Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

EC0-350 VCE Exam Download

Page: 13 / 32
Question 52

Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords. Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold's boss this new password policy should not apply to them. To comply with the management's wishes, the IT department creates another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.

Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC's on the original domain and the new domain using Pwdump6.

Harold uses the password cracking software John the Ripper to crack users' passwords to make sure they are strong enough. Harold expects that the users' passwords in the original domain will take much longer to crack than the management's passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords.

Why did the 14 character passwords not take much longer to crack than the 8 character passwords?

Options:

A.

Harold should have used Dumpsec instead of Pwdump6

B.

Harold's dictionary file was not large enough

C.

Harold should use LC4 instead of John the Ripper

D.

LanManger hashes are broken up into two 7 character fields

Question 53

This TCP flag instructs the sending system to transmit all buffered data immediately.

Options:

A.

SYN

B.

RST

C.

PSH

D.

URG

E.

FIN

Question 54

This is an example of whois record.

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

Options:

A.

Search engines like Google, Bing will expose information listed on the WHOIS record

B.

An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record

C.

Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

D.

IRS Agents will use this information to track individuals using the WHOIS record information

Question 55

Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company's intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of "intranet" with part of the URL containing the word "intranet" and the words "human resources" somewhere in the webpage.

What Google search will accomplish this?

Options:

A.

related:intranet allinurl:intranet:"human resources"

B.

cache:"human resources" inurl:intranet(SharePoint)

C.

intitle:intranet inurl:intranet+intext:"human resources"

D.

site:"human resources"+intext:intranet intitle:intranet

Page: 13 / 32
Exam Code: EC0-350
Exam Name: Ethical Hacking and Countermeasures V8
Last Update: Nov 23, 2024
Questions: 878
EC0-350 pdf

EC0-350 PDF

$25.5  $84.99
EC0-350 Engine

EC0-350 Testing Engine

$28.5  $94.99
EC0-350 PDF + Engine

EC0-350 PDF + Testing Engine

$40.5  $134.99