ethical hacking and countermeasures
科目編號 : EC0-350
科目名稱 : ethical hacking and countermeasures
考試費:250美元
題數:125
合格分數:70%
相關:Certified Ethical Hacker
考試合格後,應考者在八個星期內便會收到由EC-Council發出的CEH認證。
EC0-350 考試是EC-COUNCIL公司的 ethical hacking and countermeasures 認證考試官方代號,ethical hacking and countermeasures 認證作為全球IT領域專家 EC-COUNCIL 熱門認證之壹,是許多大中IT企業選擇人才標準的必備條件。
互聯網發展迅速,的確帶給人們很多方便,但同時也隱藏了很多危機。例如早前美國信用吉結算服務公司CardSystems Solutions Inc. 的電腦系統,就遭hacker入侵,超過1,400萬張萬事達吉和2,200萬張VISA吉的資料外泄,當中包括了不少香港客戶,而且更已發生了數宗懷疑有關的信用吉詐騙案,涉及的損失可以達天文數字。EC0-350 考試是为了培訓專門应付hacker的資訊保安專家。
要防止hacker入侵,最有效方法是先了解hacker如何入侵,便可以有效地評估系統的安全程度、找尋系統漏洞及補救辦法。有見及此,美國International Council of E-Commerce Consultants ( EC-Council ) 推出了 EC0-350 考試是專門应付hacker的人才。如果妳有志成爲資訊保安專家,這張認證是壹個不錯的選擇。
下面是由Examsoon認證考試題庫分享的熱門EC-COUNCIL認證考試EC0-350考試考古題:
1. Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?
A. 137 and 139
B. 137 and 443
C. 139 and 443
D. 139 and 445
Answer: D
2. Jess the hacker runs L0phtCrack's built-in sniffer utility that grabs SMB password hashes and stores them for offline cracking. Once cracked, these passwords can provide easy access to whatever network resources the user account has access to. But Jess is not picking up hashes from the network. Why?
A. The physical network wire is on fibre optic cable
B. The network protocol is configured to use IPSEC
C. The network protocol is configured to use SMB Signing
D. L0phtCrack SMB sniffing only works through Switches and not Hubs
Answer: C
3. You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker?
A. 5 minutes
B. 23 days
C. 200 years
D. 16 million years
Answer: A
4. Spears Technology, Inc is a software development company located in Los Angeles, California. They reported a breach in security, stating that its "security defenses has been breached and exploited for 2 weeks by hackers." The hackers had accessed and downloaded 90,000 addresses containing customer credit cards and passwords. Spears Technology found this attack to be so severe that they reported the attack to the FBI for a full investigation. Spears Technology was looking to law enforcement officials to protect their intellectual property. How did this attack occur? The intruder entered through an employees home machine, which was connected to Spears Technologys corporate VPN network. The application called BEAST Trojan was used in the attack to open a "back door" allowing the hackers undetected access. The security breach was discovered when customers complained about the usage of their credit cards without their knowledge. The hackers were traced back to Beijing, China through e-mail address evidence. The credit card information was sent to that same e-mail address. The passwords allowed the hackers to access Spears Technologys network from a remote location, posing as employees. The intent of the attack was to steal the source code for their VOIP system and "hold it hostage" from Spears Technology, in exchange for ransom. The hackers had intended on selling the stolen VOIP software source code to competitors. How would you prevent such attacks from occurring in the future at Spears Technology?
A. Disable VPN access to all your employees from home machines
B. Allow VPN access but replace the standard authentication with biometric authentication
C. Replace the VPN access with dial-up modem access to the companys network
D. Enable 25 character complex password policy for employees to access the VPN network
Answer: A
更多認證考試:
没有评论:
发表评论