password cracking attack
• C.  Distributed Denial of Service
• D.  Buffer Overflow
• E.  SQL Injection

Bill has successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn an interactive shell and plans to deface the main web page. He first attempts to use the "echo" command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tries to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill's problem?

• A.  The system is a honeypot
• B.  The HTML file has permissions of read only
• C.  There is a problem with the shell and he needs to run the attack again
• D.  You cannot use a buffer overflow to deface a web page

Which of the following represents the initial two commands that an IRC client sends to join an IRC network?

• A.  USER, PASS
• B.  LOGIN, NICK
• C.  USER, NICK
• D.  LOGIN, USER

Vulnerability scanners are automated tools that are used to identify vulnerabilities and misconfigurations of hosts. They also provide information regarding mitigating discovered vulnerabilities.

Which of the following statements is incorrect?

• A.  They can validate compliance with or deviations from the organization's security policy
• B.  Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades
• C.  Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention
• D.  Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.